From 7a57363206ebeb23b0f2db47c22db142488f1fbc Mon Sep 17 00:00:00 2001 From: Rahul Gupta Date: Thu, 3 Aug 2023 13:19:11 +0530 Subject: [PATCH 1/3] chore: bump go --- .github/workflows/go.yml | 2 +- .github/workflows/golangci-lint.yml | 2 +- integration/Jenkinsfile | 2 +- jenkins/artifacts/jenkinsfile | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 6d4afdd49..999df8661 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -1,7 +1,7 @@ name: Build, Test, Lint License env: - GO_VERSION: "1.20.6" + GO_VERSION: "1.20.7" on: push: diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index 6c8ae2a8c..e1079e065 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -19,7 +19,7 @@ jobs: steps: - uses: actions/setup-go@v4 with: - go-version: '1.20.6' + go-version: '1.20.7' - uses: actions/checkout@v3 - name: golangci-lint uses: golangci/golangci-lint-action@v3 diff --git a/integration/Jenkinsfile b/integration/Jenkinsfile index 1050c6188..560020f23 100644 --- a/integration/Jenkinsfile +++ b/integration/Jenkinsfile @@ -18,7 +18,7 @@ pipeline { environment { BUILD_ID="dontKillMe" JENKINS_NODE_COOKIE="dontKillMe" - GO_VERSION = "1.20.6" + GO_VERSION = "1.20.7" } stages { diff --git a/jenkins/artifacts/jenkinsfile b/jenkins/artifacts/jenkinsfile index 557d85d59..b21e935c8 100644 --- a/jenkins/artifacts/jenkinsfile +++ b/jenkins/artifacts/jenkinsfile @@ -37,7 +37,7 @@ pipeline { jfrogImagePrefix = "netappdownloads.jfrog.io/oss-docker-harvest-production/harvest" jfrogRepo = "netappdownloads.jfrog.io" COMMIT_ID = sh(returnStdout: true, script: 'git rev-parse HEAD') - GO_VERSION = "1.20.6" + GO_VERSION = "1.20.7" } stages { From 084fb114683ddd8cfa202ea207abc95f4f33dd3e Mon Sep 17 00:00:00 2001 From: Hardikl <83282894+Hardikl@users.noreply.github.com> Date: Thu, 3 Aug 2023 17:16:04 +0530 Subject: [PATCH 2/3] feat: merge compliance and security dashboard + added ARW fields (#2207) * feat: merge compliance and security dashboard + added ARW fields * feat: ARW related fields and autoupdate+notification details * feat: zapi changes for ems destination call --- cmd/collectors/rest/plugins/volume/volume.go | 88 +- conf/rest/9.12.0/ems_destination.yaml | 25 + conf/rest/9.12.0/support_auto_update.yaml | 13 + conf/rest/9.12.0/volume.yaml | 4 + conf/rest/default.yaml | 2 + conf/zapi/cdot/9.8.0/ems_destination.yaml | 27 + conf/zapi/cdot/9.8.0/volume.yaml | 3 + conf/zapi/default.yaml | 1 + grafana/dashboards/cmode/compliance.json | 2765 +------------ grafana/dashboards/cmode/security.json | 3624 ++++++++++++++++-- integration/test/dashboard_json_test.go | 3 + 11 files changed, 3463 insertions(+), 3092 deletions(-) create mode 100644 conf/rest/9.12.0/ems_destination.yaml create mode 100644 conf/rest/9.12.0/support_auto_update.yaml create mode 100644 conf/zapi/cdot/9.8.0/ems_destination.yaml diff --git a/cmd/collectors/rest/plugins/volume/volume.go b/cmd/collectors/rest/plugins/volume/volume.go index 3ac3da398..e03c68b1b 100644 --- a/cmd/collectors/rest/plugins/volume/volume.go +++ b/cmd/collectors/rest/plugins/volume/volume.go @@ -11,17 +11,21 @@ import ( "github.com/netapp/harvest/v2/pkg/conf" "github.com/netapp/harvest/v2/pkg/errs" "github.com/netapp/harvest/v2/pkg/matrix" + "github.com/netapp/harvest/v2/pkg/tree/node" "github.com/tidwall/gjson" "strconv" "strings" "time" ) +const HoursInMonth = 24 * 30 + type Volume struct { *plugin.AbstractPlugin currentVal int client *rest.Client aggrsMap map[string]string // aggregate-uuid -> aggregate-name map + arw *matrix.Matrix } func New(p *plugin.AbstractPlugin) plugin.Plugin { @@ -55,6 +59,16 @@ func (my *Volume) Init() error { return err } + my.arw = matrix.New(my.Parent+".Volume", "volume_arw", "volume_arw") + exportOptions := node.NewS("export_options") + instanceKeys := exportOptions.NewChildS("instance_keys", "") + instanceKeys.NewChildS("", "ArwStatus") + my.arw.SetExportOptions(exportOptions) + _, err = my.arw.NewMetricFloat64("status", "status") + if err != nil { + my.Logger.Error().Stack().Err(err).Msg("add metric") + return err + } return nil } @@ -79,8 +93,11 @@ func (my *Volume) Run(dataMap map[string]*matrix.Matrix) ([]*matrix.Matrix, erro // update volume instance labels my.updateVolumeLabels(data) + // parse anti_ransomware_start_time, antiRansomwareState for all volumes and export at cluster level + my.handleARWProtection(data) + my.currentVal++ - return nil, nil + return []*matrix.Matrix{my.arw}, nil } func (my *Volume) updateVolumeLabels(data *matrix.Matrix) { @@ -96,6 +113,75 @@ func (my *Volume) updateVolumeLabels(data *matrix.Matrix) { } } +func (my *Volume) handleARWProtection(data *matrix.Matrix) { + var ( + arwInstance *matrix.Instance + arwStartTimeValue time.Time + err error + ) + + // Purge and reset data + my.arw.PurgeInstances() + my.arw.Reset() + + // Set all global labels + my.arw.SetGlobalLabels(data.GetGlobalLabels()) + arwStatusValue := "Active Mode" + // Case where cluster don't have any volumes, arwStatus show as 'Not Monitoring' + if len(data.GetInstances()) == 0 { + arwStatusValue = "Not Monitoring" + } + + // This is how cluster level arwStatusValue has been calculated based on each volume + // If any one volume arwStatus is disabled --> "Not Monitoring" + // If any one volume has been completed learning mode --> "Switch to Active Mode" + // If all volumes are in learning mode --> "Learning Mode" + // Else indicates arwStatus for all volumes are enabled --> "Active Mode" + for _, volume := range data.GetInstances() { + if arwState := volume.GetLabel("antiRansomwareState"); arwState == "" { + // Case where REST call don't return `antiRansomwareState` field, arwStatus show as 'Not Monitoring' + arwStatusValue = "Not Monitoring" + break + } else { + if arwState == "disabled" { + arwStatusValue = "Not Monitoring" + break + } else if arwState == "dry_run" || arwState == "enable_paused" { + arwStartTime := volume.GetLabel("anti_ransomware_start_time") + if arwStartTime == "" || arwStatusValue == "Switch to Active Mode" { + continue + } + // If ARW startTime is more than 30 days old, which indicates that learning mode has been finished. + if arwStartTimeValue, err = time.Parse(time.RFC3339, arwStartTime); err != nil { + my.Logger.Error().Err(err).Msg("Failed to parse arw start time") + arwStartTimeValue = time.Now() + } + if time.Since(arwStartTimeValue).Hours() > HoursInMonth { + arwStatusValue = "Switch to Active Mode" + } else { + arwStatusValue = "Learning Mode" + } + } + } + } + + arwInstanceKey := data.GetGlobalLabels().Get("cluster") + data.GetGlobalLabels().Get("datacenter") + if arwInstance, err = my.arw.NewInstance(arwInstanceKey); err != nil { + my.Logger.Error().Err(err).Str("arwInstanceKey", arwInstanceKey).Msg("Failed to create arw instance") + return + } + + arwInstance.SetLabel("ArwStatus", arwStatusValue) + m := my.arw.GetMetric("status") + // populate numeric data + value := 1.0 + if err = m.SetValueFloat64(arwInstance, value); err != nil { + my.Logger.Error().Stack().Err(err).Float64("value", value).Msg("Failed to parse value") + } else { + my.Logger.Debug().Float64("value", value).Msg("added value") + } +} + func (my *Volume) getEncryptedDisks() ([]gjson.Result, error) { var ( result []gjson.Result diff --git a/conf/rest/9.12.0/ems_destination.yaml b/conf/rest/9.12.0/ems_destination.yaml new file mode 100644 index 000000000..2935dc3e3 --- /dev/null +++ b/conf/rest/9.12.0/ems_destination.yaml @@ -0,0 +1,25 @@ + +name: EmsDestination +query: api/support/ems/destinations +object: ems_destination + +counters: + - ^^destination => destination + - ^^name => name + - ^^type => type + - ^certificate.ca => certificate + - ^filter => filter + - ^syslog => syslog + - ^system_defined => system_defined + - filter: + - system_defined=false + +export_options: + instance_keys: + - destination + - name + - type + instance_labels: + - certificate + - filter + - syslog diff --git a/conf/rest/9.12.0/support_auto_update.yaml b/conf/rest/9.12.0/support_auto_update.yaml new file mode 100644 index 000000000..df0e186c6 --- /dev/null +++ b/conf/rest/9.12.0/support_auto_update.yaml @@ -0,0 +1,13 @@ + +name: SupportAutoUpdate +query: api/support/auto-update +object: support_auto_update + +counters: + - ^enabled => auto_update_enabled + +export_options: + instance_keys: + - auto_update_enabled + instance_labels: + - auto_update_enabled diff --git a/conf/rest/9.12.0/volume.yaml b/conf/rest/9.12.0/volume.yaml index 1c2ea5fcd..31df04304 100644 --- a/conf/rest/9.12.0/volume.yaml +++ b/conf/rest/9.12.0/volume.yaml @@ -9,11 +9,13 @@ counters: - ^^svm.name => svm - ^aggregates.#.name => aggr - ^aggregates.#.uuid => aggrUuid # handled in plugin for flexgroup + - ^anti_ransomware.dry_run_start_time => anti_ransomware_start_time - ^anti_ransomware.state => antiRansomwareState - ^encryption.enabled => isEncrypted - ^is_svm_root => svm_root - ^snaplock.type => snaplock_type - ^snapshot_policy.name => snapshot_policy + - ^space.snapshot.autodelete.enabled => snapshot_autodelete - ^state => state - ^style => style - ^type => type @@ -43,6 +45,7 @@ counters: - space.snapshot.used => snapshots_size_used - space.used => size_used - hidden_fields: + - anti_ransomware.dry_run_start_time - anti_ransomware.state - autosize - encryption.enabled @@ -137,6 +140,7 @@ export_options: - is_sis_volume - root_volume - snaplock_type + - snapshot_autodelete - snapshot_policy - state - svm_root diff --git a/conf/rest/default.yaml b/conf/rest/default.yaml index b2e2763dc..74fef53f9 100644 --- a/conf/rest/default.yaml +++ b/conf/rest/default.yaml @@ -13,6 +13,7 @@ objects: CloudTarget: cloud_target.yaml ClusterPeer: clusterpeer.yaml Disk: disk.yaml + EmsDestination: ems_destination.yaml # ExportRule: exports.yaml LIF: lif.yaml Health: health.yaml @@ -42,6 +43,7 @@ objects: Status: status.yaml Subsystem: subsystem.yaml Support: support.yaml + SupportAutoUpdate: support_auto_update.yaml SVM: svm.yaml Volume: volume.yaml VolumeAnalytics: volume_analytics.yaml diff --git a/conf/zapi/cdot/9.8.0/ems_destination.yaml b/conf/zapi/cdot/9.8.0/ems_destination.yaml new file mode 100644 index 000000000..e2f8bd1ea --- /dev/null +++ b/conf/zapi/cdot/9.8.0/ems_destination.yaml @@ -0,0 +1,27 @@ +name: EmsDestination +query: ems-event-notification-destination-get-iter +object: ems_destination + +counters: + event-notification-destination-info: + - ^^certificate-authority => certificate + - ^^name => name + - ^^type => type + - destination: + - ^^string => destination + +collect_only_labels: true + +plugins: + - LabelAgent: + exclude_equals: + - destination `` + +export_options: + instance_keys: + - destination + - name + - type + instance_labels: + - certificate + diff --git a/conf/zapi/cdot/9.8.0/volume.yaml b/conf/zapi/cdot/9.8.0/volume.yaml index a33add834..250620bd2 100644 --- a/conf/zapi/cdot/9.8.0/volume.yaml +++ b/conf/zapi/cdot/9.8.0/volume.yaml @@ -37,6 +37,8 @@ counters: - ^auto-snapshots-enabled => auto_snapshots_enabled - ^snapshot-policy - snapshot-count + - volume-snapshot-autodelete-attributes: + - ^is-autodelete-enabled => snapshot_autodelete - volume-space-attributes: - expected-available - filesystem-size => filesystem_size @@ -117,6 +119,7 @@ export_options: - is_sis_volume - node_root - root_volume + - snapshot_autodelete - snapshot_policy - state - svm_root diff --git a/conf/zapi/default.yaml b/conf/zapi/default.yaml index 506a5e9bd..caf17fa86 100644 --- a/conf/zapi/default.yaml +++ b/conf/zapi/default.yaml @@ -11,6 +11,7 @@ objects: CIFSSession: cifs_session.yaml ClusterPeer: clusterpeer.yaml Disk: disk.yaml + EmsDestination: ems_destination.yaml LIF: lif.yaml Lun: lun.yaml # NetPort: netPort.yaml diff --git a/grafana/dashboards/cmode/compliance.json b/grafana/dashboards/cmode/compliance.json index 834c8163f..17d67e639 100644 --- a/grafana/dashboards/cmode/compliance.json +++ b/grafana/dashboards/cmode/compliance.json @@ -92,2698 +92,14 @@ "x": 0, "y": 0 }, - "id": 174, + "id": 176, "options": { - "content": "View ONTAP Security Hardening Guide https://www.netapp.com/media/10674-tr4569.pdf for more details.", + "content": "These panels were moved to the `ONTAP: Security` dashboard.", "mode": "markdown" }, "pluginVersion": "8.1.8", "title": "Important Information about Compliance dashboard", "type": "text" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 2 - }, - "id": 152, - "panels": [ - { - "datasource": "${DS_PROMETHEUS}", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "green", - "mode": "fixed" - }, - "custom": { - "align": "auto", - "displayMode": "auto", - "filterable": true - }, - "decimals": 0, - "mappings": [], - "max": 100, - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Compliant" - }, - "properties": [ - { - "id": "unit", - "value": "percent" - }, - { - "id": "custom.displayMode", - "value": "gradient-gauge" - }, - { - "id": "max", - "value": 100 - }, - { - "id": "mappings", - "value": [ - { - "options": { - "-Infinity": { - "index": 0, - "text": "0%" - }, - "Infinity": { - "index": 1, - "text": "0%" - } - }, - "type": "value" - }, - { - "options": { - "from": -9999, - "result": { - "index": 2, - "text": "0%" - }, - "to": -1 - }, - "type": "range" - } - ] - } - ] - } - ] - }, - "gridPos": { - "h": 3, - "w": 16, - "x": 0, - "y": 3 - }, - "id": 161, - "options": { - "footer": { - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true, - "sortBy": [] - }, - "pluginVersion": "8.4.11", - "targets": [ - { - "exemplar": false, - "expr": "count(group by (datacenter, cluster)(support_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", asup_enabled=\"true\", asup_https_configured!=\"https\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", telnet_enabled=\"true\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", rsh_enabled=\"true\"} or group by (datacenter, cluster)(security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", hash_algorithm=\"md5\"}) > 0 or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"\"} or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"none\"} or group by (datacenter, cluster) (security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", locked=\"false\"}) > 0 or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"cluster\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$Cluster\"} or count by (datacenter, cluster) (ntpserver_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}) < 1 or security_audit_destination_status{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", protocol!=\"tcp_encrypted\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", fips_enabled=\"false\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", type=\"admin\", ciphers=~\".*_cbc.