Reply

Infoblox DNS Audit Dashboard XML

New Member
Posts: 1
1209     1

Dashboard created to glean insight into Infoblox audit logs. It uses tokens to take input from the user for the time range and user to search on.

 

Instructions borrowed from Dave_Signori.

 

 

The dashboard is easy to install and run:

  1. Click Reporting -> Dashboards -> Create New Dashboard
  2. Enter a temporary value for Title like "Audit Dashboard" (this will be overwritten in a subsequent step) -> click Create Dashboard
  3. Click Source or Edit Source (depending on the NIOS version you are running)
  4. Copy the entire contents of the XML below and completely replace the XML source of the newly created Dashboard
  5. Optionally change the value of the <label> and <description> tags at the top of the XML.  By default the Dashboard will be called "InfoBlox Audit".
  6. Click Save

XML to Copy

 

<form>
  <label>InfoBlox Audit</label>
  <description>Infoblox Audit Dashboard for user logins and environment changes</description>
  <fieldset submitButton="false">
    <input type="time" token="tokTime" searchWhenChanged="true">
      <label>Select Time Range</label>
      <default>
        <earliest>-24h@h</earliest>
        <latest>now</latest>
      </default>
    </input>
    <input type="dropdown" token="User">
      <label>User</label>
      <fieldForLabel>User</fieldForLabel>
      <fieldForValue>ADMIN</fieldForValue>
      <search>
        <query>index=ib_audit  | table ADMIN |dedup ADMIN</query>
        <earliest>$tokTime.earliest$</earliest>
        <latest>$tokTime.latest$</latest>
      </search>
    </input>
  </fieldset>
  <row>
    <panel>
      <title>Search user activity excluding default account "ddimod"</title>
      <table>
        <search>
          <query>index=ib_audit   ADMIN!=ddimod | stats  values(ip) as IP values(_raw) as RAW_LOG by ADMIN ACTION MESSAGE | sort ADMIN | rename ADMIN as USER</query>
          <earliest>$tokTime.earliest$</earliest>
          <latest>$tokTime.latest$</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">50</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">none</option>
        <option name="percentagesRow">false</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
        <format type="color" field="ADMIN">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="ACTION">
          <colorPalette type="map">{"Login_Denied":#DC4E41,"Login_Allowed":#53A051}</colorPalette>
        </format>
        <format type="color" field="USER">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
      </table>
    </panel>
  </row>
  <row>
    <panel>
      <title>Search activity for default t account "ddimod"</title>
      <table>
        <search>
          <query>index=ib_audit  ADMIN=ddimod | stats  values(_raw) as RAW_LOG by ADMIN ACTION MESSAGE | rename ADMIN as USER</query>
          <earliest>$tokTime.earliest$</earliest>
          <latest>$tokTime.latest$</latest>
          <sampleRatio>1</sampleRatio>
        </search>
        <option name="count">100</option>
        <option name="dataOverlayMode">none</option>
        <option name="drilldown">none</option>
        <option name="percentagesRow">false</option>
        <option name="refresh.display">progressbar</option>
        <option name="rowNumbers">false</option>
        <option name="totalsRow">false</option>
        <option name="wrap">true</option>
        <format type="color" field="ADMIN">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="ACTION">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
        <format type="color" field="USER">
          <colorPalette type="sharedList"></colorPalette>
          <scale type="sharedCategory"></scale>
        </format>
      </table>
    </panel>
  </row>
</form>

 

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You