Created
December 9, 2022 11:01
-
-
Save ashwanth1109/ab6843f332cef97940e903f2d3543b8e to your computer and use it in GitHub Desktop.
TD Response
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: high_cpu | |
parameters: | |
accountId: 6 | |
accountName: GFI-Dev | |
applianceId: 78d81cf0-36a9-4661-a50c-50a28a377c64 | |
applianceName: Archiver DeployDev 75 | |
title: High CPU Advisory | |
triageGraph: | |
context: | |
description: There is significant increase in the CPU | |
indicators: | |
- config: | |
dashboardId: 8d71a18a-4a72-4295-9730-8b930adad53b | |
sheetId: 8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a | |
visualId: 8d71a18a-4a72-4295-9730-8b930adad53b_5607084a-7af6-4eb7-9495-8246e739f6ca | |
displayByDefault: true | |
name: CPU over time | |
parameters: | |
- name: account_id | |
value: $accountId | |
- name: appliance_id | |
value: $applianceId | |
postHelpText: Let's evaluate what could be the possible cause for it | |
preHelpText: There was a significant increase in the CPU | |
type: DATA_PLOT | |
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/426f08f32bba4e12a835387c48bb7cee/dashboards/8d71a18a-4a72-4295-9730-8b930adad53b/sheets/8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a/visuals/8d71a18a-4a72-4295-9730-8b930adad53b_5607084a-7af6-4eb7-9495-8246e739f6ca?code=AYABeKoSa3NhJmzd8sMUR6roai4AAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8B99zA69ifmQopxT03hxO77gAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDLzyBXWq_5hc58sAtQIBEIA7-jpmKlIjxg0uJ-vBTX4Bd5KRigmF6CgkAGK7y5FPYmAoZY5qeExo2SIPdzLbOh0fTzr_Z8m9IoK6OoYCAAAAAAwAABAAAAAAAAAAAAAAAAAA95yKCUgaaoLM-zL4F9uTqf____8AAAABAAAAAAAAAAAAAAABAAAAm-h9s74pRIfhNHo4jbh_17Xw-9__mmCCVXpUVYgosAi-Wy5SKXt8E0av6eF7ch9q4hFfPOXM_kwwd_Jc0qNqRn6SQUhGzLitx8mNfhI2cM-lr0BeIBhcpQUsN2WAk4VXSuu5jA5s1s37FpvT8q9gt8gAjd8fJxm4SyCVgQ2vZKdoWCsUnRIGA--fRJRSgsWzGG7LW4B_qwLxaxPDjN7PJQyUIrklVb0_W8AOZA%3D%3D&identityprovider=quicksight&isauthcode=true | |
label: CPU Utilization | |
name: cpu_utilization | |
presentation: | |
displayVariant: Vertical | |
investigations: | |
- description: Is SMTP Connections responsible for it? | |
indicators: | |
- config: | |
dashboardId: 11da2a7a-751d-45ba-99d9-c52f6494f491 | |
sheetId: 11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0 | |
visualId: 11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46 | |
displayByDefault: true | |
name: SMTP Connections over time | |
parameters: | |
- name: account_id | |
value: $accountId | |
- name: appliance_id | |
value: $applianceId | |
postHelpText: If yes, go check the connection origin | |
preHelpText: Is there a sudden increase in SMTP Connections? | |
type: DATA_PLOT | |
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/37090222f40d489caa8c603f9d77d066/dashboards/11da2a7a-751d-45ba-99d9-c52f6494f491/sheets/11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0/visuals/11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46?code=AYABeCIhRBFw-1uCdVoIR3quAt8AAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8Bt1-Yu8OQ-YrfLG2oL57evQAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDBQxUvH27DAq4lAYRgIBEIA7BbbzVV-VupxY-NBvzHypxciKEO8wdl6gxEbYu0icyhoVyurbbfNXsL1R9ULm5xXfrIg7pNSDz8Ndx14CAAAAAAwAABAAAAAAAAAAAAAAAAAA7LKnhm5XalA2oy98a9NS7v____8AAAABAAAAAAAAAAAAAAABAAAAm1mFrICzY1BrES1svupN_rEXAD9VKFmjspNh2LRoxgTuLYFVBzEzQ7Jt69Uz10rDPxYg102IyOyIaUxqqxH8chzTwoT1Y8oZBsoNuOkRpTeGvZ3ClB9x47XwyS70S5PWRBAq7V-s_qjQoRh66irC8K1OxrSiwWrN6ZxzSCOsK3pXpcLdwwOPjPczkI7l__5l9T5lpNWEZnDFrToL3MPySQE1ibNv8ULiJay-9Q%3D%3D&identityprovider=quicksight&isauthcode=true | |