*\"} or group by (datacenter, cluster) ((svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", audit_protocol_enabled=\"false\"}) or security_ssh_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"svm\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}))) or vector(0)", - "format": "time_series", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "NonCompliantCluster", - "refId": "A" - }, - { - "exemplar": false, - "expr": "count by (datacenter)(security_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\"}) or vector (0)", - "format": "time_series", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "TotalCluster", - "refId": "B" - } - ], - "transformations": [ - { - "id": "calculateField", - "options": { - "alias": "CompliantCluster", - "binary": { - "left": "TotalCluster", - "operator": "-", - "reducer": "sum", - "right": "NonCompliantCluster" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "calculateField", - "options": { - "alias": "", - "binary": { - "left": "CompliantCluster", - "operator": "/", - "reducer": "sum", - "right": "TotalCluster" - }, - "mode": "binary", - "reduce": { - "include": [ - "Saml", - "Certificate" - ], - "reducer": "sum" - } - } - }, - { - "id": "calculateField", - "options": { - "alias": "Compliant", - "binary": { - "left": "CompliantCluster / TotalCluster", - "operator": "*", - "reducer": "sum", - "right": "100" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Certificate": true, - "ComliantCluster": true, - "ComliantCluster / TotalCluster": true, - "Compliant": false, - "Compliant / Total": false, - "CompliantCluster": true, - "CompliantCluster / TotalCluster": true, - "NonCompliantCluster": true, - "Saml": true, - "Saml / Certificate": false, - "Time": true, - "Total": true, - "TotalCluster": true, - "perc": true - }, - "indexByName": {}, - "renameByName": { - "PercentCompliant": "", - "Saml / Certificate": "perc", - "Time": "" - } - } - } - ], - "type": "table" - }, - { - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "links": [], - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "semi-dark-green", - "value": null - } - ] - }, - "unit": "short" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Compliant" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "from": -9999, - "result": { - "index": 0, - "text": "0" - }, - "to": -1 - }, - "type": "range" - } - ] - } - ] - } - ] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 16, - "y": 3 - }, - "id": 166, - "links": [], - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "center", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "8.4.11", - "targets": [ - { - "exemplar": false, - "expr": "count by (datacenter) (security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}) or vector(0)", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - }, - { - "exemplar": false, - "expr": "count(group by (datacenter, cluster)(support_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", asup_enabled=\"true\", asup_https_configured!=\"https\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", telnet_enabled=\"true\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", rsh_enabled=\"true\"} or group by (datacenter, cluster)(security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", hash_algorithm=\"md5\"}) > 0 or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"\"} or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"none\"} or group by (datacenter, cluster) (security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", locked=\"false\"}) > 0 or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"cluster\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$Cluster\"} or count by (datacenter, cluster) (ntpserver_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}) < 1 or security_audit_destination_status{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", protocol!=\"tcp_encrypted\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", fips_enabled=\"false\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", type=\"admin\", ciphers=~\".*_cbc.*\"} or group by (datacenter, cluster) ((svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", audit_protocol_enabled=\"false\"}) or security_ssh_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"svm\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}))) or vector(0)", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "Compliant", - "transformations": [ - { - "id": "calculateField", - "options": { - "alias": "Compliant", - "binary": { - "left": "Value #A", - "operator": "-", - "reducer": "sum", - "right": "Value #B" - }, - "mode": "binary", - "reduce": { - "include": [ - "count((security_certificate_labels{datacenter=\"$Datacenter\", cluster=~\"$Cluster\", certificateExpiryStatus=\"active\", certificateIssuerType=\"self_signed\"} * on(datacenter, cluster) security_labels{datacenter=\"$Datacenter\", cluster=~\"$Cluster\", fips_enabled=\"true\",telnet_enabled=\"false\"} * on (datacenter, cluster) security_login_labels{datacenter=\"$Datacenter\", cluster=~\"$Cluster\", scope=\"cluster\", banner!=\"\"} * on (datacenter, cluster) (count by (datacenter, cluster) (ntpserver_labels{datacenter=\"$Datacenter\", cluster=~\"$Cluster\"}) == 3) * on (datacenter, cluster) support_labels{datacenter=\"$Datacenter\", cluster=~\"$Cluster\", asup_enabled=\"true\"} * on(datacenter, cluster) security_account_labels{datacenter=\"$Datacenter\", cluster=~\"$Cluster\", locked=\"true\"} * on(datacenter, cluster) (sum by (datacenter, cluster) (security_account_certificateuser{ddatacenter=\"$Datacenter\", cluster=~\"$Cluster\"}) > 0) * on(datacenter, cluster) (sum by (datacenter, cluster) (security_account_samluser{datacenter=\"$Datacenter\", cluster=~\"$Cluster\"}) > 0) * on(datacenter, cluster) (sum by (datacenter, cluster) (security_account_ldapeuser{datacenter=\"$Datacenter\", cluster=~\"$Cluster\"}) > 0) * on(datacenter, cluster) (sum by (datacenter, cluster) (security_account_localuser{datacenter=\"$Datacenter\", cluster=~\"$Cluster\"}) > 0) * on(datacenter, cluster) (sum by (datacenter, cluster) (security_account_activediruser{ddatacenter=\"$Datacenter\", cluster=~\"$Cluster\"}) > 0) * on(datacenter, cluster) (count by (datacenter, cluster, encryption_state) (cluster_peer_labels{datacenter=\"$Datacenter\", cluster=~\"$Cluster\", encryption_state!=\"\"}) > 0)) unless (count by (datacenter, cluster) (security_account_labels{datacenter=\"$Datacenter\", cluster=~\"$Cluster\", hash_algorithm=\"md5\"}) > 0) unless (count by (datacenter, cluster) (svm_labels{datacenter=\"$Datacenter\", cluster=~\"$Cluster\", ciphers=~\".*_cbc.*\"}))) or vector(0)" - ], - "reducer": "sum" - } - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Time": true, - "Value #A": true, - "Value #B": true, - "datacenter": true - }, - "indexByName": {}, - "renameByName": {} - } - } - ], - "type": "stat" - }, - { - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "links": [], - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "orange", - "value": null - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 20, - "y": 3 - }, - "id": 167, - "links": [], - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "center", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "8.4.11", - "targets": [ - { - "exemplar": false, - "expr": "count(group by (datacenter, cluster)(support_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", asup_enabled=\"true\", asup_https_configured!=\"https\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", telnet_enabled=\"true\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", rsh_enabled=\"true\"} or group by (datacenter, cluster)(security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", hash_algorithm=\"md5\"}) > 0 or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"\"} or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"none\"} or group by (datacenter, cluster) (security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", locked=\"false\"}) > 0 or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"cluster\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$Cluster\"} or count by (datacenter, cluster) (ntpserver_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}) < 1 or security_audit_destination_status{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", protocol!=\"tcp_encrypted\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", fips_enabled=\"false\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", type=\"admin\", ciphers=~\".*_cbc.*\"} or group by (datacenter, cluster) ((svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", audit_protocol_enabled=\"false\"}) or security_ssh_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"svm\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}))) or vector(0)", - "format": "time_series", - "hide": false, - "instant": false, - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "title": "Not Compliant", - "type": "stat" - }, - { - "datasource": "${DS_PROMETHEUS}", - "description": "❌ means this attribute is non-compliant", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "transparent", - "mode": "fixed" - }, - "custom": { - "align": "left", - "displayMode": "auto", - "filterable": true - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Autosupport Https Transport" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "false": { - "index": 0, - "text": "❌ Disabled" - }, - "true": { - "index": 1, - "text": "Enabled" - } - }, - "type": "value" - } - ] - }, - { - "id": "custom.width", - "value": 231 - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Default Admin User" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "false": { - "index": 0, - "text": "Disabled" - }, - "true": { - "index": 1, - "text": "❌ Enabled" - } - }, - "type": "value" - } - ] - }, - { - "id": "custom.filterable", - "value": true - }, - { - "id": "custom.width", - "value": 165 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "MD5 in use" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "0": { - "index": 1, - "text": "No" - } - }, - "type": "value" - }, - { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "No" - } - }, - "type": "special" - }, - { - "options": { - "from": 1, - "result": { - "index": 2, - "text": "❌ Yes" - }, - "to": 99999999 - }, - "type": "range" - } - ] - }, - { - "id": "custom.width", - "value": 114 - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Remote Shell" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "false": { - "index": 0, - "text": "Disabled" - }, - "true": { - "index": 1, - "text": "❌ Enabled" - } - }, - "type": "value" - }, - { - "options": { - "match": "empty", - "result": { - "index": 2, - "text": "Disabled" - } - }, - "type": "special" - }, - { - "options": { - "match": "null", - "result": { - "index": 3, - "text": "Disabled" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.width", - "value": 122 - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Telnet" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "false": { - "index": 0, - "text": "Disabled" - }, - "true": { - "index": 1, - "text": "❌ Enabled" - } - }, - "type": "value" - }, - { - "options": { - "match": "null", - "result": { - "index": 2, - "text": "Disabled" - } - }, - "type": "special" - }, - { - "options": { - "match": "empty", - "result": { - "index": 3, - "text": "Disabled" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.width", - "value": 99 - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Global FIPS" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "false": { - "index": 0, - "text": "❌ Disabled" - }, - "true": { - "index": 1, - "text": "Enabled" - } - }, - "type": "value" - }, - { - "options": { - "match": "null", - "result": { - "index": 2, - "text": "❌ Disabled" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.width", - "value": 112 - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Insecure SSH Settings" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "true": { - "index": 0, - "text": "❌ Yes" - } - }, - "type": "value" - }, - { - "options": { - "match": "null", - "result": { - "index": 1, - "text": "No" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.filterable", - "value": true - }, - { - "id": "custom.width", - "value": 186 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Login Banner" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "match": "empty", - "result": { - "index": 0, - "text": "❌ Disabled" - } - }, - "type": "special" - }, - { - "options": { - "match": "nan", - "result": { - "index": 1, - "text": "Enabled" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.width", - "value": 126 - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Network Time Protocol" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "0": { - "index": 0, - "text": "❌ Not Configured" - }, - "1": { - "index": 1, - "text": "❌ 1 out of 3" - }, - "2": { - "index": 2, - "text": "❌ 2 out of 3" - } - }, - "type": "value" - }, - { - "options": { - "from": 3, - "result": { - "index": 3, - "text": "Configured" - }, - "to": 9999 - }, - "type": "range" - } - ] - }, - { - "id": "custom.width", - "value": 169 - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Local Users" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "0": { - "index": 0, - "text": "Unconfigured" - } - }, - "type": "value" - }, - { - "options": { - "from": 1, - "result": { - "index": 1, - "text": "Configured" - }, - "to": 9999 - }, - "type": "range" - } - ] - }, - { - "id": "custom.width", - "value": 119 - }, - { - "id": "custom.filterable", - "value": true - }, - { - "id": "unit", - "value": "short" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Certificate Users" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "0": { - "index": 0, - "text": "Unconfigured" - } - }, - "type": "value" - }, - { - "options": { - "from": 1, - "result": { - "index": 1, - "text": "Configured" - }, - "to": 9999 - }, - "type": "range" - } - ] - }, - { - "id": "custom.width", - "value": 159 - }, - { - "id": "custom.filterable", - "value": true - }, - { - "id": "unit", - "value": "short" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Saml Users" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "0": { - "index": 0, - "text": "Unconfigured" - } - }, - "type": "value" - }, - { - "options": { - "from": 1, - "result": { - "index": 1, - "text": "Configured" - }, - "to": 9999 - }, - "type": "range" - } - ] - }, - { - "id": "custom.width", - "value": 121 - }, - { - "id": "custom.filterable", - "value": true - }, - { - "id": "unit", - "value": "short" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Ldap Users" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "0": { - "index": 0, - "text": "Unconfigured" - } - }, - "type": "value" - }, - { - "options": { - "from": 1, - "result": { - "index": 1, - "text": "Configured" - }, - "to": 9999 - }, - "type": "range" - } - ] - }, - { - "id": "custom.width", - "value": 124 - }, - { - "id": "custom.filterable", - "value": true - }, - { - "id": "unit", - "value": "short" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Active Directory Users" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "0": { - "index": 0, - "text": "Unconfigured" - } - }, - "type": "value" - }, - { - "options": { - "from": 1, - "result": { - "index": 1, - "text": "Configured" - }, - "to": 9999 - }, - "type": "range" - } - ] - }, - { - "id": "custom.filterable", - "value": true - }, - { - "id": "custom.width", - "value": 185 - }, - { - "id": "unit", - "value": "short" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Cluster Peering" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "0": { - "index": 1, - "text": "Encrypted" - } - }, - "type": "value" - }, - { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "Not Peered" - } - }, - "type": "special" - }, - { - "options": { - "from": 1, - "result": { - "index": 2, - "text": "❌ Not Encrypted" - }, - "to": 9999999999 - }, - "type": "range" - } - ] - }, - { - "id": "custom.filterable", - "value": true - }, - { - "id": "custom.width", - "value": 135 - }, - { - "id": "unit", - "value": "short" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Cluster Certificate Validity" - }, - "properties": [ - { - "id": "custom.filterable", - "value": true - }, - { - "id": "mappings", - "value": [ - { - "options": { - "active": { - "index": 0, - "text": "Active" - }, - "expired": { - "index": 2, - "text": "❌ Expired" - }, - "expiring": { - "index": 1, - "text": "Active (Expiring < 60 days)" - }, - "unknown": { - "index": 3, - "text": "Unknown" - } - }, - "type": "value" - }, - { - "options": { - "match": "null", - "result": { - "index": 4, - "text": "Unknown" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.width", - "value": 206 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Certificate Issuer Type" - }, - "properties": [ - { - "id": "custom.filterable", - "value": true - }, - { - "id": "mappings", - "value": [ - { - "options": { - "ca_signed": { - "index": 1, - "text": "CA-Signed" - }, - "self_signed": { - "index": 0, - "text": "Self-Signed" - }, - "unknown": { - "index": 2, - "text": "Unknown" - } - }, - "type": "value" - }, - { - "options": { - "match": "null", - "result": { - "index": 3, - "text": "Unknown" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.width", - "value": 187 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Compliant" - }, - "properties": [ - { - "id": "custom.filterable", - "value": true - }, - { - "id": "mappings", - "value": [ - { - "options": { - "1": { - "index": 0, - "text": "❌ No" - } - }, - "type": "value" - }, - { - "options": { - "match": "null", - "result": { - "index": 1, - "text": "Yes" - } - }, - "type": "special" - } - ] - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 6 - }, - "id": 170, - "options": { - "footer": { - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true, - "sortBy": [] - }, - "pluginVersion": "8.4.11", - "targets": [ - { - "exemplar": false, - "expr": "support_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", asup_https_configured=\"https\"}", - "format": "table", - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "A" - }, - { - "exemplar": false, - "expr": "security_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\"}", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "B" - }, - { - "exemplar": false, - "expr": "security_account_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", methods=~\".