From 8250f995a6c01df97047c9496a71f9a79c46e2ca Mon Sep 17 00:00:00 2001 From: Nikita Korolev Date: Wed, 30 Jul 2025 19:45:01 +0300 Subject: [PATCH 1/2] chore(observability): virtualization audit dashboard Signed-off-by: Nikita Korolev --- monitoring/grafana-dashboards/virt-audit.json | 1133 +++++++++++++++++ 1 file changed, 1133 insertions(+) create mode 100644 monitoring/grafana-dashboards/virt-audit.json diff --git a/monitoring/grafana-dashboards/virt-audit.json b/monitoring/grafana-dashboards/virt-audit.json new file mode 100644 index 0000000000..aa13a683f3 --- /dev/null +++ b/monitoring/grafana-dashboards/virt-audit.json @@ -0,0 +1,1133 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 47, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 10, + "panels": [], + "title": "Graphs", + "type": "row" + }, + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 1 + }, + "id": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "editorMode": "code", + "expr": "sum by (request_subject) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json [$__auto]))", + "legendFormat": "{{request_subject}}", + "queryType": "range", + "refId": "A" + } + ], + "title": "User Accounts activity", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "d8-loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "green", + "mode": "fixed" + }, + "displayName": "${__field.labels.X}", + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "orange", + "value": 70 + }, + { + "color": "red", + "value": 85 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 10, + "x": 0, + "y": 9 + }, + "id": 5, + "options": { + "displayMode": "basic", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.19", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "editorMode": "code", + "expr": "sum by (level) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json [$__auto]))", + "legendFormat": "{{level}}", + "queryType": "range", + "refId": "A" + } + ], + "title": "Event level count", + "type": "bargauge" + }, + { + "datasource": { + "type": "loki", + "uid": "d8-loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "green", + "mode": "fixed" + }, + "displayName": "${__field.labels.X}", + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 14, + "x": 10, + "y": 9 + }, + "id": 4, + "options": { + "displayMode": "basic", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "count" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.19", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "editorMode": "code", + "expr": "sum by (type) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json [$__auto]))", + "legendFormat": "{{type}}", + "queryType": "range", + "refId": "A" + } + ], + "title": "Event type count", + "type": "bargauge" + }, + { + "datasource": { + "type": "loki", + "uid": "d8-loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + }, + "displayName": "${__field.labels.X}", + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 11, + "x": 0, + "y": 13 + }, + "id": 1, + "options": { + "displayMode": "basic", + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "count" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "10.4.19", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "editorMode": "code", + "expr": "sum by (action_type) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | operation_result=\"allow\" [$__auto]))", + "legendFormat": "{{action_type}}", + "queryType": "range", + "refId": "A" + } + ], + "title": "Event actions with operation allow count", + "transformations": [ + { + "id": "extractFields", + "options": { + "format": "json", + "jsonPaths": [], + "keepTime": true, + "replace": true, + "source": "Line" + } + } + ], + "type": "bargauge" + }, + { + "datasource": { + "type": "loki", + "uid": "d8-loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "fieldMinMax": false, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 13, + "x": 11, + "y": 13 + }, + "id": 7, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true, + "values": [] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "editorMode": "code", + "expr": "sum by (action_type) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | operation_result=\"deny\" [$__auto]))", + "legendFormat": "{{action_type}}", + "queryType": "range", + "refId": "A" + } + ], + "title": "Event actions with operation deny count", + "type": "piechart" + }, + { + "datasource": { + "type": "loki", + "uid": "d8-loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 21 + }, + "id": 6, + "options": { + "legend": { + "calcs": [ + "count" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "editorMode": "code", + "expr": "sum by (name) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | type=\"Manage VM\" [$__auto]))", + "legendFormat": "{{name}}", + "queryType": "range", + "refId": "A", + "step": "" + } + ], + "title": "Manage VM events count", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 11, + "panels": [], + "title": "logs", + "type": "row" + }, + { + "datasource": { + "type": "loki", + "uid": "d8-loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 30 + }, + "id": 8, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.4.19", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "editorMode": "code", + "expr": "{namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | type=~\"Access to VM|Control VM|Manage VM\"", + "queryType": "range", + "refId": "A" + } + ], + "title": "Virtual machine events ", + "transformations": [ + { + "id": "extractFields", + "options": { + "format": "json", + "replace": true, + "source": "Line" + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "loki", + "uid": "d8-loki" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 38 + }, + "id": 12, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.4.19", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "editorMode": "code", + "expr": "{namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | type=~\"Virtualization control|Module control\"", + "queryType": "range", + "refId": "A" + } + ], + "title": "Module logs ", + "transformations": [ + { + "id": "extractFields", + "options": { + "format": "json", + "replace": true, + "source": "Line" + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "loki", + "uid": "d8-loki" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 46 + }, + "id": 9, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.4.19", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "editorMode": "code", + "expr": "{namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | type=~\"Forbidden operation\"", + "queryType": "range", + "refId": "A" + } + ], + "title": "Forbidden operation logs ", + "transformations": [ + { + "id": "extractFields", + "options": { + "format": "json", + "replace": true, + "source": "Line" + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "loki", + "uid": "d8-loki" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 54 + }, + "id": 13, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true + }, + "pluginVersion": "10.4.19", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "editorMode": "code", + "expr": "{namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | type=~\"Integrity check\"", + "queryType": "range", + "refId": "A" + } + ], + "title": "Integrity control logs ", + "transformations": [ + { + "id": "extractFields", + "options": { + "format": "json", + "replace": true, + "source": "Line" + } + } + ], + "type": "table" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 62 + }, + "id": 14, + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "${loki}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Time" + }, + "properties": [ + { + "id": "custom.width", + "value": 164 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Type" + }, + "properties": [ + { + "id": "custom.width", + "value": 160 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "level" + }, + "properties": [ + { + "id": "custom.width", + "value": 49 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "name" + }, + "properties": [ + { + "id": "custom.width", + "value": 164 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "datetime" + }, + "properties": [ + { + "id": "custom.width", + "value": 176 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "uid" + }, + "properties": [ + { + "id": "custom.width", + "value": 309 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "operation_result" + }, + "properties": [ + { + "id": "custom.width", + "value": 132 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "action_type" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "component" + }, + "properties": [ + { + "id": "custom.width", + "value": 193 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "type" + }, + "properties": [ + { + "id": "custom.width", + "value": 158 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "virtualization_version" + }, + "properties": [ + { + "id": "custom.width", + "value": 166 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "virtualization_name" + }, + "properties": [ + { + "id": "custom.width", + "value": 169 + } + ] + } + ] + }, + "gridPos": { + "h": 13, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 2, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.4.19", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "d8-loki" + }, + "editorMode": "code", + "expr": "{namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs view", + "transformations": [ + { + "id": "extractFields", + "options": { + "format": "json", + "jsonPaths": [], + "keepTime": true, + "replace": true, + "source": "Line" + } + } + ], + "type": "table" + } + ], + "title": "Common logs", + "type": "row" + } + ], + "refresh": "1m", + "schemaVersion": 39, + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "d8-loki", + "value": "d8-loki" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "loki", + "options": [], + "query": "loki", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] + }, + "time": { + "from": "now-30m", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "Virtualization Audit", + "uid": "cetic597nt7uoc", + "version": 8, + "weekStart": "" +} \ No newline at end of file From 068862ac11ca326dff404a34abe6eee716054d52 Mon Sep 17 00:00:00 2001 From: Nikita Korolev Date: Mon, 4 Aug 2025 10:53:01 +0300 Subject: [PATCH 2/2] upd dashboard Signed-off-by: Nikita Korolev --- .../security/virtual-audit.json | 395 ++++++ monitoring/grafana-dashboards/virt-audit.json | 1133 ----------------- 2 files changed, 395 insertions(+), 1133 deletions(-) create mode 100644 monitoring/grafana-dashboards/security/virtual-audit.json delete mode 100644 monitoring/grafana-dashboards/virt-audit.json diff --git a/monitoring/grafana-dashboards/security/virtual-audit.json b/monitoring/grafana-dashboards/security/virtual-audit.json new file mode 100644 index 0000000000..843db479f6 --- /dev/null +++ b/monitoring/grafana-dashboards/security/virtual-audit.json @@ -0,0 +1,395 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 47, + "links": [], + "panels": [ + { + "datasource": { + "type": "loki", + "uid": "${ds_loki}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 3, + "options": { + "legend": { + "calcs": [ + "count" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${ds_loki}" + }, + "editorMode": "code", + "expr": "sum by (request_subject,name) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | request_subject!~\".*(serviceaccount|system:.+).\" [$__interval]))", + "legendFormat": "{{request_subject}} {{name}}", + "queryType": "range", + "refId": "A" + } + ], + "title": "User Accounts activity", + "type": "timeseries" + }, + { + "datasource": { + "type": "loki", + "uid": "${ds_loki}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "filterable": true, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Time" + }, + "properties": [ + { + "id": "custom.width", + "value": 205 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Type" + }, + "properties": [ + { + "id": "custom.width", + "value": 160 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "level" + }, + "properties": [ + { + "id": "custom.width", + "value": 49 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "name" + }, + "properties": [ + { + "id": "custom.width", + "value": 164 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "datetime" + }, + "properties": [ + { + "id": "custom.width", + "value": 176 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "uid" + }, + "properties": [ + { + "id": "custom.width", + "value": 309 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "operation_result" + }, + "properties": [ + { + "id": "custom.width", + "value": 132 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "action_type" + }, + "properties": [ + { + "id": "custom.width", + "value": 109 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "component" + }, + "properties": [ + { + "id": "custom.width", + "value": 193 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "type" + }, + "properties": [ + { + "id": "custom.width", + "value": 158 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "virtualization_version" + }, + "properties": [ + { + "id": "custom.width", + "value": 166 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "virtualization_name" + }, + "properties": [ + { + "id": "custom.width", + "value": 169 + } + ] + } + ] + }, + "gridPos": { + "h": 13, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 2, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "10.4.19", + "targets": [ + { + "datasource": { + "type": "loki", + "uid": "${ds_loki}" + }, + "editorMode": "code", + "expr": "{namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} |= \"$query\"", + "queryType": "range", + "refId": "A" + } + ], + "title": "Logs view", + "transformations": [ + { + "id": "extractFields", + "options": { + "format": "json", + "jsonPaths": [], + "keepTime": true, + "replace": true, + "source": "Line" + } + } + ], + "type": "table" + } + ], + "refresh": "1m", + "schemaVersion": 39, + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "d8-loki", + "value": "d8-loki" + }, + "hide": 0, + "includeAll": false, + "label": "Loki", + "multi": false, + "name": "ds_loki", + "options": [], + "query": "loki", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": {}, + "hide": 0, + "label": "query", + "name": "query", + "options": [], + "query": "", + "skipUrlSync": false, + "type": "textbox" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "Virtualization Audit", + "uid": "cetic597nt7uoc", + "version": 9, + "weekStart": "" +} \ No newline at end of file diff --git a/monitoring/grafana-dashboards/virt-audit.json b/monitoring/grafana-dashboards/virt-audit.json deleted file mode 100644 index aa13a683f3..0000000000 --- a/monitoring/grafana-dashboards/virt-audit.json +++ /dev/null @@ -1,1133 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": 47, - "links": [], - "panels": [ - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 10, - "panels": [], - "title": "Graphs", - "type": "row" - }, - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 1 - }, - "id": 3, - "options": { - "legend": { - "calcs": [], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "editorMode": "code", - "expr": "sum by (request_subject) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json [$__auto]))", - "legendFormat": "{{request_subject}}", - "queryType": "range", - "refId": "A" - } - ], - "title": "User Accounts activity", - "type": "timeseries" - }, - { - "datasource": { - "type": "loki", - "uid": "d8-loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "green", - "mode": "fixed" - }, - "displayName": "${__field.labels.X}", - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "orange", - "value": 70 - }, - { - "color": "red", - "value": 85 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 10, - "x": 0, - "y": 9 - }, - "id": 5, - "options": { - "displayMode": "basic", - "maxVizHeight": 300, - "minVizHeight": 16, - "minVizWidth": 8, - "namePlacement": "auto", - "orientation": "vertical", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "showUnfilled": true, - "sizing": "auto", - "valueMode": "color" - }, - "pluginVersion": "10.4.19", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "editorMode": "code", - "expr": "sum by (level) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json [$__auto]))", - "legendFormat": "{{level}}", - "queryType": "range", - "refId": "A" - } - ], - "title": "Event level count", - "type": "bargauge" - }, - { - "datasource": { - "type": "loki", - "uid": "d8-loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "green", - "mode": "fixed" - }, - "displayName": "${__field.labels.X}", - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "percentage", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 14, - "x": 10, - "y": 9 - }, - "id": 4, - "options": { - "displayMode": "basic", - "maxVizHeight": 300, - "minVizHeight": 16, - "minVizWidth": 8, - "namePlacement": "auto", - "orientation": "vertical", - "reduceOptions": { - "calcs": [ - "count" - ], - "fields": "", - "values": false - }, - "showUnfilled": true, - "sizing": "auto", - "valueMode": "color" - }, - "pluginVersion": "10.4.19", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "editorMode": "code", - "expr": "sum by (type) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json [$__auto]))", - "legendFormat": "{{type}}", - "queryType": "range", - "refId": "A" - } - ], - "title": "Event type count", - "type": "bargauge" - }, - { - "datasource": { - "type": "loki", - "uid": "d8-loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "semi-dark-green", - "mode": "fixed" - }, - "displayName": "${__field.labels.X}", - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 11, - "x": 0, - "y": 13 - }, - "id": 1, - "options": { - "displayMode": "basic", - "maxVizHeight": 300, - "minVizHeight": 16, - "minVizWidth": 8, - "namePlacement": "auto", - "orientation": "vertical", - "reduceOptions": { - "calcs": [ - "count" - ], - "fields": "", - "values": false - }, - "showUnfilled": true, - "sizing": "auto", - "valueMode": "color" - }, - "pluginVersion": "10.4.19", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "editorMode": "code", - "expr": "sum by (action_type) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | operation_result=\"allow\" [$__auto]))", - "legendFormat": "{{action_type}}", - "queryType": "range", - "refId": "A" - } - ], - "title": "Event actions with operation allow count", - "transformations": [ - { - "id": "extractFields", - "options": { - "format": "json", - "jsonPaths": [], - "keepTime": true, - "replace": true, - "source": "Line" - } - } - ], - "type": "bargauge" - }, - { - "datasource": { - "type": "loki", - "uid": "d8-loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "fieldMinMax": false, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 13, - "x": 11, - "y": 13 - }, - "id": 7, - "options": { - "legend": { - "displayMode": "list", - "placement": "bottom", - "showLegend": true, - "values": [] - }, - "pieType": "pie", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "editorMode": "code", - "expr": "sum by (action_type) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | operation_result=\"deny\" [$__auto]))", - "legendFormat": "{{action_type}}", - "queryType": "range", - "refId": "A" - } - ], - "title": "Event actions with operation deny count", - "type": "piechart" - }, - { - "datasource": { - "type": "loki", - "uid": "d8-loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisBorderShow": false, - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "insertNulls": false, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 21 - }, - "id": 6, - "options": { - "legend": { - "calcs": [ - "count" - ], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "editorMode": "code", - "expr": "sum by (name) (count_over_time({namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | type=\"Manage VM\" [$__auto]))", - "legendFormat": "{{name}}", - "queryType": "range", - "refId": "A", - "step": "" - } - ], - "title": "Manage VM events count", - "type": "timeseries" - }, - { - "collapsed": false, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 29 - }, - "id": 11, - "panels": [], - "title": "logs", - "type": "row" - }, - { - "datasource": { - "type": "loki", - "uid": "d8-loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 30 - }, - "id": 8, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.4.19", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "editorMode": "code", - "expr": "{namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | type=~\"Access to VM|Control VM|Manage VM\"", - "queryType": "range", - "refId": "A" - } - ], - "title": "Virtual machine events ", - "transformations": [ - { - "id": "extractFields", - "options": { - "format": "json", - "replace": true, - "source": "Line" - } - } - ], - "type": "table" - }, - { - "datasource": { - "type": "loki", - "uid": "d8-loki" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 38 - }, - "id": 12, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.4.19", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "editorMode": "code", - "expr": "{namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | type=~\"Virtualization control|Module control\"", - "queryType": "range", - "refId": "A" - } - ], - "title": "Module logs ", - "transformations": [ - { - "id": "extractFields", - "options": { - "format": "json", - "replace": true, - "source": "Line" - } - } - ], - "type": "table" - }, - { - "datasource": { - "type": "loki", - "uid": "d8-loki" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 46 - }, - "id": 9, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.4.19", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "editorMode": "code", - "expr": "{namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | type=~\"Forbidden operation\"", - "queryType": "range", - "refId": "A" - } - ], - "title": "Forbidden operation logs ", - "transformations": [ - { - "id": "extractFields", - "options": { - "format": "json", - "replace": true, - "source": "Line" - } - } - ], - "type": "table" - }, - { - "datasource": { - "type": "loki", - "uid": "d8-loki" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 54 - }, - "id": 13, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.4.19", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "editorMode": "code", - "expr": "{namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json | type=~\"Integrity check\"", - "queryType": "range", - "refId": "A" - } - ], - "title": "Integrity control logs ", - "transformations": [ - { - "id": "extractFields", - "options": { - "format": "json", - "replace": true, - "source": "Line" - } - } - ], - "type": "table" - }, - { - "collapsed": true, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 62 - }, - "id": 14, - "panels": [ - { - "datasource": { - "type": "loki", - "uid": "${loki}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "filterable": true, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Time" - }, - "properties": [ - { - "id": "custom.width", - "value": 164 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Type" - }, - "properties": [ - { - "id": "custom.width", - "value": 160 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "level" - }, - "properties": [ - { - "id": "custom.width", - "value": 49 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "name" - }, - "properties": [ - { - "id": "custom.width", - "value": 164 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "datetime" - }, - "properties": [ - { - "id": "custom.width", - "value": 176 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "uid" - }, - "properties": [ - { - "id": "custom.width", - "value": 309 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "operation_result" - }, - "properties": [ - { - "id": "custom.width", - "value": 132 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "action_type" - }, - "properties": [ - { - "id": "custom.width", - "value": 109 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "component" - }, - "properties": [ - { - "id": "custom.width", - "value": 193 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "type" - }, - "properties": [ - { - "id": "custom.width", - "value": 158 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "virtualization_version" - }, - "properties": [ - { - "id": "custom.width", - "value": 166 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "virtualization_name" - }, - "properties": [ - { - "id": "custom.width", - "value": 169 - } - ] - } - ] - }, - "gridPos": { - "h": 13, - "w": 24, - "x": 0, - "y": 31 - }, - "id": 2, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true, - "sortBy": [] - }, - "pluginVersion": "10.4.19", - "targets": [ - { - "datasource": { - "type": "loki", - "uid": "d8-loki" - }, - "editorMode": "code", - "expr": "{namespace=\"d8-virtualization\", pod=~\"virtualization-audit-.+\"} | json", - "queryType": "range", - "refId": "A" - } - ], - "title": "Logs view", - "transformations": [ - { - "id": "extractFields", - "options": { - "format": "json", - "jsonPaths": [], - "keepTime": true, - "replace": true, - "source": "Line" - } - } - ], - "type": "table" - } - ], - "title": "Common logs", - "type": "row" - } - ], - "refresh": "1m", - "schemaVersion": 39, - "tags": [], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "d8-loki", - "value": "d8-loki" - }, - "hide": 0, - "includeAll": false, - "multi": false, - "name": "loki", - "options": [], - "query": "loki", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - } - ] - }, - "time": { - "from": "now-30m", - "to": "now" - }, - "timepicker": {}, - "timezone": "browser", - "title": "Virtualization Audit", - "uid": "cetic597nt7uoc", - "version": 8, - "weekStart": "" -} \ No newline at end of file