investigations: | |
- description: Which origin ip, domain, country is contributing to most SMTP connections? | |
indicators: | |
- actions: | |
- id: 2 | |
label: Add IP to IP Address Group | |
name: add_ip_to_ip_address_group | |
type: APP_MANAGER_URL | |
url: https://google.com | |
- id: 1 | |
label: Create Firewall Rule | |
name: create_firewall_rule | |
type: APP_MANAGER_URL | |
url: 'https://ui.appmanager-dev.gfi.com/organization/3/dashboard/5/instances/a0ac95b3-d9c1-4a7a-b464-ae010bd14d16/manage/configuration ' | |
- id: 3 | |
label: Add Country to Geo IP Filtering | |
name: add_country_to_geo_ip_filtering | |
type: APP_MANAGER_URL | |
url: https://google.com | |
displayByDefault: true | |
name: Origin IP, Domain, Country of the SMTP Connections | |
postHelpText: Go block the IP & add the countries to geo ip filtering. After | |
that see the affected receivers | |
preHelpText: Which origin ip, domain, country is contributing to most SMTP | |
connections? | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
investigations: | |
- description: Which receivers got affected by it? | |
indicators: | |
- actions: | |
- id: 4 | |
label: Create Custom Message Rule | |
name: create_custom_message_rule | |
type: APP_MANAGER_URL | |
url: https://google.com | |
displayByDefault: true | |
name: List of receivers getting affected by domains | |
postHelpText: Create custom message rules for these users | |
preHelpText: Which users got most affected by it? | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
label: Receivers Affected | |
name: affected_receivers | |
presentation: | |
displayVariant: Vertical | |
label: Origin of the Connections | |
name: connection_origin | |
presentation: | |
displayVariant: Vertical | |
label: SMTP Connections | |
name: smtp_connections | |
presentation: | |
displayVariant: Vertical | |
- description: Is incoming emails responsible for it? | |
indicators: | |
- config: | |
dashboardId: 8d71a18a-4a72-4295-9730-8b930adad53b | |
sheetId: 8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a | |
visualId: 8d71a18a-4a72-4295-9730-8b930adad53b_38127ab8-f5b4-4ca8-a16e-28abb4c0dfe2 | |
displayByDefault: true | |
name: Incoming emails over time | |
parameters: | |
- name: account_id | |
value: $accountId | |
- name: appliance_id | |
value: $applianceId | |
postHelpText: If yes, go check which domain, ip is responsible for it | |
preHelpText: Is there a sudden increase in incoming emails? | |
type: DATA_PLOT | |
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/0e0dc3d9e2014715b4b34edb90785a86/dashboards/8d71a18a-4a72-4295-9730-8b930adad53b/sheets/8d71a18a-4a72-4295-9730-8b930adad53b_7d4ccc9a-3fb1-4b2b-a24d-124adc3fa87a/visuals/8d71a18a-4a72-4295-9730-8b930adad53b_38127ab8-f5b4-4ca8-a16e-28abb4c0dfe2?code=AYABeGAuxc92cBamcSVtt-Uz6a8AAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8BEwLrw9Db3tdGwjzJTtfjLgAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDB0Ufay6DMkCJqF25AIBEIA7yIpqHM7Ji98vI8W39WIwjOFN9S3LaGmEeuGDzQFfkXsW9tR9FUDodZBtc9DxkTE8gTqSWbJ-di9wKjwCAAAAAAwAABAAAAAAAAAAAAAAAAAAew8LcsEfKEfm2hvvqjyvTv____8AAAABAAAAAAAAAAAAAAABAAAAm3-r7wuMV5PYPCEkI5irbuj5i86bymzCo33jdSom1LPupL37m-zdFJqtLjyy7VyJa-LwWUHxDlGVPuiS6cgwN8cRbxfZcEfeoyRYRuDkcuXNEwabsbTEdJdG3KEFD3OmMv-QMVJ__FQRsbP4TxOm2Q_Bxf1_gkx6zH9PXs4i_3mp9EkQYatZOTCh8rUSax43OWntqYESQA8L53X4j4ZQHqKDnwj3912JP1CQSw%3D%3D&identityprovider=quicksight&isauthcode=true | |
