forked from erjosito/azcli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
flowlogs-ADXdashboard.json
1 lines (1 loc) · 7.54 KB
/
flowlogs-ADXdashboard.json
1
{"$schema":"https://dataexplorer.azure.com/static/d/schema/35/dashboard.json","id":"52df25dd-e6f1-4fa3-8b47-3f0df0bcfce5","eTag":"mYLlREA+Wd2NN50CPHHa2g==","schema_version":"35","title":"NSG Flow Logs","autoRefresh":{"enabled":false},"sharedQueries":[],"tiles":[{"id":"db482abb-7ccc-4347-9c03-b45d7f80aa7c","title":"Firewall logs","visualType":"card","pageId":"3d5ae887-54dc-4322-ac00-094b3e7a136d","layout":{"x":0,"y":0,"width":3,"height":3},"query":{"kind":"inline","dataSource":{"kind":"inline","dataSourceId":"1975debb-54f3-485b-9cd8-fd4b8dedc8b7"},"usedVariables":[],"text":"firewallLogs_structured\n| summarize count()\n"},"visualOptions":{"hideTileTitle":false,"multiStat__textSize":"auto","multiStat__valueColumn":{"type":"infer"},"colorRulesDisabled":false,"colorRules":[],"colorStyle":"light"}},{"id":"335bd73f-0c4c-4244-bc2c-ad1464b3fde9","title":"NSG Flow Logs","visualType":"card","pageId":"3d5ae887-54dc-4322-ac00-094b3e7a136d","layout":{"x":3,"y":0,"width":3,"height":3},"query":{"kind":"inline","dataSource":{"kind":"inline","dataSourceId":"1975debb-54f3-485b-9cd8-fd4b8dedc8b7"},"usedVariables":[],"text":"flowLogs\n| summarize count()"},"visualOptions":{"hideTileTitle":false,"multiStat__textSize":"auto","multiStat__valueColumn":{"type":"infer"},"colorRulesDisabled":false,"colorRules":[],"colorStyle":"light"}},{"id":"4ceef164-e264-422c-ba1f-e34ecc49754f","title":"Top TCP flows","visualType":"table","pageId":"3d5ae887-54dc-4322-ac00-094b3e7a136d","layout":{"x":6,"y":0,"width":16,"height":6},"query":{"kind":"inline","dataSource":{"kind":"inline","dataSourceId":"1975debb-54f3-485b-9cd8-fd4b8dedc8b7"},"usedVariables":[],"text":"flowLogs\n| summarize SumBytesSrcToDst=sum(BytesSrcToDst), SumBytesDstToSrc=sum(BytesDstToSrc) by srcIP,dstIP,Protocol,dstPort,Decision\n| extend SumBytes = SumBytesDstToSrc + SumBytesSrcToDst\n| top 10 by SumBytes desc "},"visualOptions":{"hideTileTitle":false,"table__enableRenderLinks":true,"colorRules":[],"colorRulesDisabled":true,"colorStyle":"light","crossFilterDisabled":false,"drillthroughDisabled":false,"crossFilter":[],"drillthrough":[],"table__renderLinks":[]}},{"id":"b0fb3e75-36dc-416f-be38-5670a3aedfc6","title":"Drop/Allowed bytes","visualType":"bar","pageId":"3d5ae887-54dc-4322-ac00-094b3e7a136d","layout":{"x":16,"y":6,"width":7,"height":7},"query":{"kind":"inline","dataSource":{"kind":"inline","dataSourceId":"1975debb-54f3-485b-9cd8-fd4b8dedc8b7"},"usedVariables":[],"text":"flowLogs\n| summarize SumBytesSrcToDst = sum(BytesSrcToDst), SumBytesDstToSrc = sum(BytesDstToSrc) by Decision \n"},"visualOptions":{"hideTileTitle":false,"multipleYAxes":{"base":{"id":"-1","label":"","columns":[],"yAxisMaximumValue":null,"yAxisMinimumValue":null,"yAxisScale":"linear","horizontalLines":[]},"additional":[],"showMultiplePanels":false},"hideLegend":false,"xColumnTitle":"","xColumn":{"type":"infer"},"yColumns":{"type":"infer"},"seriesColumns":{"type":"infer"},"xAxisScale":"linear","verticalLine":"","crossFilterDisabled":false,"drillthroughDisabled":false,"crossFilter":[],"drillthrough":[]}},{"id":"e88982ac-1cca-4cf3-9766-6a59f84687cc","title":"Inbound/Outbound bytes","visualType":"bar","pageId":"3d5ae887-54dc-4322-ac00-094b3e7a136d","layout":{"x":16,"y":13,"width":7,"height":7},"query":{"kind":"inline","dataSource":{"kind":"inline","dataSourceId":"1975debb-54f3-485b-9cd8-fd4b8dedc8b7"},"usedVariables":[],"text":"flowLogs\n| summarize SumBytesSrcToDst = sum(BytesSrcToDst), SumBytesDstToSrc = sum(BytesDstToSrc) by Direction \n"},"visualOptions":{"hideTileTitle":false,"multipleYAxes":{"base":{"id":"-1","label":"","columns":[],"yAxisMaximumValue":null,"yAxisMinimumValue":null,"yAxisScale":"linear","horizontalLines":[]},"additional":[],"showMultiplePanels":false},"hideLegend":false,"xColumnTitle":"","xColumn":{"type":"infer"},"yColumns":{"type":"infer"},"seriesColumns":{"type":"infer"},"xAxisScale":"linear","verticalLine":"","crossFilterDisabled":false,"drillthroughDisabled":false,"crossFilter":[],"drillthrough":[]}},{"id":"5643347c-636b-451f-9a3f-224f15345295","title":"Private/Public traffic distribution","visualType":"column","pageId":"3d5ae887-54dc-4322-ac00-094b3e7a136d","layout":{"x":0,"y":3,"width":6,"height":6},"query":{"kind":"inline","dataSource":{"kind":"inline","dataSourceId":"1975debb-54f3-485b-9cd8-fd4b8dedc8b7"},"usedVariables":[],"text":"flowLogs \n| extend SrcIPisPrivate = ipv4_is_in_any_range(srcIP, dynamic([\"10.0.0.0/8\", \"192.168.0.0/16\", \"172.16.0.0/12\"]))\n| extend DstIPisPrivate = ipv4_is_in_any_range(dstIP, dynamic([\"10.0.0.0/8\", \"192.168.0.0/16\", \"172.16.0.0/12\"]))\n| where isnotnull(SrcIPisPrivate) and isnotnull(DstIPisPrivate) \n| extend FlowType = iff(SrcIPisPrivate and DstIPisPrivate, \"PrivateToPrivate\", iff(SrcIPisPrivate and not(DstIPisPrivate), \"PrivateToPublic\",iff(DstIPisPrivate and not(SrcIPisPrivate), \"PublicToPrivate\", \"PublicToPublic\")))\n| summarize SumBytesSrcToDst=sum(BytesSrcToDst), SumBytesDstToSrc=sum(BytesDstToSrc) by FlowType\n"},"visualOptions":{"hideTileTitle":false,"multipleYAxes":{"base":{"id":"-1","label":"","columns":[],"yAxisMaximumValue":null,"yAxisMinimumValue":null,"yAxisScale":"linear","horizontalLines":[]},"additional":[],"showMultiplePanels":false},"hideLegend":false,"xColumnTitle":"","xColumn":{"type":"infer"},"yColumns":{"type":"infer"},"seriesColumns":{"type":"infer"},"xAxisScale":"linear","verticalLine":"","crossFilterDisabled":false,"drillthroughDisabled":false,"crossFilter":[],"drillthrough":[]}},{"id":"e2a6fa9f-dfdc-48aa-8977-e38c2a556283","title":"Missing Src or Dst IP","visualType":"card","pageId":"3d5ae887-54dc-4322-ac00-094b3e7a136d","layout":{"x":0,"y":9,"width":3,"height":3},"query":{"kind":"inline","dataSource":{"kind":"inline","dataSourceId":"1975debb-54f3-485b-9cd8-fd4b8dedc8b7"},"usedVariables":[],"text":"flowLogs\n| extend EmptySrcIP = (strlen(srcIP)==0)\n| extend EmptyDstIP = (strlen(dstIP)==0)\n| where EmptySrcIP or EmptyDstIP\n| summarize FlowsWithNoSrcOrDst=count()"},"visualOptions":{"hideTileTitle":false,"multiStat__textSize":"auto","multiStat__valueColumn":{"type":"infer"},"colorRulesDisabled":false,"colorRules":[],"colorStyle":"light"}},{"id":"a4daf615-289b-4e3d-ab91-2c60866c3647","title":"Top protocols","visualType":"pie","pageId":"3d5ae887-54dc-4322-ac00-094b3e7a136d","layout":{"x":6,"y":6,"width":10,"height":9},"query":{"kind":"inline","dataSource":{"kind":"inline","dataSourceId":"1975debb-54f3-485b-9cd8-fd4b8dedc8b7"},"usedVariables":[],"text":"flowLogs\n| extend ProtAndPort = strcat(iff(Protocol==\"T\", \"TCP\", iff(Protocol==\"U\", \"UDP\", \"Unknown\")),\"-\", dstPort)\n| summarize SumBytesSrcToDst=sum(BytesSrcToDst), SumBytesDstToSrc=sum(BytesDstToSrc) by ProtAndPort\n| top 10 by SumBytesSrcToDst+SumBytesSrcToDst\n"},"visualOptions":{"hideTileTitle":false,"hideLegend":false,"xColumn":{"type":"infer"},"yColumns":{"type":"infer"},"seriesColumns":{"type":"infer"},"crossFilterDisabled":false,"drillthroughDisabled":false,"labelDisabled":false,"pie__label":["name","percentage"],"tooltipDisabled":false,"pie__tooltip":["name","percentage","value"],"pie__orderBy":"size","pie__kind":"pie","pie__topNSlices":null,"crossFilter":[],"drillthrough":[]}}],"parameters":[{"kind":"duration","id":"f72264bb-cffd-468f-a9e3-496303de4f4f","displayName":"Time range","beginVariableName":"_startTime","endVariableName":"_endTime","defaultValue":{"kind":"dynamic","count":1,"unit":"hours"},"showOnPages":{"kind":"all"}}],"dataSources":[{"id":"1975debb-54f3-485b-9cd8-fd4b8dedc8b7","name":"Network Logs","clusterUri":"https://nwlogs.eastus2.kusto.windows.net/","database":"nwlogs","kind":"manual-kusto","scopeId":"kusto"}],"pages":[{"name":"Page 1","id":"3d5ae887-54dc-4322-ac00-094b3e7a136d"}]}