Skip to content

Instantly share code, notes, and snippets.

@ashwanth1109

ashwanth1109/gist:ab6843f332cef97940e903f2d3543b8e

Created December 9, 2022 11:01
Show Gist options
  • Save ashwanth1109/ab6843f332cef97940e903f2d3543b8e to your computer and use it in GitHub Desktop.
Save ashwanth1109/ab6843f332cef97940e903f2d3543b8e to your computer and use it in GitHub Desktop.
Download ZIP
TD Response
Raw
gistfile1.txt
name: high_cpu
parameters:
accountId: 6
accountName: GFI-Dev
applianceId: 78d81cf0-36a9-4661-a50c-50a28a377c64
applianceName: Archiver DeployDev 75
title: High CPU Advisory
triageGraph:
context:
description: There is significant increase in the CPU
indicators:
- config:
dashboardId: 8d71a18a-4a72-4295-9730-8b930adad53b
sheetId: 8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a
visualId: 8d71a18a-4a72-4295-9730-8b930adad53b_5607084a-7af6-4eb7-9495-8246e739f6ca
displayByDefault: true
name: CPU over time
parameters:
- name: account_id
value: $accountId
- name: appliance_id
value: $applianceId
postHelpText: Let's evaluate what could be the possible cause for it
preHelpText: There was a significant increase in the CPU
type: DATA_PLOT
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/426f08f32bba4e12a835387c48bb7cee/dashboards/8d71a18a-4a72-4295-9730-8b930adad53b/sheets/8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a/visuals/8d71a18a-4a72-4295-9730-8b930adad53b_5607084a-7af6-4eb7-9495-8246e739f6ca?code=AYABeKoSa3NhJmzd8sMUR6roai4AAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8B99zA69ifmQopxT03hxO77gAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDLzyBXWq_5hc58sAtQIBEIA7-jpmKlIjxg0uJ-vBTX4Bd5KRigmF6CgkAGK7y5FPYmAoZY5qeExo2SIPdzLbOh0fTzr_Z8m9IoK6OoYCAAAAAAwAABAAAAAAAAAAAAAAAAAA95yKCUgaaoLM-zL4F9uTqf____8AAAABAAAAAAAAAAAAAAABAAAAm-h9s74pRIfhNHo4jbh_17Xw-9__mmCCVXpUVYgosAi-Wy5SKXt8E0av6eF7ch9q4hFfPOXM_kwwd_Jc0qNqRn6SQUhGzLitx8mNfhI2cM-lr0BeIBhcpQUsN2WAk4VXSuu5jA5s1s37FpvT8q9gt8gAjd8fJxm4SyCVgQ2vZKdoWCsUnRIGA--fRJRSgsWzGG7LW4B_qwLxaxPDjN7PJQyUIrklVb0_W8AOZA%3D%3D&identityprovider=quicksight&isauthcode=true
label: CPU Utilization
name: cpu_utilization
presentation:
displayVariant: Vertical
investigations:
- description: Is SMTP Connections responsible for it?
indicators:
- config:
dashboardId: 11da2a7a-751d-45ba-99d9-c52f6494f491
sheetId: 11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0
visualId: 11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46
displayByDefault: true
name: SMTP Connections over time
parameters:
- name: account_id
value: $accountId
- name: appliance_id
value: $applianceId
postHelpText: If yes, go check the connection origin
preHelpText: Is there a sudden increase in SMTP Connections?
type: DATA_PLOT
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/37090222f40d489caa8c603f9d77d066/dashboards/11da2a7a-751d-45ba-99d9-c52f6494f491/sheets/11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0/visuals/11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46?code=AYABeCIhRBFw-1uCdVoIR3quAt8AAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8Bt1-Yu8OQ-YrfLG2oL57evQAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDBQxUvH27DAq4lAYRgIBEIA7BbbzVV-VupxY-NBvzHypxciKEO8wdl6gxEbYu0icyhoVyurbbfNXsL1R9ULm5xXfrIg7pNSDz8Ndx14CAAAAAAwAABAAAAAAAAAAAAAAAAAA7LKnhm5XalA2oy98a9NS7v____8AAAABAAAAAAAAAAAAAAABAAAAm1mFrICzY1BrES1svupN_rEXAD9VKFmjspNh2LRoxgTuLYFVBzEzQ7Jt69Uz10rDPxYg102IyOyIaUxqqxH8chzTwoT1Y8oZBsoNuOkRpTeGvZ3ClB9x47XwyS70S5PWRBAq7V-s_qjQoRh66irC8K1OxrSiwWrN6ZxzSCOsK3pXpcLdwwOPjPczkI7l__5l9T5lpNWEZnDFrToL3MPySQE1ibNv8ULiJay-9Q%3D%3D&identityprovider=quicksight&isauthcode=true
investigations:
- description: Which origin ip, domain, country is contributing to most SMTP connections?
