diff --git a/AWS_CloudTrail/CloudTrail.dashboard.json b/AWS_CloudTrail/CloudTrail.dashboard.json index 5cda0b5..ea89e82 100644 --- a/AWS_CloudTrail/CloudTrail.dashboard.json +++ b/AWS_CloudTrail/CloudTrail.dashboard.json @@ -1,3847 +1,3847 @@ { - "version": 5, - "dashboardId": "7255585499497119487", - "title": "CloudTrail", - "description": "", - "role": "", - "owner": "", - "created": "2024-10-25T17:27:25.989Z", - "tabs": [ - { - "tabId": "default", - "name": "General Event Information", - "panels": [ - { - "id": "Panel_ID4399010", - "type": "table", - "title": "Account IDs", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "decimals": 2, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT recipientaccountid as \"x_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Recipientaccountid", - "alias": "x_axis_1", - "column": "recipientaccountid", - "color": null, - "isDerived": false - } - ], - "y": [], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + "version": 5, + "dashboardId": "7255585499497119487", + "title": "CloudTrail", + "description": "", + "role": "", + "owner": "", + "created": "2024-10-25T17:27:25.989Z", + "tabs": [ + { + "tabId": "default", + "name": "General Event Information", + "panels": [ + { + "id": "Panel_ID4399010", + "type": "table", + "title": "Account IDs", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "decimals": 2, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT recipientaccountid as \"x_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Recipientaccountid", + "alias": "x_axis_1", + "column": "recipientaccountid", + "color": null, + "isDerived": false + } + ], + "y": [], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 0, - "w": 14, - "h": 9, - "i": 1 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID2316710", - "type": "metric", - "title": "Total Events", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT count(eventid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" ", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [], - "y": [ - { - "label": "Message Eventid", - "alias": "y_axis_1", - "column": "eventid", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 0, + "w": 14, + "h": 9, + "i": 1 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID2316710", + "type": "metric", + "title": "Total Events", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT count(eventid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" ", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [], + "y": [ + { + "label": "Message Eventid", + "alias": "y_axis_1", + "column": "eventid", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 14, - "y": 0, - "w": 24, - "h": 9, - "i": 2 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID7798010", - "type": "table", - "title": "Event Count by Event Name", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT eventname as \"x_axis_1\", count(eventname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Eventname", - "alias": "x_axis_1", - "column": "eventname", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "Message Eventname", - "alias": "y_axis_1", - "column": "eventname", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 14, + "y": 0, + "w": 24, + "h": 9, + "i": 2 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID7798010", + "type": "table", + "title": "Event Count by Event Name", + "description": "Count of events grouped by eventname to see which AWS events are being fired.", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT eventname as \"x_axis_1\", count(eventname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Eventname", + "alias": "x_axis_1", + "column": "eventname", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "# of events", + "alias": "y_axis_1", + "column": "eventname", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 10, - "w": 24, - "h": 9, - "i": 3 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID5388510", - "type": "table", - "title": "Event Count by Event Source", - "description": "Count of events grouped by eventsource to see which AWS services are being accessed (e.g., servicediscovery.amazonaws.com).", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT eventsource as \"x_axis_1\", count(eventsource) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Eventsource", - "alias": "x_axis_1", - "column": "eventsource", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "# of events", - "alias": "y_axis_1", - "column": "eventsource", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 10, + "w": 24, + "h": 9, + "i": 3 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID5388510", + "type": "table", + "title": "Event Count by Event Source", + "description": "Count of events grouped by eventsource to see which AWS services are being accessed (e.g., servicediscovery.amazonaws.com).", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT eventsource as \"x_axis_1\", count(eventsource) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Eventsource", + "alias": "x_axis_1", + "column": "eventsource", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "# of events", + "alias": "y_axis_1", + "column": "eventsource", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 10, - "w": 24, - "h": 9, - "i": 4 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID8453310", - "type": "table", - "title": "Event Count by AWS Region", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT awsregion as \"x_axis_1\", count(awsregion) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Awsregion", - "alias": "x_axis_1", - "column": "awsregion", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "# of events", - "alias": "y_axis_1", - "column": "awsregion", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 10, + "w": 24, + "h": 9, + "i": 4 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID8453310", + "type": "table", + "title": "Event Count by AWS Region", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT awsregion as \"x_axis_1\", count(awsregion) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Awsregion", + "alias": "x_axis_1", + "column": "awsregion", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "# of events", + "alias": "y_axis_1", + "column": "awsregion", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 20, - "w": 24, - "h": 9, - "i": 5 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID5884910", - "type": "table", - "title": "Event Category Breakdown", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT eventcategory as \"x_axis_1\", count(eventcategory) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Eventcategory", - "alias": "x_axis_1", - "column": "eventcategory", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "# of events", - "alias": "y_axis_1", - "column": "eventcategory", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 20, + "w": 24, + "h": 9, + "i": 5 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID5884910", + "type": "table", + "title": "Event Category Breakdown", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT eventcategory