*password.*\",role_name=\"admin\", user_name=\"admin\"}", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "C" - }, - { - "exemplar": false, - "expr": "count by (datacenter,cluster,hash_algorithm)(security_account_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", hash_algorithm=\"md5\"})", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "D" - }, - { - "exemplar": false, - "expr": "count by (datacenter, cluster, insecured)(svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", insecured=\"true\"})", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "E" - }, - { - "exemplar": false, - "expr": "security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\",scope=\"cluster\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$Cluster\"}", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "F" - }, - { - "exemplar": false, - "expr": "count by (datacenter, cluster) (ntpserver_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "G" - }, - { - "exemplar": false, - "expr": "sum by (datacenter, cluster) (cluster_peer_non_encrypted{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "J" - }, - { - "exemplar": false, - "expr": "sum by (datacenter, cluster) (security_account_localuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "K" - }, - { - "exemplar": false, - "expr": "sum by (datacenter, cluster) (security_account_samluser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "I" - }, - { - "exemplar": false, - "expr": "sum by (datacenter, cluster) (security_account_activediruser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "L" - }, - { - "exemplar": false, - "expr": "sum by (datacenter, cluster) (security_account_ldapuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "M" - }, - { - "exemplar": false, - "expr": "sum by (datacenter, cluster) (security_account_certificateuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "N" - }, - { - "exemplar": false, - "expr": "security_certificate_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "O" - }, - { - "exemplar": false, - "expr": "group by (datacenter, cluster)(support_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", asup_enabled=\"true\", asup_https_configured!=\"https\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", telnet_enabled=\"true\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", rsh_enabled=\"true\"} or group by (datacenter, cluster)(security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", hash_algorithm=\"md5\"}) > 0 or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"\"} or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"none\"} or group by (datacenter, cluster) (security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", locked=\"false\"}) > 0 or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"cluster\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$Cluster\"} or count by (datacenter, cluster) (ntpserver_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}) < 1 or security_audit_destination_status{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", protocol!=\"tcp_encrypted\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", fips_enabled=\"false\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", type=\"admin\", ciphers=~\".*_cbc.*\"} or group by (datacenter, cluster) ((svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", audit_protocol_enabled=\"false\"}) or security_ssh_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"svm\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}))", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "P" - } - ], - "title": "Cluster Compliance", - "transformations": [ - { - "id": "filterFieldsByName", - "options": { - "include": { - "names": [ - "asup_enabled", - "cluster", - "fips_enabled", - "rsh_enabled", - "telnet_enabled", - "locked", - "Value #D", - "insecured", - "banner", - "Value #G", - "Value #K", - "Value #I", - "Value #L", - "Value #M", - "Value #N", - "certificateExpiryStatus", - "certificateIssuerType", - "Value #P", - "Value #J" - ] - } - } - }, - { - "id": "merge", - "options": {} - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Time": true, - "Time 1": true, - "Time 2": true, - "Value #B": true, - "Value #D": false, - "Value #E": false, - "Value #G": false, - "__name__": true, - "__name__ 1": true, - "__name__ 2": true, - "datacenter": true, - "datacenter 1": true, - "datacenter 2": true, - "fips_enabled": false, - "hash_algorithm": false, - "instance": true, - "instance 1": true, - "instance 2": true, - "job": true, - "job 1": true, - "job 2": true, - "locked": false, - "methods": true - }, - "indexByName": { - "Value #D": 11, - "Value #G": 7, - "Value #I": 13, - "Value #J": 12, - "Value #K": 17, - "Value #L": 14, - "Value #M": 15, - "Value #N": 16, - "Value #P": 0, - "asup_enabled": 8, - "banner": 6, - "certificateExpiryStatus": 2, - "certificateIssuerType": 18, - "cluster": 1, - "fips_enabled": 3, - "insecured": 5, - "locked": 9, - "rsh_enabled": 10, - "telnet_enabled": 4 - }, - "renameByName": { - "Value #A": "Autosupport Https Transport", - "Value #C": "Default Admin User", - "Value #D": "MD5 in use", - "Value #G": "Network Time Protocol", - "Value #I": "Saml Users", - "Value #J": "Cluster Peering", - "Value #K": "Local Users", - "Value #L": "Active Directory Users", - "Value #M": "Ldap Users", - "Value #N": "Certificate Users", - "Value #P": "Compliant", - "activediruser": "Active Directory Users", - "asupEnabled": "", - "asupHttpsConfigured": "", - "asup_enabled": "Autosupport Https Transport", - "banner": "Login Banner", - "certificateExpiryStatus": "Cluster Certificate Validity", - "certificateIssuerType": "Certificate Issuer Type", - "certificateuser": "Certificate Users", - "cluster": "Cluster", - "encryption_state": "Cluster Peering", - "fips_enabled": "Global FIPS", - "insecured": "Insecure SSH Settings", - "ldapuser": "Ldap Users", - "localuser": "Local Users", - "locked": "Default Admin User", - "ntp": "Network Time Protocol", - "rsh_enabled": "Remote Shell", - "samluser": "Saml Users", - "telnet_enabled": "Telnet" - } - } - } - ], - "type": "table" - } - ], - "title": "Cluster Compliance", - "type": "row" - }, - { - "collapsed": true, - "datasource": "${DS_PROMETHEUS}", - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 3 - }, - "id": 15, - "panels": [ - { - "datasource": "${DS_PROMETHEUS}", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "green", - "mode": "fixed" - }, - "custom": { - "align": "auto", - "displayMode": "auto", - "filterable": true - }, - "decimals": 0, - "mappings": [], - "max": 100, - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Compliant" - }, - "properties": [ - { - "id": "unit", - "value": "percent" - }, - { - "id": "custom.displayMode", - "value": "gradient-gauge" - }, - { - "id": "max", - "value": 100 - } - ] - } - ] - }, - "gridPos": { - "h": 3, - "w": 16, - "x": 0, - "y": 4 - }, - "id": 165, - "options": { - "footer": { - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "8.4.11", - "targets": [ - { - "exemplar": false, - "expr": "count(group by (datacenter, cluster, svm) ((svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", audit_protocol_enabled=\"false\"}) or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", scope=\"svm\", banner=\"\"} or (svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"} unless on (svm) security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm!=\"$Cluster\", svm=~\"$SVM\"}))) or vector(0)", - "format": "time_series", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "NonCompliantSvm", - "refId": "A" - }, - { - "exemplar": false, - "expr": "count(svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\",svm=~\"$SVM\"}) or vector (1) ", - "format": "time_series", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "TotalSvm", - "refId": "B" - } - ], - "transformations": [ - { - "id": "calculateField", - "options": { - "alias": "CompliantSvm", - "binary": { - "left": "TotalSvm", - "operator": "-", - "reducer": "sum", - "right": "NonCompliantSvm" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "calculateField", - "options": { - "alias": "", - "binary": { - "left": "CompliantSvm", - "operator": "/", - "reducer": "sum", - "right": "TotalSvm" - }, - "mode": "binary", - "reduce": { - "include": [ - "Saml", - "Certificate" - ], - "reducer": "sum" - } - } - }, - { - "id": "calculateField", - "options": { - "alias": "Compliant", - "binary": { - "left": "CompliantSvm / TotalSvm", - "operator": "*", - "reducer": "sum", - "right": "100" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Certificate": true, - "Compliant": false, - "Compliant / Total": false, - "CompliantCluster": true, - "CompliantCluster / TotalCluster": true, - "CompliantSvm": true, - "CompliantSvm / TotalSvm": true, - "NonCompliantSvm": true, - "Saml": true, - "Saml / Certificate": false, - "Time": true, - "Total": true, - "TotalCluster": true, - "TotalSvm": true, - "perc": true - }, - "indexByName": {}, - "renameByName": { - "PercentCompliant": "", - "Saml / Certificate": "perc", - "Time": "" - } - } - } - ], - "type": "table" - }, - { - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "links": [], - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "semi-dark-green", - "value": null - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 16, - "y": 4 - }, - "id": 168, - "links": [], - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "center", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "8.4.11", - "targets": [ - { - "exemplar": false, - "expr": "count(svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\",svm=~\"$SVM\"}) or vector(0)", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "A" - }, - { - "exemplar": false, - "expr": "count(group by (datacenter, cluster, svm) ((svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", audit_protocol_enabled=\"false\"}) or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", scope=\"svm\", banner=\"\"} or (svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"} unless on (svm) security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm!=\"$Cluster\", svm=~\"$SVM\"}))) or vector(0)", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "B" - } - ], - "title": "Compliant", - "transformations": [ - { - "id": "calculateField", - "options": { - "alias": "Compliant", - "binary": { - "left": "Value #A", - "operator": "-", - "reducer": "sum", - "right": "Value #B" - }, - "mode": "binary", - "reduce": { - "reducer": "sum" - } - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Time": true, - "Value #A": true, - "Value #B": true - }, - "indexByName": {}, - "renameByName": {} - } - } - ], - "type": "stat" - }, - { - "datasource": "${DS_PROMETHEUS}", - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "links": [], - "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "orange", - "value": null - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 20, - "y": 4 - }, - "id": 164, - "links": [], - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "center", - "orientation": "horizontal", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "8.4.11", - "targets": [ - { - "exemplar": false, - "expr": "count(group by (datacenter, cluster, svm) ((svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", audit_protocol_enabled=\"false\"}) or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", scope=\"svm\", banner=\"\"} or (svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"} unless on (svm) security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm!=\"$Cluster\", svm=~\"$SVM\"})))", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "title": "Not Compliant", - "type": "stat" - }, - { - "datasource": "${DS_PROMETHEUS}", - "description": "❌ means this attribute is non-compliant", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "transparent", - "mode": "fixed" - }, - "custom": { - "align": "left", - "displayMode": "auto", - "filterable": true - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "cluster" - }, - "properties": [ - { - "id": "displayName", - "value": "Cluster" - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Login Banner" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "match": "empty", - "result": { - "index": 0, - "text": "❌ Disabled" - } - }, - "type": "special" - }, - { - "options": { - "match": "null", - "result": { - "index": 1, - "text": "❌ Disabled" - } - }, - "type": "special" - }, - { - "options": { - "match": "nan", - "result": { - "index": 2, - "text": "Enabled" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Audit Log" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "false": { - "index": 1, - "text": "❌ Disabled" - }, - "true": { - "index": 0, - "text": "Enabled" - } - }, - "type": "value" - }, - { - "options": { - "match": "empty", - "result": { - "index": 2, - "text": "N/A" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "LDAP Payload Signing" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "0": { - "index": 0, - "text": "Disabled" - }, - "1": { - "index": 1, - "text": "Enabled" - } - }, - "type": "value" - } - ] - }, - { - "id": "custom.filterable", - "value": true - }, - { - "id": "unit", - "value": "locale" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Insecure SSH Settings" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "true": { - "index": 0, - "text": "❌ Yes" - } - }, - "type": "value" - }, - { - "options": { - "match": "null", - "result": { - "index": 1, - "text": "No" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "NTML Authentication" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "lm_ntlm_ntlmv2_krb": { - "index": 0, - "text": "Enabled" - }, - "ntlm_ntlmv2_krb": { - "index": 1, - "text": "Enabled" - }, - "ntlmv2_krb": { - "index": 2, - "text": "Enabled" - } - }, - "type": "value" - }, - { - "options": { - "match": "nan", - "result": { - "index": 3, - "text": "❌ Disabled" - } - }, - "type": "special" - }, - { - "options": { - "match": "empty", - "result": { - "index": 4, - "text": "N/A" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "LDAP Encryption" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "0": { - "index": 0, - "text": "Disabled" - }, - "1": { - "index": 1, - "text": "Enabled" - } - }, - "type": "value" - } - ] - }, - { - "id": "custom.filterable", - "value": true - }, - { - "id": "unit", - "value": "locale" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "SMB Encryption Enabled" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "false": { - "index": 1, - "text": "Disabled" - }, - "true": { - "index": 0, - "text": "Enabled" - } - }, - "type": "value" - }, - { - "options": { - "match": "empty", - "result": { - "index": 2, - "text": "N/A" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "SMB Signing Enabled" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "false": { - "index": 0, - "text": "Disabled" - }, - "true": { - "index": 1, - "text": "Enabled" - } - }, - "type": "value" - }, - { - "options": { - "match": "empty", - "result": { - "index": 2, - "text": "N/A" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Kerberos V5" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "false": { - "index": 1, - "text": "Disabled" - }, - "true": { - "index": 0, - "text": "Enabled" - } - }, - "type": "value" - }, - { - "options": { - "match": "empty", - "result": { - "index": 2, - "text": "N/A" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "CHAP Settings" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "pattern": ".*chap.*", - "result": { - "index": 0, - "text": "Enabled" - } - }, - "type": "regex" - }, - { - "options": { - "match": "nan", - "result": { - "index": 1, - "text": "Disabled" - } - }, - "type": "special" - }, - { - "options": { - "match": "empty", - "result": { - "index": 2, - "text": "N/A" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "NIS Authentication" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "false": { - "index": 1, - "text": "Disabled" - }, - "true": { - "index": 0, - "text": "❌ Enabled" - } - }, - "type": "value" - }, - { - "options": { - "match": "empty", - "result": { - "index": 2, - "text": "N/A" - } - }, - "type": "special" - } - ] - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Fpolicy Status Active" - }, - "properties": [ - { - "id": "mappings", - "value": [ - { - "options": { - "false": { - "index": 1, - "text": "Disabled" - }, - "true": { - "index": 0, - "text": "Enabled" - } - }, - "type": "value" - } - ] - }, - { - "id": "custom.filterable", - "value": true - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "SVM" - }, - "properties": [ - { - "id": "custom.width", - "value": 150 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Compliant" - }, - "properties": [ - { - "id": "custom.filterable", - "value": true - }, - { - "id": "mappings", - "value": [ - { - "options": { - "1": { - "index": 1, - "text": "❌ No" - } - }, - "type": "value" - }, - { - "options": { - "match": "null", - "result": { - "index": 0, - "text": "Yes" - } - }, - "type": "special" - } - ] - } - ] - } - ] - }, - "gridPos": { - "h": 13, - "w": 24, - "x": 0, - "y": 7 - }, - "id": 172, - "options": { - "footer": { - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true, - "sortBy": [ - { - "desc": false, - "displayName": "Compliant" - } - ] - }, - "pluginVersion": "8.4.11", - "targets": [ - { - "exemplar": false, - "expr": "svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}", - "format": "table", - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "A" - }, - { - "exemplar": false, - "expr": "security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", scope=\"svm\", svm=~\"$SVM\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm!=\"$Cluster\", svm=~\"$SVM\"}", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "C" - }, - { - "exemplar": false, - "expr": "count by (datacenter, cluster, insecured)(svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", insecured=\"true\"})", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "E" - }, - { - "exemplar": false, - "expr": "svm_ldap_signed{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "G" - }, - { - "exemplar": false, - "expr": "svm_ldap_encrypted{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "I" - }, - { - "exemplar": false, - "expr": "group by (datacenter, cluster, svm) ((svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", audit_protocol_enabled=\"false\"}) or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", scope=\"svm\", banner=\"\"} or (svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"} unless on (svm) security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm!=\"$Cluster\", svm=~\"$SVM\"}))", - "format": "table", - "hide": false, - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "B" - } - ], - "title": "SVM Compliance", - "transformations": [ - { - "id": "filterFieldsByName", - "options": { - "include": { - "names": [ - "audit_protocol_enabled", - "cifs_ntlm_enabled", - "cluster", - "iscsi_authentication_type", - "nfs_kerberos_protocol_enabled", - "nis_authentication_enabled", - "smb_encryption_required", - "smb_signing_required", - "svm", - "banner", - "insecured", - "Value #G", - "Value #I", - "Value #B" - ] - } - } - }, - { - "id": "merge", - "options": {} - }, - { - "id": "organize", - "options": { - "excludeByName": { - "Time": true, - "Time 1": true, - "Time 2": true, - "Value #B": false, - "Value #C": true, - "Value #D": false, - "Value #E": false, - "Value #G": false, - "__name__": true, - "__name__ 1": true, - "__name__ 2": true, - "audit_protocol_enabled": false, - "banner": false, - "cifs_ntlm_enabled": false, - "datacenter": true, - "datacenter 1": true, - "datacenter 2": true, - "fips_enabled": false, - "hash_algorithm": false, - "instance": true, - "instance 1": true, - "instance 2": true, - "iscsi_authentication_type": false, - "job": true, - "job 1": true, - "job 2": true, - "locked": true, - "methods": true, - "nfs_kerberos_protocol_enabled": false, - "smb_encryption_required": false, - "smb_signing_required": false - }, - "indexByName": { - "Value #B": 0, - "Value #G": 9, - "Value #I": 8, - "audit_protocol_enabled": 4, - "banner": 3, - "cifs_ntlm_enabled": 7, - "cluster": 1, - "insecured": 5, - "iscsi_authentication_type": 10, - "nfs_kerberos_protocol_enabled": 11, - "nis_authentication_enabled": 6, - "smb_encryption_required": 12, - "smb_signing_required": 13, - "svm": 2 - }, - "renameByName": { - "Value #A": "Autosupport Https Transport", - "Value #B": "Compliant", - "Value #D": "MD5 in use", - "Value #E": "", - "Value #G": "LDAP Payload Signing", - "Value #I": "LDAP Encryption", - "activediruser": "Active Directory Users", - "asupEnabled": "", - "asupHttpsConfigured": "", - "audit_protocol_enabled": "Audit Log", - "banner": "Login Banner", - "certificateuser": "Certificate Users", - "cifs_ntlm_enabled": "NTML Authentication", - "cluster": "", - "fips_enabled": "Global FIPS", - "fpolicy_enabled": "Fpolicy Status Active", - "insecured": "Insecure SSH Settings", - "iscsi_authentication_type": "CHAP Settings", - "ldapuser": "Ldap Users", - "localuser": "Local Users", - "nfs_kerberos_protocol_enabled": "Kerberos V5", - "nis_authentication_enabled": "NIS Authentication", - "nis_domain": "NIS Authentication", - "ntp": "Network Time Protocol", - "rsh_enabled": "Remote Shell", - "samluser": "Saml Users", - "smb_encryption_required": "SMB Encryption Enabled", - "smb_signing_required": "SMB Signing Enabled", - "svm": "SVM", - "telnet_enabled": "Telnet" - } - } - } - ], - "type": "table" - } - ], - "title": "Storage VMs Compliance", - "type": "row" } ], "refresh": "", @@ -2816,81 +132,6 @@ "regex": "", "skipUrlSync": false, "type": "datasource" - }, - { - "allValue": null, - "current": {}, - "datasource": "${DS_PROMETHEUS}", - "definition": "label_values(svm_labels{system_type!=\"7mode\"},datacenter)", - "description": null, - "error": null, - "hide": 0, - "includeAll": false, - "label": null, - "multi": true, - "name": "Datacenter", - "options": [], - "query": { - "query": "label_values(svm_labels{system_type!=\"7mode\"},datacenter)", - "refId": "StandardVariableQuery" - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "${DS_PROMETHEUS}", - "definition": "label_values(svm_labels{system_type!=\"7mode\",datacenter=~\"$Datacenter\"},cluster)", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "Cluster", - "options": [], - "query": { - "query": "label_values(svm_labels{system_type!=\"7mode\",datacenter=~\"$Datacenter\"},cluster)", - "refId": "StandardVariableQuery" - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "allValue": null, - "current": {}, - "datasource": "${DS_PROMETHEUS}", - "definition": "label_values(svm_labels{system_type!=\"7mode\",datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",root_svm=\"No\"},svm)", - "description": "Displaying only the data SVMs and omitting root SVMs", - "error": null, - "hide": 0, - "includeAll": true, - "label": null, - "multi": true, - "name": "SVM", - "options": [], - "query": { - "query": "label_values(svm_labels{system_type!=\"7mode\",datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",root_svm=\"No\"},svm)", - "refId": "StandardVariableQuery" - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "type": "query" } ] }, @@ -2914,5 +155,5 @@ "timezone": "", "title": "ONTAP: Compliance", "uid": "", - "version": 2 + "version": 3 } diff --git a/grafana/dashboards/cmode/security.json b/grafana/dashboards/cmode/security.json index c524073fb..8240a5105 100644 --- a/grafana/dashboards/cmode/security.json +++ b/grafana/dashboards/cmode/security.json @@ -83,6 +83,24 @@ } ], "panels": [ + { + "datasource": "${DS_PROMETHEUS}", + "description": "", + "gridPos": { + "h": 2, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 213, + "options": { + "content": "View ONTAP Security Hardening Guide https://www.netapp.com/media/10674-tr4569.pdf for more details.", + "mode": "markdown" + }, + "pluginVersion": "8.1.8", + "title": "Important Information about Compliance dashboard", + "type": "text" + }, { "collapsed": false, "datasource": "${DS_PROMETHEUS}", @@ -90,7 +108,7 @@ "h": 1, "w": 24, "x": 0, - "y": 0 + "y": 2 }, "id": 185, "panels": [], @@ -117,15 +135,57 @@ ] } }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Compliant" + }, + "properties": [ + { + "id": "max", + "value": 100 + }, + { + "id": "mappings", + "value": [ + { + "options": { + "-Infinity": { + "index": 0, + "text": "0" + }, + "Infinity": { + "index": 1, + "text": "0" + } + }, + "type": "value" + }, + { + "options": { + "from": -9999, + "result": { + "index": 2, + "text": "0" + }, + "to": -1 + }, + "type": "range" + } + ] + } + ] + } + ] }, "gridPos": { "h": 3, "w": 5, "x": 0, - "y": 1 + "y": 3 }, - "id": 207, + "id": 214, "options": { "colorMode": "value", "graphMode": "area", @@ -141,51 +201,68 @@ "text": {}, "textMode": "auto" }, - "pluginVersion": "8.3.4", + "pluginVersion": "8.1.8", "targets": [ { "datasource": "${DS_PROMETHEUS}", "exemplar": false, - "expr": "(count(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", svm=~\"$SVM\", isEncrypted=\"true\"}) or vector (0))\n+\n(count(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", svm=~\"$SVM\", isHardwareEncrypted=\"true\"}) or vector (0) )", + "expr": "count(group by (datacenter, cluster)(support_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", asup_enabled=\"true\", asup_https_configured!=\"https\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", telnet_enabled=\"true\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", rsh_enabled=\"true\"} or group by (datacenter, cluster)(security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", hash_algorithm=\"md5\"}) > 0 or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"\"} or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"none\"} or group by (datacenter, cluster) (security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", locked=\"false\"}) > 0 or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"cluster\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$Cluster\"} or count by (datacenter, cluster) (ntpserver_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}) < 1 or security_audit_destination_status{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", protocol!=\"tcp_encrypted\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", fips_enabled=\"false\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", type=\"admin\", ciphers=~\".*_cbc.*\"} or group by (datacenter, cluster) ((svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", audit_protocol_enabled=\"false\"}) or security_ssh_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"svm\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}))) or vector(0)", "instant": true, "interval": "", - "legendFormat": "encrypted", + "legendFormat": "NonCompliantCluster", "refId": "A" }, { "datasource": "${DS_PROMETHEUS}", "exemplar": false, - "expr": "(count(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", svm=~\"$SVM\"}) or vector (1) )", + "expr": "count (security_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\"}) or vector (1)", "hide": false, "instant": true, "interval": "", - "legendFormat": "total", + "legendFormat": "TotalCluster", "refId": "B" } ], - "title": "Volume Encryption %", + "title": "Cluster Compliant %", "transformations": [ { "id": "calculateField", "options": { + "alias": "CompliantCluster", "binary": { - "left": "encrypted", - "operator": "/", + "left": "TotalCluster", + "operator": "-", "reducer": "sum", - "right": "total" + "right": "NonCompliantCluster" }, "mode": "binary", "reduce": { "reducer": "sum" }, - "replaceFields": true + "replaceFields": false } }, { "id": "calculateField", "options": { "binary": { - "left": "encrypted / total", + "left": "CompliantCluster", + "operator": "/", + "reducer": "sum", + "right": "TotalCluster" + }, + "mode": "binary", + "reduce": { + "reducer": "sum" + } + } + }, + { + "id": "calculateField", + "options": { + "alias": "Compliant", + "binary": { + "left": "CompliantCluster / TotalCluster", "operator": "*", "reducer": "sum", "right": "100" @@ -202,7 +279,7 @@ }, { "datasource": "${DS_PROMETHEUS}", - "description": "This panel requires a cluster with ONTAP 9.10+ and the Harvest REST collector", + "description": "", "fieldConfig": { "defaults": { "color": { @@ -220,15 +297,57 @@ ] } }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Compliant" + }, + "properties": [ + { + "id": "max", + "value": 100 + }, + { + "id": "mappings", + "value": [ + { + "options": { + "-Infinity": { + "index": 1, + "text": "0" + }, + "Infinity": { + "index": 0, + "text": "0" + } + }, + "type": "value" + }, + { + "options": { + "from": -9999, + "result": { + "index": 2, + "text": "0" + }, + "to": -1 + }, + "type": "range" + } + ] + } + ] + } + ] }, "gridPos": { "h": 3, "w": 5, "x": 5, - "y": 1 + "y": 3 }, - "id": 208, + "id": 216, "options": { "colorMode": "value", "graphMode": "area", @@ -244,41 +363,69 @@ "text": {}, "textMode": "auto" }, - "pluginVersion": "8.3.4", + "pluginVersion": "8.1.8", "targets": [ { "datasource": "${DS_PROMETHEUS}", "exemplar": false, - "expr": "((count(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", svm=~\"$SVM\", antiRansomwareState !