indicators:
- actions:
- id: 2
label: Add IP to IP Address Group
name: add_ip_to_ip_address_group
type: APP_MANAGER_URL
url: https://google.com
- id: 1
label: Create Firewall Rule
name: create_firewall_rule
type: APP_MANAGER_URL
url: 'https://ui.appmanager-dev.gfi.com/organization/3/dashboard/5/instances/a0ac95b3-d9c1-4a7a-b464-ae010bd14d16/manage/configuration '
- id: 3
label: Add Country to Geo IP Filtering
name: add_country_to_geo_ip_filtering
type: APP_MANAGER_URL
url: https://google.com
displayByDefault: true
name: Origin IP, Domain, Country of the SMTP Connections
postHelpText: Go block the IP & add the countries to geo ip filtering. After
that see the affected receivers
preHelpText: Which origin ip, domain, country is contributing to most SMTP
connections?
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
investigations:
- description: Which receivers got affected by it?
indicators:
- actions:
- id: 4
label: Create Custom Message Rule
name: create_custom_message_rule
type: APP_MANAGER_URL
url: https://google.com
displayByDefault: true
name: List of receivers getting affected by domains
postHelpText: Create custom message rules for these users
preHelpText: Which users got most affected by it?
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
label: Receivers Affected
name: affected_receivers
presentation:
displayVariant: Vertical
label: Origin of the Connections
name: connection_origin
presentation:
displayVariant: Vertical
label: SMTP Connections
name: smtp_connections
presentation:
displayVariant: Vertical
- description: Is incoming emails responsible for it?
indicators:
- config:
dashboardId: 8d71a18a-4a72-4295-9730-8b930adad53b
sheetId: 8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a
visualId: 8d71a18a-4a72-4295-9730-8b930adad53b_38127ab8-f5b4-4ca8-a16e-28abb4c0dfe2
displayByDefault: true
name: Incoming emails over time
parameters:
- name: account_id
value: $accountId
- name: appliance_id
value: $applianceId
postHelpText: If yes, go check which domain, ip is responsible for it
preHelpText: Is there a sudden increase in incoming emails?
type: DATA_PLOT
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/0e0dc3d9e2014715b4b34edb90785a86/dashboards/8d71a18a-4a72-4295-9730-8b930adad53b/sheets/8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a/visuals/8d71a18a-4a72-4295-9730-8b930adad53b_38127ab8-f5b4-4ca8-a16e-28abb4c0dfe2?code=AYABeGAuxc92cBamcSVtt-Uz6a8AAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8BEwLrw9Db3tdGwjzJTtfjLgAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDB0Ufay6DMkCJqF25AIBEIA7yIpqHM7Ji98vI8W39WIwjOFN9S3LaGmEeuGDzQFfkXsW9tR9FUDodZBtc9DxkTE8gTqSWbJ-di9wKjwCAAAAAAwAABAAAAAAAAAAAAAAAAAAew8LcsEfKEfm2hvvqjyvTv____8AAAABAAAAAAAAAAAAAAABAAAAm3-r7wuMV5PYPCEkI5irbuj5i86bymzCo33jdSom1LPupL37m-zdFJqtLjyy7VyJa-LwWUHxDlGVPuiS6cgwN8cRbxfZcEfeoyRYRuDkcuXNEwabsbTEdJdG3KEFD3OmMv-QMVJ__FQRsbP4TxOm2Q_Bxf1_gkx6zH9PXs4i_3mp9EkQYatZOTCh8rUSax43OWntqYESQA8L53X4j4ZQHqKDnwj3912JP1CQSw%3D%3D&identityprovider=quicksight&isauthcode=true
investigations:
- description: Which sender domain, ip is responsible for it?
indicators:
- actions:
- id: 2
label: Add IP to IP Address Group
name: add_ip_to_ip_address_group
type: APP_MANAGER_URL
url: https://google.com
- id: 1
label: Create Firewall Rule
name: create_firewall_rule
type: APP_MANAGER_URL
url: 'https://ui.appmanager-dev.gfi.com/organization/3/dashboard/5/instances/a0ac95b3-d9c1-4a7a-b464-ae010bd14d16/manage/configuration '
displayByDefault: true
name: Top 10 senders with domains & IP
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
investigations:
- description: Which recipients got affected by it?
indicators:
- actions:
- id: 4
label: Create Custom Message Rule
name: create_custom_message_rule
type: APP_MANAGER_URL
url: https://google.com
displayByDefault: true
name: List of recipients getting affected by domains
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
label: Recipients Affected
name: affected_recipients
presentation:
displayVariant: Vertical
label: Sender Domain IP
name: sender_domain_ip
presentation:
displayVariant: Vertical
label: Incoming Emails
name: incoming_emails
presentation:
displayVariant: Vertical
- description: Is outgoing emails responsible for it?
indicators:
- config:
dashboardId: 11da2a7a-751d-45ba-99d9-c52f6494f491
sheetId: 11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0
visualId: 11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46
displayByDefault: true
name: Outgoing emails over time
parameters:
- name: account_id
value: $accountId
- name: appliance_id
value: $applianceId
postHelpText: If yes, go check which user is responsible for it
preHelpText: Is there a sudden increase in outgoing emails?
type: DATA_PLOT
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/7b640a60fcbe4c68a46be7c4d53de23b/dashboards/11da2a7a-751d-45ba-99d9-c52f6494f491/sheets/11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0/visuals/11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46?code=AYABeBihafIPQpHbAu5B_LYbpGoAAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8B9qAeo6P-jJ1PTl9PyOaKJgAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDJRk1WdUntNsPGG58wIBEIA7slbYkHZsMLtjir3I0w6V_ZTHREDxe7654CosirSEiSA0fP8E8JVGnLRvNw5CCIEwAqT6G4ZTehEPx-sCAAAAAAwAABAAAAAAAAAAAAAAAAAAMYras8-G4wBNX5jDW3jumP____8AAAABAAAAAAAAAAAAAAABAAAAm9Rllm9v3LDWTFXpS6FiqI94aZBXrJ1fekWrifV1TN6su6rhlzlivaAQ3bWEZM1CCp6kXNgdo5UJZIbl13Msm8YRfQZa1OHEFBE5wpa-E-jrPiiu9g-v-CGwjMjkJA16AiBVvkEHWMcH9iUff6fX7f3yGEd9HdyrpbhlLWzpgcrMrk8ZT7MOakORdpHxsymHTDu2qMjT1vBo0fKQwQteql2RSiZ2ifg6ArTorg%3D%3D&identityprovider=quicksight&isauthcode=true
investigations:
- description: Which sender user is responsible for it?
indicators:
- actions:
- id: 5
label: Disable User
name: disable_user
type: APP_MANAGER_URL
url: https://google.com
- id: 1
label: Create Firewall Rule
name: create_firewall_rule
type: APP_MANAGER_URL
url: 'https://ui.appmanager-dev.gfi.com/organization/3/dashboard/5/instances/a0ac95b3-d9c1-4a7a-b464-ae010bd14d16/manage/configuration '
- id: 2
label: Add IP to IP Address Group
name: add_ip_to_ip_address_group
type: APP_MANAGER_URL
url: https://google.com
displayByDefault: true
name: Top 10 senders with connections & 2FA & password policy
postHelpText: Enable 2FA & meet complex requirements for password policy and
renew after atleast 3 months
preHelpText: Are there any users with 2FA disabled or who don't meet complex
requirements for password policy?
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
label: Sender Responsbile
name: responsible_sender
presentation:
displayVariant: Vertical
label: Outgoing Emails
name: outgoing_emails
presentation:
displayVariant: Vertical
- description: Is increase in RAM responsible for it?
indicators:
- config:
dashboardId: 11da2a7a-751d-45ba-99d9-c52f6494f491
sheetId: 11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0
visualId: 11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46
displayByDefault: true
name: RAM over time
parameters:
- name: account_id
value: $accountId
- name: appliance_id
value: $applianceId
postHelpText: If yes, this could be a possible issue. Go investigate further
preHelpText: Is there a sudden increase in RAM?