as \"x_axis_1\", count(eventcategory) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Eventcategory", + "alias": "x_axis_1", + "column": "eventcategory", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "# of events", + "alias": "y_axis_1", + "column": "eventcategory", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 20, - "w": 24, - "h": 9, - "i": 6 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID7557510", - "type": "line", - "title": "EventType Over Time", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "decimals": 2, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT histogram(_timestamp) as \"x_axis_1\", count(eventtype) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1 ORDER BY x_axis_1 ASC", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Timestamp", - "alias": "x_axis_1", - "column": "_timestamp", - "color": null, - "aggregationFunction": "histogram", - "sortBy": "ASC", - "isDerived": false - } - ], - "y": [ - { - "label": "Message Eventtype", - "alias": "y_axis_1", - "column": "eventtype", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 20, + "w": 24, + "h": 9, + "i": 6 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID7557510", + "type": "line", + "title": "EventType Over Time", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "decimals": 2, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT histogram(_timestamp) as \"x_axis_1\", count(eventtype) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1 ORDER BY x_axis_1 ASC", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Timestamp", + "alias": "x_axis_1", + "column": "_timestamp", + "color": null, + "aggregationFunction": "histogram", + "sortBy": "ASC", + "isDerived": false + } + ], + "y": [ + { + "label": "Message Eventtype", + "alias": "y_axis_1", + "column": "eventtype", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 30, - "w": 24, - "h": 9, - "i": 7 - }, - "htmlContent": "", - "markdownContent": "" - } - ] - }, - { - "tabId": "30569", - "name": "Event Type and Management Event Analysis", - "panels": [ - { - "id": "Panel_ID6760110", - "type": "table", - "title": "API Calls by Event Type", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT eventtype as \"x_axis_1\", count(eventtype) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Eventtype", - "alias": "x_axis_1", - "column": "eventtype", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "#of events", - "alias": "y_axis_1", - "column": "eventtype", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 30, + "w": 24, + "h": 9, + "i": 7 + }, + "htmlContent": "", + "markdownContent": "" + } + ] + }, + { + "tabId": "30569", + "name": "Event Type and Management Event Analysis", + "panels": [ + { + "id": "Panel_ID6760110", + "type": "table", + "title": "API Calls by Event Type", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT eventtype as \"x_axis_1\", count(eventtype) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Eventtype", + "alias": "x_axis_1", + "column": "eventtype", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "#of events", + "alias": "y_axis_1", + "column": "eventtype", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 0, - "w": 24, - "h": 9, - "i": 1 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID3845610", - "type": "pie", - "title": "Read-Only Events vs. Write Events", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT readonly as \"x_axis_1\", count(readonly) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Readonly", - "alias": "x_axis_1", - "column": "readonly", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "Message Readonly", - "alias": "y_axis_1", - "column": "readonly", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 0, + "w": 24, + "h": 9, + "i": 1 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID3845610", + "type": "pie", + "title": "Read-Only Events vs. Write Events", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT readonly as \"x_axis_1\", count(readonly) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Readonly", + "alias": "x_axis_1", + "column": "readonly", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "Message Readonly", + "alias": "y_axis_1", + "column": "readonly", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 0, - "w": 24, - "h": 9, - "i": 2 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID7182410", - "type": "metric", - "title": "Management Events Count", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT count(managementevent) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" ", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [], - "y": [ - { - "label": "Message Managementevent", - "alias": "y_axis_1", - "column": "managementevent", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 0, + "w": 24, + "h": 9, + "i": 2 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID7182410", + "type": "metric", + "title": "Management Events Count", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT count(managementevent) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" ", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [], + "y": [ + { + "label": "Message Managementevent", + "alias": "y_axis_1", + "column": "managementevent", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 10, - "w": 24, - "h": 9, - "i": 3 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID2378710", - "type": "gauge", - "title": "Data Access and S3 Monitoring", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT eventname as \"x_axis_1\", count(eventname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE eventname IN ('GetObject', 'PutObject') GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Eventname", - "alias": "x_axis_1", - "column": "eventname", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "Message Eventname", - "alias": "y_axis_1", - "column": "eventname", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [ - { - "type": "list", - "values": [ - "GetObject", - "PutObject" - ], + ], + "layout": { + "x": 0, + "y": 10, + "w": 24, + "h": 9, + "i": 3 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID2378710", + "type": "gauge", + "title": "Data Access and S3 Monitoring", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT eventname as \"x_axis_1\", count(eventname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE eventname IN ('GetObject', 'PutObject') GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Eventname", + "alias": "x_axis_1", "column": "eventname", - "operator": null, - "value": null, - "logicalOperator": "AND", - "filterType": "condition" + "color": null, + "isDerived": false } - ] + ], + "y": [ + { + "label": "Message Eventname", + "alias": "y_axis_1", + "column": "eventname", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [ + { + "type": "list", + "values": [ + "GetObject", + "PutObject" + ], + "column": "eventname", + "operator": null, + "value": null, + "logicalOperator": "AND", + "filterType": "condition" + } + ] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 10, - "w": 24, - "h": 9, - "i": 4 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID9151410", - "type": "table", - "title": "S3 Access by User", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT useridentity_arn as \"x_axis_1\", eventname as \"x_axis_2\", count(useridentity_arn) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE eventname IN ('GetObject', 'PutObject') GROUP BY x_axis_1, x_axis_2", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Useridentity Arn", - "alias": "x_axis_1", - "column": "useridentity_arn", - "color": null, - "isDerived": false - }, - { - "label": "Message Eventname", - "alias": "x_axis_2", - "column": "eventname", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "count", - "alias": "y_axis_1", - "column": "useridentity_arn", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [ - { - "type": "list", - "values": [ - "GetObject", - "PutObject" - ], + ], + "layout": { + "x": 24, + "y": 10, + "w": 24, + "h": 9, + "i": 4 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID9151410", + "type": "table", + "title": "S3 Access by User", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT useridentity_arn as \"x_axis_1\", eventname as \"x_axis_2\", count(useridentity_arn) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE eventname IN ('GetObject', 'PutObject') GROUP BY x_axis_1, x_axis_2", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Useridentity Arn", + "alias": "x_axis_1", + "column": "useridentity_arn", + "color": null, + "isDerived": false + }, + { + "label": "Message Eventname", + "alias": "x_axis_2", "column": "eventname", - "operator": null, - "value": null, - "logicalOperator": "AND", - "filterType": "condition" + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "count", + "alias": "y_axis_1", + "column": "useridentity_arn", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false } - ] + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [ + { + "type": "list", + "values": [ + "GetObject", + "PutObject" + ], + "column": "eventname", + "operator": null, + "value": null, + "logicalOperator": "AND", + "filterType": "condition" + } + ] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 20, - "w": 24, - "h": 9, - "i": 5 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID8042810", - "type": "table", - "title": "Top S3 Buckets by Access", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT requestparameters_bucketname as \"x_axis_1\", count(requestparameters_bucketname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Requestparameters Bucketname", - "alias": "x_axis_1", - "column": "requestparameters_bucketname", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "# of events on buckets", - "alias": "y_axis_1", - "column": "requestparameters_bucketname", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 20, + "w": 24, + "h": 9, + "i": 5 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID8042810", + "type": "table", + "title": "Top S3 Buckets by Access", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT requestparameters_bucketname as \"x_axis_1\", count(requestparameters_bucketname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Requestparameters Bucketname", + "alias": "x_axis_1", + "column": "requestparameters_bucketname", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "# of events on buckets", + "alias": "y_axis_1", + "column": "requestparameters_bucketname", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 20, - "w": 24, - "h": 9, - "i": 6 - }, - "htmlContent": "", - "markdownContent": "" - } - ] - }, - { - "tabId": "62619", - "name": "User Identity and Access Control", - "panels": [ - { - "id": "Panel_ID7055110", - "type": "table", - "title": "User Identity Type Distribution", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT useridentity_type as \"x_axis_1\", count(useridentity_type) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Useridentity Type", - "alias": "x_axis_1", - "column": "useridentity_type", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "count", - "alias": "y_axis_1", - "column": "useridentity_type", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 20, + "w": 24, + "h": 9, + "i": 6 + }, + "htmlContent": "", + "markdownContent": "" + } + ] + }, + { + "tabId": "62619", + "name": "User Identity and Access Control", + "panels": [ + { + "id": "Panel_ID7055110", + "type": "table", + "title": "User Identity Type Distribution", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT useridentity_type as \"x_axis_1\", count(useridentity_type) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Useridentity Type", + "alias": "x_axis_1", + "column": "useridentity_type", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "count", + "alias": "y_axis_1", + "column": "useridentity_type", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 0, - "w": 24, - "h": 9, - "i": 1 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID6003310", - "type": "table", - "title": "Top Access Keys by Usage", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT useridentity_accesskeyid as \"x_axis_1\", count(useridentity_accesskeyid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Useridentity Accesskeyid", - "alias": "x_axis_1", - "column": "useridentity_accesskeyid", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "Message Useridentity Accesskeyid", - "alias": "y_axis_1", - "column": "useridentity_accesskeyid", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 0, + "w": 24, + "h": 9, + "i": 1 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID6003310", + "type": "table", + "title": "Top Access Keys by Usage", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT useridentity_accesskeyid as \"x_axis_1\", count(useridentity_accesskeyid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Useridentity Accesskeyid", + "alias": "x_axis_1", + "column": "useridentity_accesskeyid", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "Message Useridentity Accesskeyid", + "alias": "y_axis_1", + "column": "useridentity_accesskeyid", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 0, - "w": 24, - "h": 9, - "i": 2 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID9458810", - "type": "table", - "title": "Top Users by Event Count", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT useridentity_arn as \"x_axis_1\", count(useridentity_arn) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Useridentity Arn", - "alias": "x_axis_1", - "column": "useridentity_arn", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "count", - "alias": "y_axis_1", - "column": "useridentity_arn", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 0, + "w": 24, + "h": 9, + "i": 2 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID9458810", + "type": "table", + "title": "Top Users by Event Count", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT useridentity_arn as \"x_axis_1\", count(useridentity_arn) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Useridentity Arn", + "alias": "x_axis_1", + "column": "useridentity_arn", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "count", + "alias": "y_axis_1", + "column": "useridentity_arn", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 10, - "w": 24, - "h": 9, - "i": 3 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID6871010", - "type": "table", - "title": "Top Roles by Event Count", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT useridentity_principalid as \"x_axis_1\", count(useridentity_principalid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Useridentity Principalid", - "alias": "x_axis_1", - "column": "useridentity_principalid", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "count", - "alias": "y_axis_1", - "column": "useridentity_principalid", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 10, + "w": 24, + "h": 9, + "i": 3 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID6871010", + "type": "table", + "title": "Top Roles by Event Count", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT useridentity_principalid as \"x_axis_1\", count(useridentity_principalid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Useridentity Principalid", + "alias": "x_axis_1", + "column": "useridentity_principalid", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "count", + "alias": "y_axis_1", + "column": "useridentity_principalid", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 10, - "w": 24, - "h": 9, - "i": 4 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID9831310", - "type": "table", - "title": "Top IAM Actions", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT eventname as \"x_axis_1\", count(eventname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Eventname", - "alias": "x_axis_1", - "column": "eventname", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "count", - "alias": "y_axis_1", - "column": "eventname", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 10, + "w": 24, + "h": 9, + "i": 4 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID9831310", + "type": "table", + "title": "Top IAM Actions", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT eventname as \"x_axis_1\", count(eventname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Eventname", + "alias": "x_axis_1", + "column": "eventname", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "count", + "alias": "y_axis_1", + "column": "eventname", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 20, - "w": 24, - "h": 9, - "i": 5 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID4422510", - "type": "table", - "title": "Role Assumption Events", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT eventname as \"x_axis_1\", count(eventname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE str_match(eventname, 'AssumeRole') GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Eventname", - "alias": "x_axis_1", - "column": "eventname", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "Message Eventname", - "alias": "y_axis_1", - "column": "eventname", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [ - { - "type": "condition", - "values": [], + ], + "layout": { + "x": 0, + "y": 20, + "w": 24, + "h": 9, + "i": 5 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID4422510", + "type": "table", + "title": "Role Assumption Events", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT eventname as \"x_axis_1\", count(eventname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE str_match(eventname, 'AssumeRole') GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Eventname", + "alias": "x_axis_1", "column": "eventname", - "operator": "str_match", - "value": "AssumeRole", - "logicalOperator": "AND", - "filterType": "condition" + "color": null, + "isDerived": false } - ] + ], + "y": [ + { + "label": "Message Eventname", + "alias": "y_axis_1", + "column": "eventname", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [ + { + "type": "condition", + "values": [], + "column": "eventname", + "operator": "str_match", + "value": "AssumeRole", + "logicalOperator": "AND", + "filterType": "condition" + } + ] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 20, - "w": 24, - "h": 9, - "i": 6 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID9787010", - "type": "bar", - "title": "Console Login", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT histogram(_timestamp) as \"x_axis_1\", count(responseelements_consolelogin) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1 ORDER BY x_axis_1 ASC", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Timestamp", - "alias": "x_axis_1", - "column": "_timestamp", - "color": null, - "aggregationFunction": "histogram", - "sortBy": "ASC", - "isDerived": false - } - ], - "y": [ - { - "label": "Message Responseelements Consolelogin", - "alias": "y_axis_1", - "column": "responseelements_consolelogin", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 20, + "w": 24, + "h": 9, + "i": 6 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID9787010", + "type": "bar", + "title": "Console Login", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT histogram(_timestamp) as \"x_axis_1\", count(responseelements_consolelogin) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1 ORDER BY x_axis_1 ASC", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Timestamp", + "alias": "x_axis_1", + "column": "_timestamp", + "color": null, + "aggregationFunction": "histogram", + "sortBy": "ASC", + "isDerived": false + } + ], + "y": [ + { + "label": "Message Responseelements Consolelogin", + "alias": "y_axis_1", + "column": "responseelements_consolelogin", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 30, - "w": 24, - "h": 9, - "i": 7 - }, - "htmlContent": "", - "markdownContent": "" - } - ] - }, - { - "tabId": "87520", - "name": "Source IP and User Agent Monitoring", - "panels": [ - { - "id": "Panel_ID1080110", - "type": "table", - "title": "Top Source IP Addresses", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT sourceipaddress as \"x_axis_1\", count(sourceipaddress) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Sourceipaddress", - "alias": "x_axis_1", - "column": "sourceipaddress", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "Message Sourceipaddress", - "alias": "y_axis_1", - "column": "sourceipaddress", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 30, + "w": 24, + "h": 9, + "i": 7 + }, + "htmlContent": "", + "markdownContent": "" + } + ] + }, + { + "tabId": "87520", + "name": "Source IP and User Agent Monitoring", + "panels": [ + { + "id": "Panel_ID1080110", + "type": "table", + "title": "Top Source IP Addresses", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT sourceipaddress as \"x_axis_1\", count(sourceipaddress) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Sourceipaddress", + "alias": "x_axis_1", + "column": "sourceipaddress", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "Message Sourceipaddress", + "alias": "y_axis_1", + "column": "sourceipaddress", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 0, - "w": 24, - "h": 9, - "i": 1 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID6582910", - "type": "table", - "title": "User Agent Distribution", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "decimals": 2, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT useragent as \"x_axis_1\", count(useragent) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Useragent", - "alias": "x_axis_1", - "column": "useragent", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "# agents accessing AWS services", - "alias": "y_axis_1", - "column": "useragent", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 0, + "w": 24, + "h": 9, + "i": 1 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID6582910", + "type": "table", + "title": "User Agent Distribution", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "decimals": 2, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT useragent as \"x_axis_1\", count(useragent) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Useragent", + "alias": "x_axis_1", + "column": "useragent", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "# agents accessing AWS services", + "alias": "y_axis_1", + "column": "useragent", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 0, - "w": 24, - "h": 9, - "i": 2 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID9066010", - "type": "table", - "title": "API Calls by Invoked Service", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT useridentity_invokedby as \"x_axis_1\", count(useridentity_invokedby) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Useridentity Invokedby", - "alias": "x_axis_1", - "column": "useridentity_invokedby", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "Message Useridentity Invokedby", - "alias": "y_axis_1", - "column": "useridentity_invokedby", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 0, + "w": 24, + "h": 9, + "i": 2 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID9066010", + "type": "table", + "title": "API Calls by Invoked Service", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT useridentity_invokedby as \"x_axis_1\", count(useridentity_invokedby) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Useridentity Invokedby", + "alias": "x_axis_1", + "column": "useridentity_invokedby", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "Message Useridentity Invokedby", + "alias": "y_axis_1", + "column": "useridentity_invokedby", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 10, - "w": 24, - "h": 9, - "i": 3 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID3211310", - "type": "table", - "title": "Source IP with Region", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT awsregion as \"x_axis_1\", sourceipaddress as \"x_axis_2\", count(sourceipaddress) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1, x_axis_2", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Awsregion", - "alias": "x_axis_1", - "column": "awsregion", - "color": null, - "isDerived": false - }, - { - "label": "Message Sourceipaddress", - "alias": "x_axis_2", - "column": "sourceipaddress", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "Message Sourceipaddress", - "alias": "y_axis_1", - "column": "sourceipaddress", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 10, + "w": 24, + "h": 9, + "i": 3 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID3211310", + "type": "table", + "title": "Source IP with Region", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT awsregion as \"x_axis_1\", sourceipaddress as \"x_axis_2\", count(sourceipaddress) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1, x_axis_2", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Awsregion", + "alias": "x_axis_1", + "column": "awsregion", + "color": null, + "isDerived": false + }, + { + "label": "Message Sourceipaddress", + "alias": "x_axis_2", + "column": "sourceipaddress", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "Message Sourceipaddress", + "alias": "y_axis_1", + "column": "sourceipaddress", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 20, - "w": 24, - "h": 9, - "i": 4 - }, - "htmlContent": "", - "markdownContent": "" - } - ] - }, - { - "tabId": "94471", - "name": "Service and Resource Monitoring", - "panels": [ - { - "id": "Panel_ID6027710", - "type": "table", - "title": "Top Services Accessed", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT eventsource as \"x_axis_1\", count(eventsource) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Eventsource", - "alias": "x_axis_1", - "column": "eventsource", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "Message Eventsource", - "alias": "y_axis_1", - "column": "eventsource", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 20, + "w": 24, + "h": 9, + "i": 4 + }, + "htmlContent": "", + "markdownContent": "" + } + ] + }, + { + "tabId": "94471", + "name": "Service and Resource Monitoring", + "panels": [ + { + "id": "Panel_ID6027710", + "type": "table", + "title": "Top Services Accessed", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT eventsource as \"x_axis_1\", count(eventsource) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Eventsource", + "alias": "x_axis_1", + "column": "eventsource", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "Message Eventsource", + "alias": "y_axis_1", + "column": "eventsource", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 0, - "w": 24, - "h": 9, - "i": 1 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID315510", - "type": "table", - "title": "Top Event Names by Service", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "decimals": 2, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT eventname as \"x_axis_1\", eventsource as \"x_axis_2\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1, x_axis_2", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Eventname", - "alias": "x_axis_1", - "column": "eventname", - "color": null, - "isDerived": false - }, - { - "label": "Message Eventsource", - "alias": "x_axis_2", - "column": "eventsource", - "color": null, - "isDerived": false - } - ], - "y": [], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 0, + "w": 24, + "h": 9, + "i": 1 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID315510", + "type": "table", + "title": "Top Event Names by Service", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "decimals": 2, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT eventname as \"x_axis_1\", eventsource as \"x_axis_2\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1, x_axis_2", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Eventname", + "alias": "x_axis_1", + "column": "eventname", + "color": null, + "isDerived": false + }, + { + "label": "Message Eventsource", + "alias": "x_axis_2", + "column": "eventsource", + "color": null, + "isDerived": false + } + ], + "y": [], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 0, - "w": 24, - "h": 9, - "i": 2 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID6785410", - "type": "metric", - "title": "Resource Accessed by Service ID", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT count(requestparameters_serviceid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" ", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [], - "y": [ - { - "label": "Message Requestparameters Serviceid", - "alias": "y_axis_1", - "column": "requestparameters_serviceid", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 0, + "w": 24, + "h": 9, + "i": 2 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID6785410", + "type": "metric", + "title": "Resource Accessed by Service ID", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT count(requestparameters_serviceid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" ", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [], + "y": [ + { + "label": "Message Requestparameters Serviceid", + "alias": "y_axis_1", + "column": "requestparameters_serviceid", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 10, - "w": 24, - "h": 9, - "i": 3 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID4703710", - "type": "table", - "title": "Resource Ownership by Account", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT useridentity_accountid as \"x_axis_1\", count(useridentity_accountid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Useridentity Accountid", - "alias": "x_axis_1", - "column": "useridentity_accountid", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "Message Useridentity Accountid", - "alias": "y_axis_1", - "column": "useridentity_accountid", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 10, + "w": 24, + "h": 9, + "i": 3 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID4703710", + "type": "table", + "title": "Resource Ownership by Account", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT useridentity_accountid as \"x_axis_1\", count(useridentity_accountid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Useridentity Accountid", + "alias": "x_axis_1", + "column": "useridentity_accountid", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "Message Useridentity Accountid", + "alias": "y_axis_1", + "column": "useridentity_accountid", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 10, - "w": 24, - "h": 9, - "i": 4 - }, - "htmlContent": "", - "markdownContent": "" - } - ] - }, - { - "tabId": "7271", - "name": "AWS Account Analysis", - "panels": [ - { - "id": "Panel_ID2235710", - "type": "gauge", - "title": "Events by Recipient Account ID", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT recipientaccountid as \"x_axis_1\", count(recipientaccountid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Recipientaccountid", - "alias": "x_axis_1", - "column": "recipientaccountid", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "Message Recipientaccountid", - "alias": "y_axis_1", - "column": "recipientaccountid", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 10, + "w": 24, + "h": 9, + "i": 4 + }, + "htmlContent": "", + "markdownContent": "" + } + ] + }, + { + "tabId": "7271", + "name": "AWS Account Analysis", + "panels": [ + { + "id": "Panel_ID2235710", + "type": "gauge", + "title": "Events by Recipient Account ID", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT recipientaccountid as \"x_axis_1\", count(recipientaccountid) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Recipientaccountid", + "alias": "x_axis_1", + "column": "recipientaccountid", + "color": null, + "isDerived": false + } + ], + "y": [ + { + "label": "Message Recipientaccountid", + "alias": "y_axis_1", + "column": "recipientaccountid", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 0, - "w": 24, - "h": 9, - "i": 1 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID9519010", - "type": "table", - "title": "Top Events by Account ID", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "decimals": 2, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT useridentity_accountid as \"x_axis_1\", eventname as \"x_axis_2\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1, x_axis_2", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Useridentity Accountid", - "alias": "x_axis_1", - "column": "useridentity_accountid", - "color": null, - "isDerived": false - }, - { - "label": "Message Eventname", - "alias": "x_axis_2", - "column": "eventname", - "color": null, - "isDerived": false - } - ], - "y": [], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 0, + "w": 24, + "h": 9, + "i": 1 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID9519010", + "type": "table", + "title": "Top Events by Account ID", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "decimals": 2, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT useridentity_accountid as \"x_axis_1\", eventname as \"x_axis_2\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1, x_axis_2", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Useridentity Accountid", + "alias": "x_axis_1", + "column": "useridentity_accountid", + "color": null, + "isDerived": false + }, + { + "label": "Message Eventname", + "alias": "x_axis_2", + "column": "eventname", + "color": null, + "isDerived": false + } + ], + "y": [], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 0, - "w": 24, - "h": 9, - "i": 2 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID3153010", - "type": "table", - "title": "Event Source by Account", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "decimals": 2, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT useridentity_accountid as \"x_axis_1\", eventsource as \"x_axis_2\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1, x_axis_2", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Useridentity Accountid", - "alias": "x_axis_1", - "column": "useridentity_accountid", - "color": null, - "isDerived": false - }, - { - "label": "Message Eventsource", - "alias": "x_axis_2", - "column": "eventsource", - "color": null, - "isDerived": false - } - ], - "y": [], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 0, + "w": 24, + "h": 9, + "i": 2 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID3153010", + "type": "table", + "title": "Event Source by Account", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "decimals": 2, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT useridentity_accountid as \"x_axis_1\", eventsource as \"x_axis_2\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1, x_axis_2", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Useridentity Accountid", + "alias": "x_axis_1", + "column": "useridentity_accountid", + "color": null, + "isDerived": false + }, + { + "label": "Message Eventsource", + "alias": "x_axis_2", + "column": "eventsource", + "color": null, + "isDerived": false + } + ], + "y": [], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 10, - "w": 24, - "h": 9, - "i": 3 - }, - "htmlContent": "", - "markdownContent": "" - } - ] - }, - { - "tabId": "28672", - "name": "Session Context and Security", - "panels": [ - { - "id": "Panel_ID1309910", - "type": "table", - "title": "Non-MFA Events", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "decimals": 2, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT useridentity_sessioncontext as \"x_axis_2\" FROM \"aws_orgs_cloudtrail\" WHERE str_match_ignore_case(useridentity_sessioncontext, '\"mfaAuthenticated\":\"false\"') GROUP BY x_axis_2", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Useridentity Sessioncontext", - "alias": "x_axis_2", - "column": "useridentity_sessioncontext", - "color": null, - "isDerived": false - } - ], - "y": [], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [ - { - "type": "condition", - "values": [], + ], + "layout": { + "x": 0, + "y": 10, + "w": 24, + "h": 9, + "i": 3 + }, + "htmlContent": "", + "markdownContent": "" + } + ] + }, + { + "tabId": "28672", + "name": "Session Context and Security", + "panels": [ + { + "id": "Panel_ID1309910", + "type": "table", + "title": "Non-MFA Events", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "decimals": 2, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT useridentity_sessioncontext as \"x_axis_2\" FROM \"aws_orgs_cloudtrail\" WHERE str_match_ignore_case(useridentity_sessioncontext, '\"mfaAuthenticated\":\"false\"') GROUP BY x_axis_2", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Useridentity Sessioncontext", + "alias": "x_axis_2", "column": "useridentity_sessioncontext", - "operator": "str_match_ignore_case", - "value": "\"mfaAuthenticated\":\"false\"", - "logicalOperator": "AND", - "filterType": "condition" + "color": null, + "isDerived": false } - ] + ], + "y": [], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [ + { + "type": "condition", + "values": [], + "column": "useridentity_sessioncontext", + "operator": "str_match_ignore_case", + "value": "\"mfaAuthenticated\":\"false\"", + "logicalOperator": "AND", + "filterType": "condition" + } + ] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 0, - "w": 24, - "h": 9, - "i": 1 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID3085310", - "type": "bar", - "title": "Session Duration Analysis", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "seconds", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT histogram(_timestamp) as \"x_axis_1\", count(useridentity_sessioncontext) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1 ORDER BY x_axis_1 ASC", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Timestamp", - "alias": "x_axis_1", - "column": "_timestamp", - "color": null, - "aggregationFunction": "histogram", - "sortBy": "ASC", - "isDerived": false - } - ], - "y": [ - { - "label": "Message Useridentity Sessioncontext", - "alias": "y_axis_1", - "column": "useridentity_sessioncontext", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 0, + "w": 24, + "h": 9, + "i": 1 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID3085310", + "type": "bar", + "title": "Session Duration Analysis", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "seconds", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT histogram(_timestamp) as \"x_axis_1\", count(useridentity_sessioncontext) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1 ORDER BY x_axis_1 ASC", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Timestamp", + "alias": "x_axis_1", + "column": "_timestamp", + "color": null, + "aggregationFunction": "histogram", + "sortBy": "ASC", + "isDerived": false + } + ], + "y": [ + { + "label": "Message Useridentity Sessioncontext", + "alias": "y_axis_1", + "column": "useridentity_sessioncontext", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 9, - "w": 24, - "h": 9, - "i": 2 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID564310", - "type": "table", - "title": "Audit Log Events", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT eventsource as \"x_axis_1\", count(eventsource) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE eventsource IN ('cloudfront.amazonaws.com', 'config.amazonaws.com', 'appconfig.amazonaws.com') GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Message Eventsource", - "alias": "x_axis_1", - "column": "eventsource", - "color": null, - "isDerived": false - } - ], - "y": [ - { - "label": "# of Eventsource", - "alias": "y_axis_1", - "column": "eventsource", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [ - { - "type": "list", - "values": [ - "cloudfront.amazonaws.com", - "config.amazonaws.com", - "appconfig.amazonaws.com" - ], + ], + "layout": { + "x": 24, + "y": 9, + "w": 24, + "h": 9, + "i": 2 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID564310", + "type": "table", + "title": "Audit Log Events", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT eventsource as \"x_axis_1\", count(eventsource) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE eventsource IN ('cloudfront.amazonaws.com', 'config.amazonaws.com', 'appconfig.amazonaws.com') GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Message Eventsource", + "alias": "x_axis_1", "column": "eventsource", - "operator": null, - "value": null, - "logicalOperator": "AND", - "filterType": "condition" + "color": null, + "isDerived": false } - ] + ], + "y": [ + { + "label": "# of Eventsource", + "alias": "y_axis_1", + "column": "eventsource", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [ + { + "type": "list", + "values": [ + "cloudfront.amazonaws.com", + "config.amazonaws.com", + "appconfig.amazonaws.com" + ], + "column": "eventsource", + "operator": null, + "value": null, + "logicalOperator": "AND", + "filterType": "condition" + } + ] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 9, - "w": 24, - "h": 9, - "i": 3 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID1802410", - "type": "metric", - "title": "Sessions with MFA Disabled", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT count(useridentity_sessioncontext) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE str_match_ignore_case(useridentity_sessioncontext, '\"mfaAuthenticated\":\"false\"') ", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [], - "y": [ - { - "label": "Message Useridentity Sessioncontext", - "alias": "y_axis_1", - "column": "useridentity_sessioncontext", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [ - { - "type": "condition", - "values": [], + ], + "layout": { + "x": 0, + "y": 9, + "w": 24, + "h": 9, + "i": 3 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID1802410", + "type": "metric", + "title": "Sessions with MFA Disabled", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT count(useridentity_sessioncontext) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE str_match_ignore_case(useridentity_sessioncontext, '\"mfaAuthenticated\":\"false\"') ", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [], + "y": [ + { + "label": "Message Useridentity Sessioncontext", + "alias": "y_axis_1", "column": "useridentity_sessioncontext", - "operator": "str_match_ignore_case", - "value": "\"mfaAuthenticated\":\"false\"", - "logicalOperator": "AND", - "filterType": "condition" + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false } - ] + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [ + { + "type": "condition", + "values": [], + "column": "useridentity_sessioncontext", + "operator": "str_match_ignore_case", + "value": "\"mfaAuthenticated\":\"false\"", + "logicalOperator": "AND", + "filterType": "condition" + } + ] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 