=\"\" , antiRansomwareState=~\"enabled|dry_run\"}) or vector (0)) / (count(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", svm=~\"$SVM\", antiRansomwareState !=\"\"}) or vector (1))) * 100", + "expr": "count(group by (datacenter, cluster, svm) ((svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", audit_protocol_enabled=\"false\"}) or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", scope=\"svm\", banner=\"\"} or (svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"} unless on (svm) security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm!=\"$Cluster\", svm=~\"$SVM\"}))) or vector(0)", "instant": true, "interval": "", - "legendFormat": "", + "legendFormat": "NonCompliantSvm", "refId": "A" + }, + { + "datasource": "${DS_PROMETHEUS}", + "exemplar": false, + "expr": "count(svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\",svm=~\"$SVM\"}) or vector (1) ", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "TotalSvm", + "refId": "B" } ], - "title": "Volume Anti-ransomware Status %", + "title": "SVM Compliant %", "transformations": [ { "id": "calculateField", "options": { + "alias": "CompliantSvm", "binary": { - "left": "encrypted", + "left": "TotalSvm", + "operator": "-", + "reducer": "sum", + "right": "NonCompliantSvm" + }, + "mode": "binary", + "reduce": { + "reducer": "sum" + }, + "replaceFields": false + } + }, + { + "id": "calculateField", + "options": { + "binary": { + "left": "CompliantSvm", "operator": "/", "reducer": "sum", - "right": "total" + "right": "TotalSvm" }, "mode": "binary", "reduce": { "reducer": "sum" }, - "replaceFields": true + "replaceFields": false } }, { "id": "calculateField", "options": { + "alias": "Compliant", "binary": { - "left": "encrypted / total", + "left": "CompliantSvm / TotalSvm", "operator": "*", "reducer": "sum", "right": "100" @@ -319,9 +466,9 @@ "h": 3, "w": 5, "x": 10, - "y": 1 + "y": 3 }, - "id": 210, + "id": 207, "options": { "colorMode": "value", "graphMode": "area", @@ -337,19 +484,29 @@ "text": {}, "textMode": "auto" }, - "pluginVersion": "8.3.4", + "pluginVersion": "8.1.8", "targets": [ { "datasource": "${DS_PROMETHEUS}", "exemplar": false, - "expr": "((count(svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", anti_ransomware_state!=\"\", anti_ransomware_state=~\"enabled|dry_run\"}) or vector (0))\n/\n(count(svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", anti_ransomware_state!=\"\"}) or vector (1))) * 100", + "expr": "(count(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", svm=~\"$SVM\", isEncrypted=\"true\"}) or vector (0))\n+\n(count(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", svm=~\"$SVM\", isHardwareEncrypted=\"true\"}) or vector (0) )", "instant": true, "interval": "", - "legendFormat": "", + "legendFormat": "encrypted", "refId": "A" + }, + { + "datasource": "${DS_PROMETHEUS}", + "exemplar": false, + "expr": "(count(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", svm=~\"$SVM\"}) or vector (1) )", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "total", + "refId": "B" } ], - "title": "SVM Anti-ransomware Status %", + "title": "Volume Encryption %", "transformations": [ { "id": "calculateField", @@ -388,94 +545,38 @@ }, { "datasource": "${DS_PROMETHEUS}", - "description": "", - "gridPos": { - "h": 1, - "w": 9, - "x": 15, - "y": 1 - }, - "id": 201, - "options": { - "content": "", - "mode": "markdown" - }, - "pluginVersion": "8.3.4", - "title": "Cluster Authentication Methods", - "type": "text" - }, - { - "datasource": "${DS_PROMETHEUS}", - "description": "", - "gridPos": { - "h": 1, - "w": 6, - "x": 15, - "y": 2 - }, - "id": 211, - "options": { - "content": "", - "mode": "markdown" - }, - "pluginVersion": "8.3.4", - "title": "Authentication Methods", - "type": "text" - }, - { - "datasource": "${DS_PROMETHEUS}", - "description": "", - "gridPos": { - "h": 1, - "w": 3, - "x": 21, - "y": 2 - }, - "id": 202, - "options": { - "content": "", - "mode": "markdown" - }, - "pluginVersion": "8.3.4", - "title": "Certificates", - "type": "text" - }, - { - "datasource": "${DS_PROMETHEUS}", - "description": "", + "description": "This panel requires a cluster with ONTAP 9.10+ and the Harvest REST collector", "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, + "decimals": 0, "mappings": [], - "noValue": "0", "thresholds": { "mode": "absolute", "steps": [ { - "color": "blue", + "color": "green", "value": null } ] - }, - "unit": "locale" + } }, "overrides": [] }, "gridPos": { - "h": 5, - "w": 3, + "h": 3, + "w": 4.5, "x": 15, "y": 3 }, - "id": 158, - "links": [], + "id": 208, "options": { "colorMode": "value", - "graphMode": "none", + "graphMode": "area", "justifyMode": "auto", - "orientation": "vertical", + "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" @@ -486,37 +587,50 @@ "text": {}, "textMode": "auto" }, - "pluginVersion": "8.3.4", + "pluginVersion": "8.1.8", "targets": [ { + "datasource": "${DS_PROMETHEUS}", "exemplar": false, - "expr": "count(count by (datacenter, cluster)(security_account_samluser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"} > 0)) or vector (0)", - "format": "table", - "hide": false, + "expr": "((count(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", svm=~\"$SVM\", antiRansomwareState !=\"\" , antiRansomwareState=~\"enabled|dry_run\"}) or vector (0)) / (count(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", svm=~\"$SVM\", antiRansomwareState !=\"\"}) or vector (1))) * 100", "instant": true, "interval": "", - "intervalFactor": 1, "legendFormat": "", "refId": "A" } ], - "title": "SAML", + "title": "Volume Anti-ransomware Status %", "transformations": [ { - "id": "merge", - "options": {} + "id": "calculateField", + "options": { + "binary": { + "left": "encrypted", + "operator": "/", + "reducer": "sum", + "right": "total" + }, + "mode": "binary", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } }, { - "id": "organize", + "id": "calculateField", "options": { - "excludeByName": { - "Value #A": true + "binary": { + "left": "encrypted / total", + "operator": "*", + "reducer": "sum", + "right": "100" }, - "indexByName": {}, - "renameByName": { - "cluster": "Cluster", - "security_certificate_labels{certificateExpiryStatus=\"expiring\", certificateIssuerType=\"self_signed\", cluster=\"F8080-32-25\", datacenter=\"DC-02\", instance=\"localhost:12984\", job=\"prometheus14\", name=\"F8080-32-25_1673D3449EB39B95\", scope=\"cluster\", serial_number=\"1673D3449EB39B95\", type=\"server\", uuid=\"d7bb8e95-9840-11eb-814a-00a0986abd71\"}": "" - } + "mode": "binary", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true } } ], @@ -530,34 +644,32 @@ "color": { "mode": "thresholds" }, + "decimals": 0, "mappings": [], - "noValue": "0", "thresholds": { "mode": "absolute", "steps": [ { - "color": "blue", + "color": "green", "value": null } ] - }, - "unit": "locale" + } }, "overrides": [] }, "gridPos": { - "h": 5, - "w": 3, - "x": 18, + "h": 3, + "w": 4.5, + "x": 19.5, "y": 3 }, - "id": 192, - "links": [], + "id": 210, "options": { "colorMode": "value", - "graphMode": "none", + "graphMode": "area", "justifyMode": "auto", - "orientation": "vertical", + "orientation": "auto", "reduceOptions": { "calcs": [ "lastNotNull" @@ -568,37 +680,50 @@ "text": {}, "textMode": "auto" }, - "pluginVersion": "8.3.4", + "pluginVersion": "8.1.8", "targets": [ { + "datasource": "${DS_PROMETHEUS}", "exemplar": false, - "expr": "(count(count by (datacenter, cluster) (security_account_activediruser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"} > 0)) + count(count by (datacenter, cluster) (security_account_ldapuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"} > 0))) or vector (0)", - "format": "table", - "hide": false, + "expr": "((count(svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", anti_ransomware_state!=\"\", anti_ransomware_state=~\"enabled|dry_run\"}) or vector (0))\n/\n(count(svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", anti_ransomware_state!=\"\"}) or vector (1))) * 100", "instant": true, "interval": "", - "intervalFactor": 1, "legendFormat": "", "refId": "A" } ], - "title": "AD/LDAP", + "title": "SVM Anti-ransomware Status %", "transformations": [ { - "id": "merge", - "options": {} - }, + "id": "calculateField", + "options": { + "binary": { + "left": "encrypted", + "operator": "/", + "reducer": "sum", + "right": "total" + }, + "mode": "binary", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true + } + }, { - "id": "organize", + "id": "calculateField", "options": { - "excludeByName": { - "Value #A": true + "binary": { + "left": "encrypted / total", + "operator": "*", + "reducer": "sum", + "right": "100" }, - "indexByName": {}, - "renameByName": { - "cluster": "Cluster", - "security_certificate_labels{certificateExpiryStatus=\"expiring\", certificateIssuerType=\"self_signed\", cluster=\"F8080-32-25\", datacenter=\"DC-02\", instance=\"localhost:12984\", job=\"prometheus14\", name=\"F8080-32-25_1673D3449EB39B95\", scope=\"cluster\", serial_number=\"1673D3449EB39B95\", type=\"server\", uuid=\"d7bb8e95-9840-11eb-814a-00a0986abd71\"}": "" - } + "mode": "binary", + "reduce": { + "reducer": "sum" + }, + "replaceFields": true } } ], @@ -610,81 +735,351 @@ "fieldConfig": { "defaults": { "color": { - "mode": "thresholds" + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } }, + "decimals": 0, "mappings": [], - "noValue": "0", - "thresholds": { - "mode": "absolute", - "steps": [ + "unit": "locale" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Compliant" + }, + "properties": [ { - "color": "dark-yellow", - "value": null + "id": "mappings", + "value": [ + { + "options": { + "-Infinity": { + "color": "semi-dark-green", + "index": 1, + "text": "0" + }, + "Infinity": { + "color": "semi-dark-green", + "index": 0, + "text": "0" + } + }, + "type": "value" + }, + { + "options": { + "from": -9999, + "result": { + "color": "semi-dark-green", + "index": 2, + "text": "0" + }, + "to": -1 + }, + "type": "range" + }, + { + "options": { + "from": 0, + "result": { + "color": "semi-dark-green", + "index": 3 + }, + "to": 9999 + }, + "type": "range" + } + ] } ] }, + { + "matcher": { + "id": "byName", + "options": "Non Compliant" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "from": 0, + "result": { + "color": "semi-dark-yellow", + "index": 0 + }, + "to": 99999 + }, + "type": "range" + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 13, + "w": 5, + "x": 0, + "y": 6 + }, + "id": 215, + "options": { + "displayLabels": [ + "value", + "percent" + ], + "legend": { + "displayMode": "table", + "placement": "bottom", + "values": [ + "value" + ] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": [ + "last" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "datasource": "${DS_PROMETHEUS}", + "exemplar": false, + "expr": "count (security_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\"}) or vector (0)", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "Total", + "refId": "A" + }, + { + "datasource": "${DS_PROMETHEUS}", + "exemplar": false, + "expr": "count(group by (datacenter, cluster)(support_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", asup_enabled=\"true\", asup_https_configured!=\"https\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", telnet_enabled=\"true\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", rsh_enabled=\"true\"} or group by (datacenter, cluster)(security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", hash_algorithm=\"md5\"}) > 0 or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"\"} or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"none\"} or group by (datacenter, cluster) (security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", locked=\"false\"}) > 0 or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"cluster\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$Cluster\"} or count by (datacenter, cluster) (ntpserver_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}) < 1 or security_audit_destination_status{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", protocol!=\"tcp_encrypted\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", fips_enabled=\"false\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", type=\"admin\", ciphers=~\".*_cbc.*\"} or group by (datacenter, cluster) ((svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", audit_protocol_enabled=\"false\"}) or security_ssh_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"svm\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}))) or vector(0)", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "Non Compliant", + "refId": "B" + } + ], + "title": "Cluster Compliant", + "transformations": [ + { + "id": "calculateField", + "options": { + "alias": "Compliant", + "binary": { + "left": "Total", + "operator": "-", + "reducer": "sum", + "right": "Non Compliant" + }, + "mode": "binary", + "reduce": { + "reducer": "sum" + }, + "replaceFields": false + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Total": true + }, + "indexByName": {}, + "renameByName": {} + } + } + ], + "type": "piechart" + }, + { + "datasource": "${DS_PROMETHEUS}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 0, + "mappings": [], "unit": "locale" }, - "overrides": [] + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Compliant" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "from": 0, + "result": { + "color": "semi-dark-green", + "index": 0 + }, + "to": 9999 + }, + "type": "range" + }, + { + "options": { + "from": -9999, + "result": { + "color": "semi-dark-green", + "index": 1, + "text": "0" + }, + "to": -1 + }, + "type": "range" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Not Compliant" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "from": 0, + "result": { + "color": "semi-dark-yellow", + "index": 0 + }, + "to": 99999 + }, + "type": "range" + } + ] + } + ] + } + ] }, "gridPos": { - "h": 5, - "w": 3, - "x": 21, - "y": 3 + "h": 13, + "w": 5, + "x": 5, + "y": 6 }, - "id": 193, - "links": [], + "id": 217, "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "vertical", + "displayLabels": [ + "value", + "percent" + ], + "legend": { + "displayMode": "table", + "placement": "bottom", + "values": [ + "value" + ] + }, + "pieType": "donut", "reduceOptions": { "calcs": [ - "lastNotNull" + "last" ], "fields": "", "values": false }, - "text": {}, - "textMode": "auto" + "tooltip": { + "mode": "single" + } }, - "pluginVersion": "8.3.4", + "pluginVersion": "8.1.2", "targets": [ { "datasource": "${DS_PROMETHEUS}", "exemplar": false, - "expr": "count(security_certificate_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", certificateExpiryStatus=\"expiring\"})", - "format": "time_series", + "expr": "count(svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\",svm=~\"$SVM\"}) or vector(1)", + "instant": true, + "interval": "", + "legendFormat": "Total", + "refId": "A" + }, + { + "datasource": "${DS_PROMETHEUS}", + "exemplar": false, + "expr": "count(group by (datacenter, cluster, svm) ((svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", audit_protocol_enabled=\"false\"}) or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", scope=\"svm\", banner=\"\"} or (svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"} unless on (svm) security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm!=\"$Cluster\", svm=~\"$SVM\"})))", "hide": false, "instant": true, "interval": "", - "legendFormat": "", + "legendFormat": "Not Compliant", "refId": "B" } ], - "title": "Expiring in < 60 days", + "title": "SVM Compliant", "transformations": [ { - "id": "merge", - "options": {} + "id": "calculateField", + "options": { + "alias": "Compliant", + "binary": { + "left": "Total", + "operator": "-", + "reducer": "sum", + "right": "Not Compliant" + }, + "mode": "binary", + "reduce": { + "reducer": "sum" + }, + "replaceFields": false + } }, { "id": "organize", "options": { "excludeByName": { - "Value #A": true + "Time": true, + "Total": true }, "indexByName": {}, - "renameByName": { - "cluster": "Cluster", - "security_certificate_labels{certificateExpiryStatus=\"expiring\", certificateIssuerType=\"self_signed\", cluster=\"F8080-32-25\", datacenter=\"DC-02\", instance=\"localhost:12984\", job=\"prometheus14\", name=\"F8080-32-25_1673D3449EB39B95\", scope=\"cluster\", serial_number=\"1673D3449EB39B95\", type=\"server\", uuid=\"d7bb8e95-9840-11eb-814a-00a0986abd71\"}": "" - } + "renameByName": {} } } ], - "type": "stat" + "type": "piechart" }, { "datasource": "${DS_PROMETHEUS}", @@ -710,8 +1105,8 @@ "gridPos": { "h": 13, "w": 5, - "x": 0, - "y": 4 + "x": 10, + "y": 6 }, "id": 204, "options": { @@ -807,9 +1202,9 @@ }, "gridPos": { "h": 13, - "w": 5, - "x": 5, - "y": 4 + "w": 4.5, + "x": 15, + "y": 6 }, "id": 205, "options": { @@ -905,9 +1300,9 @@ }, "gridPos": { "h": 13, - "w": 5, - "x": 10, - "y": 4 + "w": 4.5, + "x": 19.5, + "y": 6 }, "id": 209, "options": { @@ -962,9 +1357,63 @@ { "datasource": "${DS_PROMETHEUS}", "description": "", - "fieldConfig": { - "defaults": { - "color": { + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 201, + "options": { + "content": "", + "mode": "markdown" + }, + "pluginVersion": "8.1.8", + "title": "Cluster Authentication Methods", + "type": "text" + }, + { + "datasource": "${DS_PROMETHEUS}", + "description": "", + "gridPos": { + "h": 1, + "w": 16, + "x": 0, + "y": 20 + }, + "id": 211, + "options": { + "content": "", + "mode": "markdown" + }, + "pluginVersion": "8.1.8", + "title": "Authentication Methods", + "type": "text" + }, + { + "datasource": "${DS_PROMETHEUS}", + "description": "", + "gridPos": { + "h": 1, + "w": 8, + "x": 16, + "y": 20 + }, + "id": 202, + "options": { + "content": "", + "mode": "markdown" + }, + "pluginVersion": "8.1.8", + "title": "Certificates", + "type": "text" + }, + { + "datasource": "${DS_PROMETHEUS}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { "mode": "thresholds" }, "mappings": [], @@ -984,11 +1433,11 @@ }, "gridPos": { "h": 5, - "w": 3, - "x": 15, - "y": 8 + "w": 4, + "x": 0, + "y": 21 }, - "id": 190, + "id": 158, "links": [], "options": { "colorMode": "value", @@ -1005,11 +1454,11 @@ "text": {}, "textMode": "auto" }, - "pluginVersion": "8.3.4", + "pluginVersion": "8.1.8", "targets": [ { "exemplar": false, - "expr": "count(count by (datacenter, cluster) (security_account_certificateuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"} > 0)) or vector (0)", + "expr": "count(count by (datacenter, cluster)(security_account_samluser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"} > 0)) or vector (0)", "format": "table", "hide": false, "instant": true, @@ -1019,7 +1468,7 @@ "refId": "A" } ], - "title": "Certificate", + "title": "SAML", "transformations": [ { "id": "merge", @@ -1066,11 +1515,11 @@ }, "gridPos": { "h": 5, - "w": 3, - "x": 18, - "y": 8 + "w": 4, + "x": 4, + "y": 21 }, - "id": 194, + "id": 192, "links": [], "options": { "colorMode": "value", @@ -1087,11 +1536,11 @@ "text": {}, "textMode": "auto" }, - "pluginVersion": "8.3.4", + "pluginVersion": "8.1.8", "targets": [ { "exemplar": false, - "expr": "count(count by (datacenter, cluster) (security_account_localuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"} > 0)) or vector (0)", + "expr": "(count(count by (datacenter, cluster) (security_account_activediruser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"} > 0)) + count(count by (datacenter, cluster) (security_account_ldapuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"} > 0))) or vector (0)", "format": "table", "hide": false, "instant": true, @@ -1101,7 +1550,7 @@ "refId": "A" } ], - "title": "Local", + "title": "AD/LDAP", "transformations": [ { "id": "merge", @@ -1137,7 +1586,7 @@ "mode": "absolute", "steps": [ { - "color": "dark-red", + "color": "blue", "value": null } ] @@ -1148,11 +1597,11 @@ }, "gridPos": { "h": 5, - "w": 3, - "x": 21, - "y": 8 + "w": 4, + "x": 8, + "y": 21 }, - "id": 191, + "id": 190, "links": [], "options": { "colorMode": "value", @@ -1169,11 +1618,11 @@ "text": {}, "textMode": "auto" }, - "pluginVersion": "8.3.4", + "pluginVersion": "8.1.8", "targets": [ { "exemplar": false, - "expr": "count(security_certificate_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", certificateExpiryStatus=\"expired\"})", + "expr": "count(count by (datacenter, cluster) (security_account_certificateuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"} > 0)) or vector (0)", "format": "table", "hide": false, "instant": true, @@ -1183,7 +1632,7 @@ "refId": "A" } ], - "title": "Expired", + "title": "Certificate", "transformations": [ { "id": "merge", @@ -1206,114 +1655,360 @@ "type": "stat" }, { - "collapsed": true, "datasource": "${DS_PROMETHEUS}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "blue", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 17 + "h": 5, + "w": 4, + "x": 12, + "y": 21 }, - "id": 12, - "panels": [ + "id": 194, + "links": [], + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.8", + "targets": [ { - "datasource": "${DS_PROMETHEUS}", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "transparent", - "mode": "fixed" - }, - "custom": { - "align": "left", - "displayMode": "auto", - "filterable": true - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } + "exemplar": false, + "expr": "count(count by (datacenter, cluster) (security_account_localuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"} > 0)) or vector (0)", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Local", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Value #A": true }, - "overrides": [ + "indexByName": {}, + "renameByName": { + "cluster": "Cluster", + "security_certificate_labels{certificateExpiryStatus=\"expiring\", certificateIssuerType=\"self_signed\", cluster=\"F8080-32-25\", datacenter=\"DC-02\", instance=\"localhost:12984\", job=\"prometheus14\", name=\"F8080-32-25_1673D3449EB39B95\", scope=\"cluster\", serial_number=\"1673D3449EB39B95\", type=\"server\", uuid=\"d7bb8e95-9840-11eb-814a-00a0986abd71\"}": "" + } + } + } + ], + "type": "stat" + }, + { + "datasource": "${DS_PROMETHEUS}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ { - "matcher": { - "id": "byName", - "options": "Encryption Type" - }, - "properties": [ - { - "id": "custom.filterable", - "value": true - }, - { - "id": "mappings", - "value": [ - { - "options": { - "falsefalse": { - "index": 0, - "text": "None" - }, - "falsetrue": { - "index": 1, - "text": "Software" - }, - "truefalse": { - "index": 2, - "text": "Hardware" - }, - "truetrue": { - "index": 3, - "text": "Both" - } - }, - "type": "value" - }, - { - "options": { - "match": "empty", - "result": { - "index": 4, - "text": "None" - } - }, - "type": "special" - } - ] - } - ] + "color": "dark-yellow", + "value": null } ] }, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 155, - "options": { - "showHeader": true, - "sortBy": [] - }, - "pluginVersion": "8.1.8", - "targets": [ - { - "exemplar": false, - "expr": "volume_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}", - "format": "table", - "instant": true, - "interval": "", - "legendFormat": "", - "refId": "A" - } - ], + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 4, + "x": 16, + "y": 21 + }, + "id": 193, + "links": [], + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.8", + "targets": [ + { + "datasource": "${DS_PROMETHEUS}", + "exemplar": false, + "expr": "count(security_certificate_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", certificateExpiryStatus=\"expiring\"})", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "Expiring in < 60 days", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Value #A": true + }, + "indexByName": {}, + "renameByName": { + "cluster": "Cluster", + "security_certificate_labels{certificateExpiryStatus=\"expiring\", certificateIssuerType=\"self_signed\", cluster=\"F8080-32-25\", datacenter=\"DC-02\", instance=\"localhost:12984\", job=\"prometheus14\", name=\"F8080-32-25_1673D3449EB39B95\", scope=\"cluster\", serial_number=\"1673D3449EB39B95\", type=\"server\", uuid=\"d7bb8e95-9840-11eb-814a-00a0986abd71\"}": "" + } + } + } + ], + "type": "stat" + }, + { + "datasource": "${DS_PROMETHEUS}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-red", + "value": null + } + ] + }, + "unit": "locale" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 4, + "x": 20, + "y": 21 + }, + "id": 191, + "links": [], + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "vertical", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "8.1.8", + "targets": [ + { + "exemplar": false, + "expr": "count(security_certificate_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", certificateExpiryStatus=\"expired\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Expired", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Value #A": true + }, + "indexByName": {}, + "renameByName": { + "cluster": "Cluster", + "security_certificate_labels{certificateExpiryStatus=\"expiring\", certificateIssuerType=\"self_signed\", cluster=\"F8080-32-25\", datacenter=\"DC-02\", instance=\"localhost:12984\", job=\"prometheus14\", name=\"F8080-32-25_1673D3449EB39B95\", scope=\"cluster\", serial_number=\"1673D3449EB39B95\", type=\"server\", uuid=\"d7bb8e95-9840-11eb-814a-00a0986abd71\"}": "" + } + } + } + ], + "type": "stat" + }, + { + "collapsed": true, + "datasource": "${DS_PROMETHEUS}", + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 26 + }, + "id": 12, + "panels": [ + { + "datasource": "${DS_PROMETHEUS}", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "transparent", + "mode": "fixed" + }, + "custom": { + "align": "left", + "displayMode": "auto", + "filterable": true + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Encryption Type" + }, + "properties": [ + { + "id": "custom.filterable", + "value": true + }, + { + "id": "mappings", + "value": [ + { + "options": { + "falsefalse": { + "index": 0, + "text": "None" + }, + "falsetrue": { + "index": 1, + "text": "Software" + }, + "truefalse": { + "index": 2, + "text": "Hardware" + }, + "truetrue": { + "index": 3, + "text": "Both" + } + }, + "type": "value" + }, + { + "options": { + "match": "empty", + "result": { + "index": 4, + "text": "None" + } + }, + "type": "special" + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 155, + "options": { + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "8.1.8", + "targets": [ + { + "exemplar": false, + "expr": "volume_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], "title": "Volume Encryption", "transformations": [ { @@ -1396,7 +2091,7 @@ "h": 1, "w": 24, "x": 0, - "y": 18 + "y": 27 }, "id": 16, "panels": [ @@ -1591,7 +2286,7 @@ "h": 1, "w": 24, "x": 0, - "y": 19 + "y": 28 }, "id": 196, "panels": [ @@ -1683,7 +2378,7 @@ "h": 7, "w": 24, "x": 0, - "y": 21 + "y": 6 }, "id": 183, "options": { @@ -1753,16 +2448,2287 @@ ], "title": "Volume Anti-ransomware Status", "type": "row" - } - ], - "refresh": "", - "schemaVersion": 30, - "style": "dark", - "tags": [ - "harvest", - "ontap", - "cdot", - "fsx" + }, + { + "collapsed": true, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 223, + "panels": [ + { + "datasource": "${DS_PROMETHEUS}", + "description": "❌ means this attribute is non-compliant", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "transparent", + "mode": "fixed" + }, + "custom": { + "align": "left", + "displayMode": "auto", + "filterable": true + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Autosupport Https Transport" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 0, + "text": "❌ Disabled" + }, + "true": { + "index": 1, + "text": "Enabled" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 2, + "text": "❌ Disabled" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.width", + "value": 231 + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Default Admin User" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 0, + "text": "Disabled" + }, + "true": { + "index": 1, + "text": "❌ Enabled" + } + }, + "type": "value" + } + ] + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "custom.width", + "value": 165 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "MD5 in use" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 1, + "text": "No" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "No" + } + }, + "type": "special" + }, + { + "options": { + "from": 1, + "result": { + "index": 2, + "text": "❌ Yes" + }, + "to": 99999999 + }, + "type": "range" + } + ] + }, + { + "id": "custom.width", + "value": 114 + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Remote Shell" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 0, + "text": "Disabled" + }, + "true": { + "index": 1, + "text": "❌ Enabled" + } + }, + "type": "value" + }, + { + "options": { + "match": "empty", + "result": { + "index": 2, + "text": "Disabled" + } + }, + "type": "special" + }, + { + "options": { + "match": "null", + "result": { + "index": 3, + "text": "Disabled" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.width", + "value": 122 + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Telnet" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 0, + "text": "Disabled" + }, + "true": { + "index": 1, + "text": "❌ Enabled" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 2, + "text": "Disabled" + } + }, + "type": "special" + }, + { + "options": { + "match": "empty", + "result": { + "index": 3, + "text": "Disabled" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.width", + "value": 99 + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Global FIPS" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 0, + "text": "❌ Disabled" + }, + "true": { + "index": 1, + "text": "Enabled" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 2, + "text": "❌ Disabled" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.width", + "value": 112 + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Insecure SSH Settings" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "true": { + "index": 0, + "text": "❌ Yes" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 1, + "text": "No" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "custom.width", + "value": 186 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Login Banner" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "match": "empty", + "result": { + "index": 0, + "text": "❌ Disabled" + } + }, + "type": "special" + }, + { + "options": { + "match": "nan", + "result": { + "index": 1, + "text": "Enabled" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.width", + "value": 126 + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Network Time Protocol" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "❌ Not Configured" + }, + "1": { + "index": 1, + "text": "❌ 1 out of 3" + }, + "2": { + "index": 2, + "text": "❌ 2 out of 3" + } + }, + "type": "value" + }, + { + "options": { + "from": 3, + "result": { + "index": 3, + "text": "Configured" + }, + "to": 9999 + }, + "type": "range" + } + ] + }, + { + "id": "custom.width", + "value": 169 + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Local