type: DATA_PLOT
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/6c31804e28424de294de5284b5680f5e/dashboards/11da2a7a-751d-45ba-99d9-c52f6494f491/sheets/11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0/visuals/11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46?code=AYABeFSvkA--1YTQvxsIqisTmJAAAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8BI5eRoOCHZvhx2nWOZ7wtcAAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDOq2KQPmVyVVNMq6fwIBEIA7qkaucsa5nElSt9robe20vh_YIi5zDm39wBsDTa6zqrXHkp5gZjo7fGXINfcradyIOPI_sr6F5lwJhlsCAAAAAAwAABAAAAAAAAAAAAAAAAAANMzt-k47eTv4hC4rijysRv____8AAAABAAAAAAAAAAAAAAABAAAAmxKNs0B4njGsBcO-Mdqjud3iY9Vgw_6vJf5657zUrPWPxX_YOkKYoNu1f1hE1CDNfyc0F5pto83tk5OgrI6c31VOtLmYoK3nHocRSLS0hwdPmnmIujHHmEDRkmy-4It3OD4RBrPvINKMIAYQ5q4k3sfAghqm3RevJDgbmbMHaYP2JQnwuCEdE703NgBrmfgrIRecaainQjlsF-ew8Sn_c5iZ-Dckaj6mtamIuQ%3D%3D&identityprovider=quicksight&isauthcode=true
investigations:
- description: Server Up Time, Total Ram, VM
indicators:
- displayByDefault: true
name: Metadata of the server
postHelpText: ELSE go see the applications installed to see RAM distribution
preHelpText: IF server time < 1 day that means there was an update made recently,
go investigate the updates made
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
investigations:
- description: List of applications installed with their RAM consumption
indicators:
- actions:
- id: 6
label: Uninstall Application
name: uninstall_application
type: APP_MANAGER_URL
url: https://google.com
displayByDefault: true
name: Applications Installed
postHelpText: If yes, uninstall the application
preHelpText: Is there any application that's consuming most of the RAM when
it's not expected to?
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
label: Installed Applications
name: applications_installed
presentation:
displayVariant: Vertical
- description: Different updates made on the server
indicators:
- actions:
- id: 7
label: Open Ticket
name: open_ticket
type: APP_MANAGER_URL
url: https://google.com
displayByDefault: true
name: Version Update Status
postHelpText: If yes, that might be the cause, open a ticket for the new
version ELSE check if OS was updated
preHelpText: Was the version of the kerio connect updated?
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
investigations:
- description: OS updated on the server
indicators:
- actions:
- id: 7
label: Open Ticket
name: open_ticket
type: APP_MANAGER_URL
url: https://google.com
displayByDefault: true
name: Os Version Update
postHelpText: If yes, uninstall the new patches that are deployed
preHelpText: Was the OS updated?
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
label: OS Update
name: os_version_update
presentation:
displayVariant: Vertical
label: Server Updates
name: server_updates
presentation:
displayVariant: Vertical
label: Server Metadata
name: server_metadata
presentation:
displayVariant: Vertical
label: RAM
name: ram
presentation:
displayVariant: Vertical
- description: Is increase in Active Connections responsible for it?
indicators:
- config:
dashboardId: 11da2a7a-751d-45ba-99d9-c52f6494f491
sheetId: 11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0
visualId: 11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46
displayByDefault: true
name: active_connections_over_time
parameters:
- name: account_id
value: $accountId
- name: appliance_id
value: $applianceId
postHelpText: If yes, this could be a possible issue. Go investigate further
preHelpText: Is there a sudden increase in Active Connections?
type: DATA_PLOT
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/6f98f5a7a60c472a869a0e7e11ec9c99/dashboards/11da2a7a-751d-45ba-99d9-c52f6494f491/sheets/11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0/visuals/11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46?code=AYABeNBlHQ2Mp50R98xKcx2BiYwAAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8BK1sicV7uoKn9czI67LTrpAAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDC9puVdFI1vpjpwIegIBEIA77YJERuQ7dWU9BFfPUlu50OUMNtWd6gBA9tk1X56CCThtFmdp9cz_KqphTX6oGT9jU0Hq12lID1e5dIwCAAAAAAwAABAAAAAAAAAAAAAAAAAAS2EE6qvFVdU8_ckexXdVpP____8AAAABAAAAAAAAAAAAAAABAAAAm3E8G6OsfWKxg67Dvnm_VrTEkvy-YEEK2T4mdbj9YhSNT1jFDMoC3TDPpyDS8p1Oz6OctdLNDJixz7s6X2xyeFtf73C9aNehPxLFwqQCtP1uwHR_yYerkKF_IXXKABmDZZN_Cny7NnjstBW5JqdvZFaaoKSPvP17UuNmHImyZPN4gafyKDVsmnfsYMyFtUl8ZoqjWfypvQ5weSk_RMYcO8o-cJe7GjTU0W5psA%3D%3D&identityprovider=quicksight&isauthcode=true
investigations:
- description: How are connections distributed over protocols?
indicators:
- displayByDefault: true
name: Connections per protocol
postHelpText: If yes, go investigate top users with most active connections
under this protocol
preHelpText: Is there a sudden increase in active connections for a given
protocol?