investigations: | |
- description: Which sender domain, ip is responsible for it? | |
indicators: | |
- actions: | |
- id: 2 | |
label: Add IP to IP Address Group | |
name: add_ip_to_ip_address_group | |
type: APP_MANAGER_URL | |
url: https://google.com | |
- id: 1 | |
label: Create Firewall Rule | |
name: create_firewall_rule | |
type: APP_MANAGER_URL | |
url: 'https://ui.appmanager-dev.gfi.com/organization/3/dashboard/5/instances/a0ac95b3-d9c1-4a7a-b464-ae010bd14d16/manage/configuration ' | |
displayByDefault: true | |
name: Top 10 senders with domains & IP | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
investigations: | |
- description: Which recipients got affected by it? | |
indicators: | |
- actions: | |
- id: 4 | |
label: Create Custom Message Rule | |
name: create_custom_message_rule | |
type: APP_MANAGER_URL | |
url: https://google.com | |
displayByDefault: true | |
name: List of recipients getting affected by domains | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
label: Recipients Affected | |
name: affected_recipients | |
presentation: | |
displayVariant: Vertical | |
label: Sender Domain IP | |
name: sender_domain_ip | |
presentation: | |
displayVariant: Vertical | |
label: Incoming Emails | |
name: incoming_emails | |
presentation: | |
displayVariant: Vertical | |
- description: Is outgoing emails responsible for it? | |
indicators: | |
- config: | |
dashboardId: 11da2a7a-751d-45ba-99d9-c52f6494f491 | |
sheetId: 11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0 | |
visualId: 11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46 | |
displayByDefault: true | |
name: Outgoing emails over time | |
parameters: | |
- name: account_id | |
value: $accountId | |
- name: appliance_id | |
value: $applianceId | |
postHelpText: If yes, go check which user is responsible for it | |
preHelpText: Is there a sudden increase in outgoing emails? | |
type: DATA_PLOT | |
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/7b640a60fcbe4c68a46be7c4d53de23b/dashboards/11da2a7a-751d-45ba-99d9-c52f6494f491/sheets/11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0/visuals/11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46?code=AYABeBihafIPQpHbAu5B_LYbpGoAAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8B9qAeo6P-jJ1PTl9PyOaKJgAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDJRk1WdUntNsPGG58wIBEIA7slbYkHZsMLtjir3I0w6V_ZTHREDxe7654CosirSEiSA0fP8E8JVGnLRvNw5CCIEwAqT6G4ZTehEPx-sCAAAAAAwAABAAAAAAAAAAAAAAAAAAMYras8-G4wBNX5jDW3jumP____8AAAABAAAAAAAAAAAAAAABAAAAm9Rllm9v3LDWTFXpS6FiqI94aZBXrJ1fekWrifV1TN6su6rhlzlivaAQ3bWEZM1CCp6kXNgdo5UJZIbl13Msm8YRfQZa1OHEFBE5wpa-E-jrPiiu9g-v-CGwjMjkJA16AiBVvkEHWMcH9iUff6fX7f3yGEd9HdyrpbhlLWzpgcrMrk8ZT7MOakORdpHxsymHTDu2qMjT1vBo0fKQwQteql2RSiZ2ifg6ArTorg%3D%3D&identityprovider=quicksight&isauthcode=true | |
investigations: | |
- description: Which sender user is responsible for it? | |
indicators: | |
- actions: | |
- id: 5 | |
label: Disable User | |
name: disable_user | |
type: APP_MANAGER_URL | |
url: https://google.com | |
- id: 1 | |
label: Create Firewall Rule | |
name: create_firewall_rule | |
type: APP_MANAGER_URL | |
url: 'https://ui.appmanager-dev.gfi.com/organization/3/dashboard/5/instances/a0ac95b3-d9c1-4a7a-b464-ae010bd14d16/manage/configuration ' | |
- id: 2 | |
label: Add IP to IP Address Group | |
name: add_ip_to_ip_address_group | |
type: APP_MANAGER_URL | |
url: https://google.com | |
displayByDefault: true | |
name: Top 10 senders with connections & 2FA & password policy | |
postHelpText: Enable 2FA & meet complex requirements for password policy and | |
renew after atleast 3 months | |
preHelpText: Are there any users with 2FA disabled or who don't meet complex | |
requirements for password policy? | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
label: Sender Responsbile | |
name: responsible_sender | |
presentation: | |
displayVariant: Vertical | |
label: Outgoing Emails | |
name: outgoing_emails | |
presentation: | |
displayVariant: Vertical | |
- description: Is increase in RAM responsible for it? | |
indicators: | |
- config: | |
dashboardId: 11da2a7a-751d-45ba-99d9-c52f6494f491 | |
sheetId: 11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0 | |
visualId: 11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46 | |
displayByDefault: true | |
name: RAM over time | |
parameters: | |
- name: account_id | |
value: $accountId | |
- name: appliance_id | |
value: $applianceId | |
postHelpText: If yes, this could be a possible issue. Go investigate further | |
preHelpText: Is there a sudden increase in RAM? | |
type: DATA_PLOT | |
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/6c31804e28424de294de5284b5680f5e/dashboards/11da2a7a-751d-45ba-99d9-c52f6494f491/sheets/11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0/visuals/11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46?code=AYABeFSvkA--1YTQvxsIqisTmJAAAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8BI5eRoOCHZvhx2nWOZ7wtcAAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDOq2KQPmVyVVNMq6fwIBEIA7qkaucsa5nElSt9robe20vh_YIi5zDm39wBsDTa6zqrXHkp5gZjo7fGXINfcradyIOPI_sr6F5lwJhlsCAAAAAAwAABAAAAAAAAAAAAAAAAAANMzt-k47eTv4hC4rijysRv____8AAAABAAAAAAAAAAAAAAABAAAAmxKNs0B4njGsBcO-Mdqjud3iY9Vgw_6vJf5657zUrPWPxX_YOkKYoNu1f1hE1CDNfyc0F5pto83tk5OgrI6c31VOtLmYoK3nHocRSLS0hwdPmnmIujHHmEDRkmy-4It3OD4RBrPvINKMIAYQ5q4k3sfAghqm3RevJDgbmbMHaYP2JQnwuCEdE703NgBrmfgrIRecaainQjlsF-ew8Sn_c5iZ-Dckaj6mtamIuQ%3D%3D&identityprovider=quicksight&isauthcode=true | |
investigations: | |
- description: Server Up Time, Total Ram, VM | |
indicators: | |
- displayByDefault: true | |
name: Metadata of the server | |
postHelpText: ELSE go see the applications installed to see RAM distribution | |
preHelpText: IF server time < 1 day that means there was an update made recently, | |
go investigate the updates made | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
investigations: | |
- description: List of applications installed with their RAM consumption | |
indicators: | |
- actions: | |
- id: 6 | |
label: Uninstall Application | |
name: uninstall_application | |
type: APP_MANAGER_URL | |
url: https://google.com | |
displayByDefault: true | |
name: Applications Installed | |
postHelpText: If yes, uninstall the application | |
preHelpText: Is there any application that's consuming most of the RAM when | |
it's not expected to? | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
label: Installed Applications | |
name: applications_installed | |
presentation: | |
displayVariant: Vertical | |
- description: Different updates made on the server | |
indicators: | |
- actions: | |
- id: 7 | |
label: Open Ticket | |
name: open_ticket | |
type: APP_MANAGER_URL | |
url: https://google.com | |
displayByDefault: true | |
name: Version Update Status | |
postHelpText: If yes, that might be the cause, open a ticket for the new | |
version ELSE check if OS was updated | |
preHelpText: Was the version of the kerio connect updated? | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
investigations: | |
- description: OS updated on the server | |
indicators: | |
- actions: | |
- id: 7 | |
label: Open Ticket | |
name: open_ticket | |
type: APP_MANAGER_URL | |
url: https://google.com | |
displayByDefault: true | |
name: Os Version Update | |
postHelpText: If yes, uninstall the new patches that are deployed | |
preHelpText: Was the OS updated? | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
label: OS Update | |
name: os_version_update | |
presentation: | |
displayVariant: Vertical | |
label: Server Updates | |
name: server_updates | |
presentation: | |
displayVariant: Vertical | |
label: Server Metadata | |
name: server_metadata | |
presentation: | |
displayVariant: Vertical | |
label: RAM | |
name: ram | |
presentation: | |
displayVariant: Vertical | |
- description: Is increase in Active Connections responsible for it? | |
indicators: | |
- config: | |
dashboardId: 11da2a7a-751d-45ba-99d9-c52f6494f491 | |
sheetId: 11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0 | |
visualId: 11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46 | |
displayByDefault: true | |
name: active_connections_over_time | |
parameters: | |
- name: account_id | |
value: $accountId | |
- name: appliance_id | |
value: $applianceId | |
postHelpText: If yes, this could be a possible issue. Go investigate further | |
preHelpText: Is there a sudden increase in Active Connections? | |
type: DATA_PLOT | |
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/6f98f5a7a60c472a869a0e7e11ec9c99/dashboards/11da2a7a-751d-45ba-99d9-c52f6494f491/sheets/11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0/visuals/11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46?code=AYABeNBlHQ2Mp50R98xKcx2BiYwAAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8BK1sicV7uoKn9czI67LTrpAAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDC9puVdFI1vpjpwIegIBEIA77YJERuQ7dWU9BFfPUlu50OUMNtWd6gBA9tk1X56CCThtFmdp9cz_KqphTX6oGT9jU0Hq12lID1e5dIwCAAAAAAwAABAAAAAAAAAAAAAAAAAAS2EE6qvFVdU8_ckexXdVpP____8AAAABAAAAAAAAAAAAAAABAAAAm3E8G6OsfWKxg67Dvnm_VrTEkvy-YEEK2T4mdbj9YhSNT1jFDMoC3TDPpyDS8p1Oz6OctdLNDJixz7s6X2xyeFtf73C9aNehPxLFwqQCtP1uwHR_yYerkKF_IXXKABmDZZN_Cny7NnjstBW5JqdvZFaaoKSPvP17UuNmHImyZPN4gafyKDVsmnfsYMyFtUl8ZoqjWfypvQ5weSk_RMYcO8o-cJe7GjTU0W5psA%3D%3D&identityprovider=quicksight&isauthcode=true | |
investigations: | |
- description: How are connections distributed over protocols? | |
indicators: | |
- displayByDefault: true | |
name: Connections per protocol | |
postHelpText: If yes, go investigate top users with most active connections | |
under this protocol | |
preHelpText: Is there a sudden increase in active connections for a given | |
protocol? | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
investigations: | |
- description: List of users sorted with active connections per protocol | |
indicators: | |
- config: | |
dashboardId: 11da2a7a-751d-45ba-99d9-c52f6494f491 | |
sheetId: 11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0 | |
visualId: 11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46 | |
displayByDefault: true | |
name: Users per protocol | |
postHelpText: Go check source IPs of these users | |
preHelpText: Who are the top users with most number of connections per protocol? | |
type: DATA_PLOT | |
visualizationURL: https://us-east-1.quicksight.aws.amazon.com/embed/0d1ce4beb9c841faaa5be03a55dd34df/dashboards/11da2a7a-751d-45ba-99d9-c52f6494f491/sheets/11da2a7a-751d-45ba-99d9-c52f6494f491_155c32d8-ae27-46af-abe9-4bb57bf884a0/visuals/11da2a7a-751d-45ba-99d9-c52f6494f491_7adf092c-1733-4609-9d6f-29ef00055c46?code=AYABeAMPcPOkMzosySrSQ8r2GHIAAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6MjU5NDgwNDYyMTMyOmtleS81NGYwMjdiYy03MDJhLTQxY2YtYmViNS0xNDViOTExNzFkYzMAuAECAQB4Q4pdZrmYHprS_1qu_Ad4K1Kwv7kyEcenFNvHMd9HVw8BgYnzx_dTPGaVBcFrSQ0AXgAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDEImg-43T8LIQS8l2QIBEIA7hdb-KAxK7VXCmOOm9pwGSgJJnAx684aEXWOlmm01-tPMaAWiMoeTG-Qpk98Ul3ho8fXgOx6Zhrt5f_4CAAAAAAwAABAAAAAAAAAAAAAAAAAAnNl2QEf2Q4k-zQd9wAXf_v____8AAAABAAAAAAAAAAAAAAABAAAAm2-I9z5YsgR4Hu4uo3LRvyOiFTwCdczXVmdPyd4rNGsomM0vfC7jQJkT7iccZa5XH6DOlCqP-FXAqGgjP9itfiFfAnBGcIfn3P7gbBaGCf-dxGlTONHmdTWEL8N7VGjSRt_RqgzmnlYidW-99se3Rss5xAk__ithcM6J1nJzABYVNvDXFk7o6dcVXUOlwIzj7KzHC9eByWL5l7fuxY9xi31Auu-xCtjAUDxFbA%3D%3D&identityprovider=quicksight&isauthcode=true | |
- actions: | |
- id: 5 | |
label: Disable User | |
name: disable_user | |
type: APP_MANAGER_URL | |
url: https://google.com | |
- id: 1 | |
label: Create Firewall Rule | |
name: create_firewall_rule | |
type: APP_MANAGER_URL | |
url: 'https://ui.appmanager-dev.gfi.com/organization/3/dashboard/5/instances/a0ac95b3-d9c1-4a7a-b464-ae010bd14d16/manage/configuration ' | |
- id: 2 | |
label: Add IP to IP Address Group | |
name: add_ip_to_ip_address_group | |
type: APP_MANAGER_URL | |
url: https://google.com | |
displayByDefault: true | |
name: IP of users | |
postHelpText: Block these IPs | |
preHelpText: What are the source IPs of these users? | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
label: Users per protocol | |
name: users_per_protocol | |
presentation: | |
displayVariant: Vertical | |
label: Connections per protocol | |
name: connection_protocol | |
presentation: | |
displayVariant: Vertical | |
- description: How are users distributed over protocols? | |
indicators: | |
- actions: | |
- id: 5 | |
label: Disable User | |
name: disable_user | |
type: APP_MANAGER_URL | |
url: https://google.com | |
displayByDefault: true | |
name: Users with connections over multiple protocols | |
postHelpText: Go check IPs of these users | |
preHelpText: What users have most number of active connections and with multiple | |
protocols? | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
- actions: | |
- id: 1 | |
label: Create Firewall Rule | |
name: create_firewall_rule | |
type: APP_MANAGER_URL | |
url: 'https://ui.appmanager-dev.gfi.com/organization/3/dashboard/5/instances/a0ac95b3-d9c1-4a7a-b464-ae010bd14d16/manage/configuration ' | |
- id: 2 | |
label: Add IP to IP Address Group | |
name: add_ip_to_ip_address_group | |
type: APP_MANAGER_URL | |
url: https://google.com | |
displayByDefault: true | |
name: IP of users | |
postHelpText: Block these IPs | |
preHelpText: What are the source IPs of these users? | |
type: DATA_FETCHER | |
visualizationURL: https://grafana.gfi.devfactory.com/d-solo/gwOB4uF4k/control-data-fetcher?orgId=1&from=1670471939357&to=1670493539357&theme=light&panelId=6 | |
label: Users over protocol | |
name: user_protocol | |
presentation: | |
displayVariant: Vertical | |
label: Active Connections | |
name: active_connections | |
presentation: | |
displayVariant: Vertical |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment