Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

Best Practices

Dashboard: DHCPv4 Range Utilization - Empty Ranges

New Member

Professional Services Engineer EMEA

Posts: 1

Dashboard: DHCPv4 Range Utilization - Empty Ranges

Hey guys,

A customer of us needed a dashboard that gives you the option to show all DHCP Networks that are not being utilized. It's a bit surprising to us that this is not a feature available in any of the default dashboards/reports.

In the default settings you will get all DHCP networks that have no utilization in the last 30 days. This allows a customer to clean up old non used DHCP ranges in big network environments.

John Neerdael & Roy Wiss

SecureLink Netherlands

screencapture-demogm1-infoblox-ui-0qxm07X2W35zvNHxk7Rjnw-0qx96-7X220-1502385833923.png

<form>
  <label>DHCPv4 Range Utilization - Empty Ranges</label>
  <description>DHCPv4 Range Utilization - Empty Ranges</description>
  <fieldset submitButton="true" autoRun="true">
    <input type="time" token="time">
      <label>Time</label>
      <default>
        <earliest>-30d@d</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="text" token="network">
      <label>Network (eg: *.168.1.*)</label>
      <default>*</default>
      <change>
        <condition value="All">
          <set token="network_str">| noop</set>
        </condition>
        <condition value="*">
          <set token="network_str">| filterdhcprangesreport start_address end_address "$value$"</set>
        </condition>
      </change>
      <initialValue>*</initialValue>
    </input>
    <input type="text" token="dhcp_utilization">
      <label>Utilization % (eg: &gt;10)</label>
      <default>=0.000000</default>
      <initialValue>=0.000000</initialValue>
    </input>
    <input type="text" token="ranges_field">
      <label>Ranges (eg: !=0 )</label>
      <default>!=0</default>
      <initialValue>!=0</initialValue>
    </input>
  </fieldset>
  <search id="base_search">
    <query>index=ib_dhcp_summary report=si_dhcp_range_utilization_trend
        $dhcp_range_str$
        | msservers ms_servers
        $microsoft_servers_str$
        | eval members=if(isnull(members), "", members)
        $members$
        | eval ms_servers=if(isnull(ms_servers), "", ms_servers)
        | stats avg(dhcp_utilization) as ADU by _time view members ms_servers start_address end_address DHCP_RANGE dhcp_utilization_status
        $network_str$
        | timechart bins=1000 eval(avg(ADU)/10) by DHCP_RANGE where min in bottom$bottomn$  useother=f
        | interpolate 43200</query>
    <earliest>$time.earliest$</earliest>
    <latest>$time.latest$</latest>
  </search>
  <row>
    <panel>
      <table>
        <search>
          <query>sourcetype=ib:dhcp:network index=ib_dhcp (members="*") cidr &gt;=1 address=$network$ ranges$ranges_field$  | stats avg(dhcp_utilization) as ADU by address, cidr, ranges |  where ADU $dhcp_utilization$  | sort +  address |  table address , cidr, ADU, ranges |rename address as Network, cidr as CIDR, ADU as "DHCPv4 Utilization %", ranges as Ranges</query>
          <earliest>$time.earliest$</earliest>
          <latest>$time.latest$</latest>
        </search>
        <option name="wrap">true</option>
        <option name="rowNumbers">false</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">cell</option>
        <option name="count">10</option>
      </table>
    </panel>
  </row>
</form>

Comments

This is a great dashboard, thanks for sharing!

Permalink