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
investigations:
- description: List of users sorted with active connections per protocol
indicators:
- config:
dashboardId: 11da2a7a-751d-45ba-99d9-c52f6494f491
sheetId: 11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0
visualId: 11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46
displayByDefault: true
name: Users per protocol
postHelpText: Go check source IPs of these users
preHelpText: Who are the top users with most number of connections per protocol?
type: DATA_PLOT
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/0d1ce4beb9c841faaa5be03a55dd34df/dashboards/11da2a7a-751d-45ba-99d9-c52f6494f491/sheets/11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0/visuals/11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46?code=AYABeAMPcPOkMzosySrSQ8r2GHIAAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8BgYnzx_dTPGaVBcFrSQ0AXgAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDEImg-43T8LIQS8l2QIBEIA7hdb-KAxK7VXCmOOm9pwGSgJJnAx684aEXWOlmm01-tPMaAWiMoeTG-Qpk98Ul3ho8fXgOx6Zhrt5f_4CAAAAAAwAABAAAAAAAAAAAAAAAAAAnNl2QEf2Q4k-zQd9wAXf_v____8AAAABAAAAAAAAAAAAAAABAAAAm2-I9z5YsgR4Hu4uo3LRvyOiFTwCdczXVmdPyd4rNGsomM0vfC7jQJkT7iccZa5XH6DOlCqP-FXAqGgjP9itfiFfAnBGcIfn3P7gbBaGCf-dxGlTONHmdTWEL8N7VGjSRt_RqgzmnlYidW-99se3Rss5xAk__ithcM6J1nJzABYVNvDXFk7o6dcVXUOlwIzj7KzHC9eByWL5l7fuxY9xi31Auu-xCtjAUDxFbA%3D%3D&identityprovider=quicksight&isauthcode=true
- actions:
- id: 5
label: Disable User
name: disable_user
type: APP_MANAGER_URL
url: https://google.com
- id: 1
label: Create Firewall Rule
name: create_firewall_rule
type: APP_MANAGER_URL
url: 'https://ui.appmanager-dev.gfi.com/organization/3/dashboard/5/instances/a0ac95b3-d9c1-4a7a-b464-ae010bd14d16/manage/configuration '
- id: 2
label: Add IP to IP Address Group
name: add_ip_to_ip_address_group
type: APP_MANAGER_URL
url: https://google.com
displayByDefault: true
name: IP of users
postHelpText: Block these IPs
preHelpText: What are the source IPs of these users?
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
label: Users per protocol
name: users_per_protocol
presentation:
displayVariant: Vertical
label: Connections per protocol
name: connection_protocol
presentation:
displayVariant: Vertical
- description: How are users distributed over protocols?
indicators:
- actions:
- id: 5
label: Disable User
name: disable_user
type: APP_MANAGER_URL
url: https://google.com
displayByDefault: true
name: Users with connections over multiple protocols
postHelpText: Go check IPs of these users
preHelpText: What users have most number of active connections and with multiple
protocols?
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
- actions:
- id: 1
label: Create Firewall Rule
name: create_firewall_rule
type: APP_MANAGER_URL
url: 'https://ui.appmanager-dev.gfi.com/organization/3/dashboard/5/instances/a0ac95b3-d9c1-4a7a-b464-ae010bd14d16/manage/configuration '
- id: 2
label: Add IP to IP Address Group
name: add_ip_to_ip_address_group
type: APP_MANAGER_URL
url: https://google.com
displayByDefault: true
name: IP of users
postHelpText: Block these IPs
preHelpText: What are the source IPs of these users?
type: DATA_FETCHER
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6
label: Users over protocol
name: user_protocol
presentation:
displayVariant: Vertical
label: Active Connections
name: active_connections
presentation:
displayVariant: Vertical
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment