Reply

ADP and DNS Firewall correlation report

Adviser
Posts: 136
2521     0

This report shows simple correlation between ADP and DNS Firewall events and allows to drilldown to "ADP Events by Source IP (Join)" and "DNS Firewall Top Hits" reports (posted in the previous two messages).

 

Report ID: pvm_adp_and_dns_fw_correlation

<form>
  <label>1_ADP and DNS FW Correlation</label>
  <fieldset submitButton="false" autoRun="true">
    <input type="time" token="time" searchWhenChanged="true">
      <label></label>
      <default>
        <earliest>-7d@h</earliest>
        <latest>now</latest>
      </default>
    </input>
  </fieldset>
  <row>
    <panel>
      <table>
        <search>
          <query>index=ib_dns_summary source="si-search-dns-rpz-hits" | rename CLIENT as SOURCE_IP | join SOURCE_IP [search index=ib_security source="ib:ddos:ip_rule_stats"] | table SOURCE_IP,ACTIVE_COUNT,TOTAL_COUNT | stats sum(ACTIVE_COUNT) as ADP, sum(TOTAL_COUNT) as DNSFW by SOURCE_IP | sort -ADP, -DNSFW</query>
          <earliest>$time.earliest$</earliest>
          <latest>$time.latest$</latest>
        </search>
        <drilldown>
          <condition field="ADP">
            <link target="_blank">/app/infoblox/1_adp_rules_hits_by_clients_join?form.Client=$row.SOURCE_IP$&amp;form.time.earliest=$time.earliest$&amp;form.time.latest=$time.latest$&amp;form.time=$time$</link>
          </condition>
          <condition field="DNSFW">
            <link target="_blank">/app/infoblox/pvm_dns_top_rpz_hits?form.client=$row.SOURCE_IP$&amp;form.time.earliest=$time.earliest$&amp;form.time.latest=$time.latest$&amp;form.time=$time$</link>
          </condition>
        </drilldown>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="drilldown">row</option>
        <option name="dataOverlayMode">heatmap</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
</form>

 

Have fun!

Vadim 

Showing results for 
Search instead for 
Do you mean 

Recommended for You