Users" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "Unconfigured" + } + }, + "type": "value" + }, + { + "options": { + "from": 1, + "result": { + "index": 1, + "text": "Configured" + }, + "to": 9999 + }, + "type": "range" + } + ] + }, + { + "id": "custom.width", + "value": 119 + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Certificate Users" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "Unconfigured" + } + }, + "type": "value" + }, + { + "options": { + "from": 1, + "result": { + "index": 1, + "text": "Configured" + }, + "to": 9999 + }, + "type": "range" + } + ] + }, + { + "id": "custom.width", + "value": 159 + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Saml Users" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "Unconfigured" + } + }, + "type": "value" + }, + { + "options": { + "from": 1, + "result": { + "index": 1, + "text": "Configured" + }, + "to": 9999 + }, + "type": "range" + } + ] + }, + { + "id": "custom.width", + "value": 121 + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Ldap Users" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "Unconfigured" + } + }, + "type": "value" + }, + { + "options": { + "from": 1, + "result": { + "index": 1, + "text": "Configured" + }, + "to": 9999 + }, + "type": "range" + } + ] + }, + { + "id": "custom.width", + "value": 124 + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Active Directory Users" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "Unconfigured" + } + }, + "type": "value" + }, + { + "options": { + "from": 1, + "result": { + "index": 1, + "text": "Configured" + }, + "to": 9999 + }, + "type": "range" + } + ] + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "custom.width", + "value": 185 + }, + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Cluster Peering" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 1, + "text": "Encrypted" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "Not Peered" + } + }, + "type": "special" + }, + { + "options": { + "from": 1, + "result": { + "index": 2, + "text": "❌ Not Encrypted" + }, + "to": 9999999999 + }, + "type": "range" + } + ] + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "custom.width", + "value": 135 + }, + { + "id": "unit", + "value": "short" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Cluster Certificate Validity" + }, + "properties": [ + { + "id": "custom.filterable", + "value": true + }, + { + "id": "mappings", + "value": [ + { + "options": { + "active": { + "index": 0, + "text": "Active" + }, + "expired": { + "index": 2, + "text": "❌ Expired" + }, + "expiring": { + "index": 1, + "text": "Active (Expiring < 60 days)" + }, + "unknown": { + "index": 3, + "text": "Unknown" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 4, + "text": "Unknown" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.width", + "value": 206 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Certificate Issuer Type" + }, + "properties": [ + { + "id": "custom.filterable", + "value": true + }, + { + "id": "mappings", + "value": [ + { + "options": { + "ca_signed": { + "index": 1, + "text": "CA-Signed" + }, + "self_signed": { + "index": 0, + "text": "Self-Signed" + }, + "unknown": { + "index": 2, + "text": "Unknown" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 3, + "text": "Unknown" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.width", + "value": 187 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Compliant" + }, + "properties": [ + { + "id": "custom.filterable", + "value": true + }, + { + "id": "mappings", + "value": [ + { + "options": { + "1": { + "index": 0, + "text": "❌ No" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 1, + "text": "Yes" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.width", + "value": 115 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Snapshot Policy" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "Enabled" + } + }, + "type": "value" + }, + { + "options": { + "from": 1, + "result": { + "index": 1, + "text": "❌ Disabled" + }, + "to": 9999 + }, + "type": "range" + } + ] + }, + { + "id": "custom.width", + "value": 135 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Snapshot Autodelete" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "No" + } + }, + "type": "value" + }, + { + "options": { + "from": 1, + "result": { + "index": 1, + "text": "❌ Yes" + }, + "to": 9999 + }, + "type": "range" + } + ] + }, + { + "id": "custom.width", + "value": 170 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ARW Protection for SVMs" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "Configured" + } + }, + "type": "value" + }, + { + "options": { + "from": 1, + "result": { + "index": 1, + "text": "❌ Not Configured" + }, + "to": 9999 + }, + "type": "range" + }, + { + "options": { + "match": "null", + "result": { + "index": 2, + "text": "❌ Not Configured" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.width", + "value": 195 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "ARW Protection for Volumes" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "Learning Mode": { + "index": 3, + "text": "❌ Learning Mode" + }, + "Not Monitoring": { + "index": 1, + "text": "❌ Not Monitoring" + }, + "Switch to Active Mode": { + "index": 2, + "text": "❌ Switch to Active Mode" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "❌ Not Applicable" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.width", + "value": 218 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Notifications Configured" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "❌ Not Configured" + } + }, + "type": "value" + }, + { + "options": { + "from": 1, + "result": { + "index": 1, + "text": "Configured" + }, + "to": 9999 + }, + "type": "range" + }, + { + "options": { + "match": "null", + "result": { + "index": 2, + "text": "Not Applicable" + } + }, + "type": "special" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Automatic Updates Configured" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 0, + "text": "❌ Not Configured" + }, + "true": { + "index": 1, + "text": "Configured" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 2, + "text": "Not Applicable" + } + }, + "type": "special" + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 7 + }, + "id": 219, + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [] + }, + "pluginVersion": "8.1.8", + "targets": [ + { + "exemplar": false, + "expr": "support_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", asup_https_configured=\"https\"}", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + }, + { + "exemplar": false, + "expr": "security_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\"}", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "B" + }, + { + "exemplar": false, + "expr": "security_account_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", methods=~\".*password.*\",role_name=\"admin\", user_name=\"admin\"}", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "C" + }, + { + "exemplar": false, + "expr": "count by (datacenter,cluster,hash_algorithm)(security_account_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", hash_algorithm=\"md5\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "D" + }, + { + "exemplar": false, + "expr": "count by (datacenter, cluster, insecured)(svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", insecured=\"true\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "E" + }, + { + "exemplar": false, + "expr": "security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\",scope=\"cluster\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$Cluster\"}", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "F" + }, + { + "exemplar": false, + "expr": "count by (datacenter, cluster) (ntpserver_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "G" + }, + { + "exemplar": false, + "expr": "sum by (datacenter, cluster) (cluster_peer_non_encrypted{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "J" + }, + { + "exemplar": false, + "expr": "sum by (datacenter, cluster) (security_account_localuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "K" + }, + { + "exemplar": false, + "expr": "sum by (datacenter, cluster) (security_account_samluser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "I" + }, + { + "exemplar": false, + "expr": "sum by (datacenter, cluster) (security_account_activediruser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "L" + }, + { + "exemplar": false, + "expr": "sum by (datacenter, cluster) (security_account_ldapuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "M" + }, + { + "exemplar": false, + "expr": "sum by (datacenter, cluster) (security_account_certificateuser{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "N" + }, + { + "exemplar": false, + "expr": "security_certificate_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "O" + }, + { + "exemplar": false, + "expr": "group by (datacenter, cluster)(support_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", asup_enabled=\"true\", asup_https_configured!=\"https\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", telnet_enabled=\"true\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", rsh_enabled=\"true\"} or group by (datacenter, cluster)(security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", hash_algorithm=\"md5\"}) > 0 or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"\"} or cluster_peer_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", encryption_state=\"none\"} or group by (datacenter, cluster) (security_account_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", locked=\"false\"}) > 0 or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"cluster\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$Cluster\"} or count by (datacenter, cluster) (ntpserver_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}) < 1 or security_audit_destination_status{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", protocol!=\"tcp_encrypted\"} or security_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", fips_enabled=\"false\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", type=\"admin\", ciphers=~\".*_cbc.*\"} or group by (datacenter, cluster) ((svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", audit_protocol_enabled=\"false\"}) or security_ssh_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\", scope=\"svm\", banner=\"\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"} or sum by (datacenter, cluster)(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",snapshot_policy=\"none\"}) > 0 or sum by (datacenter, cluster)(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",snapshot_autodelete=\"true\"}) > 0 or sum by (datacenter, cluster)(svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",anti_ransomware_state=~\"|.*disabled\",type=\"data\"}) > 0 or volume_arw_status{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",ArwStatus!=\"Active Mode\"} * on (instance) group_left() metadata_collector_instances{datacenter=~\"$Datacenter\",collector=\"Rest\", object=\"Volume\"} or count by (datacenter, cluster)(ems_destination_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}) > 0 or support_auto_update_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",auto_update_enabled=\"false\"}))", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "P" + }, + { + "exemplar": false, + "expr": "sum by (datacenter, cluster)(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",snapshot_policy=\"none\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "H" + }, + { + "exemplar": false, + "expr": "sum by (datacenter, cluster)(volume_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",snapshot_autodelete=\"true\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "Q" + }, + { + "exemplar": false, + "expr": "sum by (datacenter, cluster)(svm_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",anti_ransomware_state=~\"|.*disabled\",type=\"data\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "R" + }, + { + "exemplar": false, + "expr": "volume_arw_status{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"} * on (instance) group_left() metadata_collector_instances{datacenter=~\"$Datacenter\",collector=\"Rest\", object=\"Volume\"}", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "S" + }, + { + "exemplar": false, + "expr": "count by (datacenter, cluster)(ems_destination_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "T" + }, + { + "exemplar": false, + "expr": "support_auto_update_labels{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"}", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "U" + } + ], + "title": "Cluster Compliance", + "transformations": [ + { + "id": "filterFieldsByName", + "options": { + "include": { + "names": [ + "asup_enabled", + "cluster", + "fips_enabled", + "rsh_enabled", + "telnet_enabled", + "locked", + "Value #K", + "Value #I", + "Value #L", + "Value #M", + "Value #N", + "certificateExpiryStatus", + "certificateIssuerType", + "Value #P", + "Value #H", + "Value #Q", + "Value #R", + "Value #T", + "auto_update_enabled", + "ArwStatus" + ] + } + } + }, + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Time 1": true, + "Time 2": true, + "Value #B": true, + "Value #D": false, + "Value #E": false, + "Value #G": false, + "Value #S": true, + "Value #T": false, + "__name__": true, + "__name__ 1": true, + "__name__ 2": true, + "datacenter": false, + "datacenter 1": true, + "datacenter 2": true, + "fips_enabled": false, + "hash_algorithm": false, + "instance": true, + "instance 1": true, + "instance 2": true, + "job": true, + "job 1": true, + "job 2": true, + "locked": false, + "methods": true + }, + "indexByName": { + "ArwStatus": 6, + "Value #H": 2, + "Value #I": 13, + "Value #K": 17, + "Value #L": 14, + "Value #M": 15, + "Value #N": 16, + "Value #P": 0, + "Value #Q": 3, + "Value #R": 4, + "Value #S": 5, + "asup_enabled": 10, + "certificateExpiryStatus": 7, + "certificateIssuerType": 18, + "cluster": 1, + "datacenter": 19, + "fips_enabled": 8, + "locked": 11, + "rsh_enabled": 12, + "telnet_enabled": 9 + }, + "renameByName": { + "ArwStatus": "ARW Protection for Volumes", + "Value #A": "Autosupport Https Transport", + "Value #C": "Default Admin User", + "Value #D": "MD5 in use", + "Value #G": "Network Time Protocol", + "Value #H": "Snapshot Policy", + "Value #I": "Saml Users", + "Value #J": "Cluster Peering", + "Value #K": "Local Users", + "Value #L": "Active Directory Users", + "Value #M": "Ldap Users", + "Value #N": "Certificate Users", + "Value #P": "Compliant", + "Value #Q": "Snapshot Autodelete", + "Value #R": "ARW Protection for SVMs", + "Value #S": "Volumes Monitored for ARW Protection", + "Value #T": "Notifications Configured", + "activediruser": "Active Directory Users", + "asupEnabled": "", + "asupHttpsConfigured": "", + "asup_enabled": "Autosupport Https Transport", + "auto_update_enabled": "Automatic Updates Configured", + "banner": "Login Banner", + "certificateExpiryStatus": "Cluster Certificate Validity", + "certificateIssuerType": "Certificate Issuer Type", + "certificateuser": "Certificate Users", + "cluster": "Cluster", + "encryption_state": "Cluster Peering", + "fips_enabled": "Global FIPS", + "insecured": "Insecure SSH Settings", + "ldapuser": "Ldap Users", + "localuser": "Local Users", + "locked": "Default Admin User", + "ntp": "Network Time Protocol", + "rsh_enabled": "Remote Shell", + "samluser": "Saml Users", + "telnet_enabled": "Telnet" + } + } + } + ], + "type": "table" + } + ], + "title": "Cluster Compliance", + "type": "row" + }, + { + "collapsed": true, + "datasource": null, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 30 + }, + "id": 227, + "panels": [ + { + "datasource": "${DS_PROMETHEUS}", + "description": "❌ means this attribute is non-compliant", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "transparent", + "mode": "fixed" + }, + "custom": { + "align": "left", + "displayMode": "auto", + "filterable": true + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "cluster" + }, + "properties": [ + { + "id": "displayName", + "value": "Cluster" + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Login Banner" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "match": "empty", + "result": { + "index": 0, + "text": "❌ Disabled" + } + }, + "type": "special" + }, + { + "options": { + "match": "null", + "result": { + "index": 1, + "text": "❌ Disabled" + } + }, + "type": "special" + }, + { + "options": { + "match": "nan", + "result": { + "index": 2, + "text": "Enabled" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Audit Log" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 1, + "text": "❌ Disabled" + }, + "true": { + "index": 0, + "text": "Enabled" + } + }, + "type": "value" + }, + { + "options": { + "match": "empty", + "result": { + "index": 2, + "text": "N/A" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "LDAP Payload Signing" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "Disabled" + }, + "1": { + "index": 1, + "text": "Enabled" + } + }, + "type": "value" + } + ] + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "unit", + "value": "locale" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Insecure SSH Settings" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "true": { + "index": 0, + "text": "❌ Yes" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 1, + "text": "No" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "NTML Authentication" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "lm_ntlm_ntlmv2_krb": { + "index": 0, + "text": "Enabled" + }, + "ntlm_ntlmv2_krb": { + "index": 1, + "text": "Enabled" + }, + "ntlmv2_krb": { + "index": 2, + "text": "Enabled" + } + }, + "type": "value" + }, + { + "options": { + "match": "nan", + "result": { + "index": 3, + "text": "❌ Disabled" + } + }, + "type": "special" + }, + { + "options": { + "match": "empty", + "result": { + "index": 4, + "text": "N/A" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "LDAP Encryption" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "0": { + "index": 0, + "text": "Disabled" + }, + "1": { + "index": 1, + "text": "Enabled" + } + }, + "type": "value" + } + ] + }, + { + "id": "custom.filterable", + "value": true + }, + { + "id": "unit", + "value": "locale" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SMB Encryption Enabled" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 1, + "text": "Disabled" + }, + "true": { + "index": 0, + "text": "Enabled" + } + }, + "type": "value" + }, + { + "options": { + "match": "empty", + "result": { + "index": 2, + "text": "N/A" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SMB Signing Enabled" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 0, + "text": "Disabled" + }, + "true": { + "index": 1, + "text": "Enabled" + } + }, + "type": "value" + }, + { + "options": { + "match": "empty", + "result": { + "index": 2, + "text": "N/A" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Kerberos V5" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 1, + "text": "Disabled" + }, + "true": { + "index": 0, + "text": "Enabled" + } + }, + "type": "value" + }, + { + "options": { + "match": "empty", + "result": { + "index": 2, + "text": "N/A" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "CHAP Settings" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "pattern": ".*chap.*", + "result": { + "index": 0, + "text": "Enabled" + } + }, + "type": "regex" + }, + { + "options": { + "match": "nan", + "result": { + "index": 1, + "text": "Disabled" + } + }, + "type": "special" + }, + { + "options": { + "match": "empty", + "result": { + "index": 2, + "text": "N/A" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "NIS Authentication" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 1, + "text": "Disabled" + }, + "true": { + "index": 0, + "text": "❌ Enabled" + } + }, + "type": "value" + }, + { + "options": { + "match": "empty", + "result": { + "index": 2, + "text": "N/A" + } + }, + "type": "special" + } + ] + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Fpolicy Status Active" + }, + "properties": [ + { + "id": "mappings", + "value": [ + { + "options": { + "false": { + "index": 1, + "text": "Disabled" + }, + "true": { + "index": 0, + "text": "Enabled" + } + }, + "type": "value" + } + ] + }, + { + "id": "custom.filterable", + "value": true + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SVM" + }, + "properties": [ + { + "id": "custom.width", + "value": 150 + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Compliant" + }, + "properties": [ + { + "id": "custom.filterable", + "value": true + }, + { + "id": "mappings", + "value": [ + { + "options": { + "1": { + "index": 1, + "text": "❌ No" + } + }, + "type": "value" + }, + { + "options": { + "match": "null", + "result": { + "index": 0, + "text": "Yes" + } + }, + "type": "special" + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 13, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 225, + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": false, + "displayName": "Compliant" + } + ] + }, + "pluginVersion": "8.1.8", + "targets": [ + { + "exemplar": false, + "expr": "svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + }, + { + "exemplar": false, + "expr": "security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", scope=\"svm\", svm=~\"$SVM\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm!=\"$Cluster\", svm=~\"$SVM\"}", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "C" + }, + { + "exemplar": false, + "expr": "count by (datacenter, cluster, insecured)(svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", insecured=\"true\"})", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "E" + }, + { + "exemplar": false, + "expr": "svm_ldap_signed{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "G" + }, + { + "exemplar": false, + "expr": "svm_ldap_encrypted{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"}", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "I" + }, + { + "exemplar": false, + "expr": "group by (datacenter, cluster, svm) ((svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", cifs_protocol_enabled=\"true\"} or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", nfs_protocol_enabled=\"true\"} and svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", audit_protocol_enabled=\"false\"}) or svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", ciphers=~\".*_cbc.*\"} or security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\", scope=\"svm\", banner=\"\"} or (svm_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm=~\"$SVM\"} unless on (svm) security_login_labels{datacenter=~\"$Datacenter\", cluster=~\"$Cluster\", svm!=\"$Cluster\", svm=~\"$SVM\"}))", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "B" + } + ], + "title": "SVM Compliance", + "transformations": [ + { + "id": "filterFieldsByName", + "options": { + "include": { + "names": [ + "audit_protocol_enabled", + "cifs_ntlm_enabled", + "cluster", + "iscsi_authentication_type", + "nfs_kerberos_protocol_enabled", + "nis_authentication_enabled", + "smb_encryption_required", + "smb_signing_required", + "svm", + "banner", + "insecured", + "Value #G", + "Value #I", + "Value #B" + ] + } + } + }, + { + "id": "merge", + "options": {} + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Time 1": true, + "Time 2": true, + "Value #B": false, + "Value #C": true, + "Value #D": false, + "Value #E": false, + "Value #G": false, + "__name__": true, + "__name__ 1": true, + "__name__ 2": true, + "audit_protocol_enabled": false, + "banner": false, + "cifs_ntlm_enabled": false, + "datacenter": true, + "datacenter 1": true, + "datacenter 2": true, + "fips_enabled": false, + "hash_algorithm": false, + "instance": true, + "instance 1": true, + "instance 2": true, + "iscsi_authentication_type": false, + "job": true, + "job 1": true, + "job 2": true, + "locked": true, + "methods": true, + "nfs_kerberos_protocol_enabled": false, + "smb_encryption_required": false, + "smb_signing_required": false + }, + "indexByName": { + "Value #B": 0, + "Value #G": 9, + "Value #I": 8, + "audit_protocol_enabled": 4, + "banner": 3, + "cifs_ntlm_enabled": 7, + "cluster": 1, + "insecured": 5, + "iscsi_authentication_type": 10, + "nfs_kerberos_protocol_enabled": 11, + "nis_authentication_enabled": 6, + "smb_encryption_required": 12, + "smb_signing_required": 13, + "svm": 2 + }, + "renameByName": { + "Value #A": "Autosupport Https Transport", + "Value #B": "Compliant", + "Value #D": "MD5 in use", + "Value #E": "", + "Value #G": "LDAP Payload Signing", + "Value #I": "LDAP Encryption", + "activediruser": "Active Directory Users", + "asupEnabled": "", + "asupHttpsConfigured": "", + "audit_protocol_enabled": "Audit Log", + "banner": "Login Banner", + "certificateuser": "Certificate Users", + "cifs_ntlm_enabled": "NTML Authentication", + "cluster": "", + "fips_enabled": "Global FIPS", + "fpolicy_enabled": "Fpolicy Status Active", + "insecured": "Insecure SSH Settings", + "iscsi_authentication_type": "CHAP Settings", + "ldapuser": "Ldap Users", + "localuser": "Local Users", + "nfs_kerberos_protocol_enabled": "Kerberos V5", + "nis_authentication_enabled": "NIS Authentication", + "nis_domain": "NIS Authentication", + "ntp": "Network Time Protocol", + "rsh_enabled": "Remote Shell", + "samluser": "Saml Users", + "smb_encryption_required": "SMB Encryption Enabled", + "smb_signing_required": "SMB Signing Enabled", + "svm": "SVM", + "telnet_enabled": "Telnet" + } + } + } + ], + "type": "table" + } + ], + "title": "SVM Compliance", + "type": "row" + } + ], + "refresh": "", + "schemaVersion": 30, + "style": "dark", + "tags": [ + "harvest", + "ontap", + "cdot", + "fsx" ], "templating": { "list": [ @@ -1789,7 +4755,7 @@ { "allValue": null, "current": { - "selected": false, + "selected": true, "text": [ "rest", "zapi" @@ -1825,7 +4791,7 @@ { "allValue": null, "current": { - "selected": false, + "selected": true, "text": [ "All" ], @@ -1859,7 +4825,7 @@ { "allValue": null, "current": { - "selected": false, + "selected": true, "text": [ "All" ], @@ -1868,8 +4834,8 @@ ] }, "datasource": "${DS_PROMETHEUS}", - "definition": "label_values(svm_labels{system_type!=\"7mode\",datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"},svm)", - "description": null, + "definition": "label_values(svm_labels{system_type!=\"7mode\",datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",root_svm=\"No\"},svm)", + "description": "Displaying only the data SVMs and omitting root SVMs", "error": null, "hide": 0, "includeAll": true, @@ -1878,7 +4844,7 @@ "name": "SVM", "options": [], "query": { - "query": "label_values(svm_labels{system_type!=\"7mode\",datacenter=~\"$Datacenter\",cluster=~\"$Cluster\"},svm)", + "query": "label_values(svm_labels{system_type!=\"7mode\",datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",root_svm=\"No\"},svm)", "refId": "StandardVariableQuery" }, "refresh": 2, @@ -1890,7 +4856,7 @@ ] }, "time": { - "from": "now-6h", + "from": "now-1m", "to": "now" }, "timepicker": { @@ -1909,5 +4875,5 @@ "timezone": "", "title": "ONTAP: Security", "uid": "", - "version": 3 + "version": 4 } diff --git a/integration/test/dashboard_json_test.go b/integration/test/dashboard_json_test.go index 9b3c7414f..68acf4bde 100644 --- a/integration/test/dashboard_json_test.go +++ b/integration/test/dashboard_json_test.go @@ -36,6 +36,7 @@ var zapiCounterMap = map[string]struct{}{ "ontaps3_used_percent": {}, "ontaps3_services_labels": {}, "ontaps3_policy_labels": {}, + "volume_arw_status": {}, "volume_num_compress_fail": {}, "volume_num_compress_attempts": {}, } @@ -51,6 +52,7 @@ var excludeCounters = []string{ "cifs_session", "cluster_peer", "efficiency_savings", + "ems_destination_labels", "ems_events", "external_service_op_num_", "external_service_op_request_", @@ -80,6 +82,7 @@ var excludeCounters = []string{ "security_login", "smb2_", "snapmirror_", + "support_auto_update_labels", "svm_cifs_", "svm_ldap", "svm_nfs_latency_hist_bucket", From ebec91c3c61293685e951c9e51c9e2d2b7767c5a Mon Sep 17 00:00:00 2001 From: Rahul Gupta Date: Thu, 3 Aug 2023 13:42:29 +0530 Subject: [PATCH 3/3] feat: add panel for Other IOPs on Volume Dashboard --- grafana/dashboards/cmode/volume.json | 131 +++++++++++++++++++++++++-- 1 file changed, 123 insertions(+), 8 deletions(-) diff --git a/grafana/dashboards/cmode/volume.json b/grafana/dashboards/cmode/volume.json index 417488e94..cf815eb6a 100644 --- a/grafana/dashboards/cmode/volume.json +++ b/grafana/dashboards/cmode/volume.json @@ -71,7 +71,7 @@ "gnetId": null, "graphTooltip": 1, "id": null, - "iteration": 1687429656268, + "iteration": 1691050019799, "links": [ { "asDropdown": true, @@ -269,6 +269,7 @@ "pluginVersion": "8.1.8", "targets": [ { + "exemplar": false, "expr": "sum(topk($TopResources, volume_total_ops{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",svm=~\"$SVM\",volume=~\"$Volume\"}))", "interval": "", "legendFormat": "", @@ -549,7 +550,7 @@ ], "timeFrom": null, "timeShift": null, - "title": "Top $TopResources Volumes by IOPs", + "title": "Top $TopResources Volumes by Total IOPs", "transformations": [], "type": "timeseries" }, @@ -2279,8 +2280,8 @@ "overrides": [] }, "gridPos": { - "h": 8, - "w": 12, + "h": 9, + "w": 8, "x": 0, "y": 33 }, @@ -2375,9 +2376,9 @@ "overrides": [] }, "gridPos": { - "h": 8, - "w": 12, - "x": 12, + "h": 9, + "w": 8, + "x": 8, "y": 33 }, "id": 114, @@ -2415,6 +2416,97 @@ } ], "type": "timeseries" + }, + { + "datasource": "${DS_PROMETHEUS}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "iops" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 8, + "x": 16, + "y": 33 + }, + "id": 115, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.1.8", + "targets": [ + { + "exemplar": false, + "expr": "topk($TopResources, volume_other_ops{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",svm=~\"$SVM\",volume=~\"$TopVolumeOtherIOPS\"})", + "interval": "", + "legendFormat": "{{svm}} - {{volume}}", + "refId": "A" + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Top $TopResources Volumes by Other IOPs", + "transformations": [], + "type": "timeseries" } ], "title": "Volume WAFL Layer Drilldown", @@ -6846,6 +6938,29 @@ "skipUrlSync": false, "sort": 0, "type": "query" + }, + { + "allValue": null, + "current": {}, + "datasource": "${DS_PROMETHEUS}", + "definition": "query_result(topk($TopResources, avg_over_time(volume_other_ops{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",svm=~\"$SVM\",volume=~\"$Volume\"}[${__range}])))", + "description": null, + "error": null, + "hide": 2, + "includeAll": true, + "label": null, + "multi": true, + "name": "TopVolumeOtherIOPS", + "options": [], + "query": { + "query": "query_result(topk($TopResources, avg_over_time(volume_other_ops{datacenter=~\"$Datacenter\",cluster=~\"$Cluster\",svm=~\"$SVM\",volume=~\"$Volume\"}[${__range}])))", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": ".*volume=\\\"(.*?)\\\".*", + "skipUrlSync": false, + "sort": 0, + "type": "query" } ] }, @@ -6869,5 +6984,5 @@ "timezone": "", "title": "ONTAP: Volume", "uid": "", - "version": 13 + "version": 14 }