0, - "w": 24, - "h": 9, - "i": 4 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID5612410", - "type": "metric", - "title": "Console Login", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "unit": "numbers", - "decimals": 0, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false, - "mappings": [] - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT count(eventname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE eventname IN ('ConsoleLogin') ", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [], - "y": [ - { - "label": "Message Eventname", - "alias": "y_axis_1", - "column": "eventname", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [ - { - "type": "list", - "values": [ - "ConsoleLogin" - ], + ], + "layout": { + "x": 24, + "y": 0, + "w": 24, + "h": 9, + "i": 4 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID5612410", + "type": "metric", + "title": "Console Login", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "unit": "numbers", + "decimals": 0, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false, + "mappings": [] + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT count(eventname) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" WHERE eventname IN ('ConsoleLogin') ", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [], + "y": [ + { + "label": "Message Eventname", + "alias": "y_axis_1", "column": "eventname", - "operator": null, - "value": null, - "logicalOperator": "AND", - "filterType": "condition" + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false } - ] + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [ + { + "type": "list", + "values": [ + "ConsoleLogin" + ], + "column": "eventname", + "operator": null, + "value": null, + "logicalOperator": "AND", + "filterType": "condition" + } + ] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 9, - "w": 24, - "h": 9, - "i": 5 - }, - "htmlContent": "", - "markdownContent": "" - } - ] - }, - { - "tabId": "39341", - "name": "CloudTrail Log and Subscription Monitoring", - "panels": [ - { - "id": "Panel_ID1171310", - "type": "bar", - "title": "Events by Log Group", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "decimals": 2, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT histogram(_timestamp) as \"x_axis_1\", count(loggroup) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1 ORDER BY x_axis_1 ASC", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Timestamp", - "alias": "x_axis_1", - "column": "_timestamp", - "color": null, - "aggregationFunction": "histogram", - "sortBy": "ASC", - "isDerived": false - } - ], - "y": [ - { - "label": "Loggroup", - "alias": "y_axis_1", - "column": "loggroup", - "color": "#5960b2", - "aggregationFunction": "count", - "isDerived": false - } - ], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 9, + "w": 24, + "h": 9, + "i": 5 + }, + "htmlContent": "", + "markdownContent": "" + } + ] + }, + { + "tabId": "39341", + "name": "CloudTrail Log and Subscription Monitoring", + "panels": [ + { + "id": "Panel_ID1171310", + "type": "bar", + "title": "Events by Log Group", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "decimals": 2, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT histogram(_timestamp) as \"x_axis_1\", count(loggroup) as \"y_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1 ORDER BY x_axis_1 ASC", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Timestamp", + "alias": "x_axis_1", + "column": "_timestamp", + "color": null, + "aggregationFunction": "histogram", + "sortBy": "ASC", + "isDerived": false + } + ], + "y": [ + { + "label": "Loggroup", + "alias": "y_axis_1", + "column": "loggroup", + "color": "#5960b2", + "aggregationFunction": "count", + "isDerived": false + } + ], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 0, - "w": 24, - "h": 9, - "i": 1 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID962910", - "type": "table", - "title": "Events by Log Stream ", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "decimals": 2, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT logstream as \"x_axis_2\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_2", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Logstream", - "alias": "x_axis_2", - "column": "logstream", - "color": null, - "isDerived": false - } - ], - "y": [], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 0, + "y": 0, + "w": 24, + "h": 9, + "i": 1 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID962910", + "type": "table", + "title": "Events by Log Stream ", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "decimals": 2, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT logstream as \"x_axis_2\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_2", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Logstream", + "alias": "x_axis_2", + "column": "logstream", + "color": null, + "isDerived": false + } + ], + "y": [], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 24, - "y": 0, - "w": 24, - "h": 9, - "i": 2 - }, - "htmlContent": "", - "markdownContent": "" - }, - { - "id": "Panel_ID5331110", - "type": "table", - "title": "Events by Subscription Filter", - "description": "", - "config": { - "show_legends": true, - "legends_position": null, - "decimals": 2, - "top_results_others": false, - "axis_border_show": false, - "legend_width": { - "unit": "px" - }, - "base_map": { - "type": "osm" - }, - "map_view": { - "zoom": 1, - "lat": 0, - "lng": 0 - }, - "map_symbol_style": { - "size": "by Value", - "size_by_value": { - "min": 1, - "max": 100 - }, - "size_fixed": 2 - }, - "drilldown": [], - "mark_line": [], - "connect_nulls": false, - "no_value_replacement": "", - "wrap_table_cells": false, - "table_transpose": false, - "table_dynamic_columns": false - }, - "queryType": "sql", - "queries": [ - { - "query": "SELECT subscriptionfilters as \"x_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", - "vrlFunctionQuery": "", - "customQuery": false, - "fields": { - "stream": "aws_orgs_cloudtrail", - "stream_type": "logs", - "x": [ - { - "label": "Subscriptionfilters", - "alias": "x_axis_1", - "column": "subscriptionfilters", - "color": null, - "isDerived": false - } - ], - "y": [], - "z": [], - "breakdown": [], - "filter": { - "filterType": "group", - "logicalOperator": "AND", - "conditions": [] + ], + "layout": { + "x": 24, + "y": 0, + "w": 24, + "h": 9, + "i": 2 + }, + "htmlContent": "", + "markdownContent": "" + }, + { + "id": "Panel_ID5331110", + "type": "table", + "title": "Events by Subscription Filter", + "description": "", + "config": { + "show_legends": true, + "legends_position": null, + "decimals": 2, + "top_results_others": false, + "axis_border_show": false, + "legend_width": { + "unit": "px" + }, + "base_map": { + "type": "osm" + }, + "map_view": { + "zoom": 1, + "lat": 0, + "lng": 0 + }, + "map_symbol_style": { + "size": "by Value", + "size_by_value": { + "min": 1, + "max": 100 + }, + "size_fixed": 2 + }, + "drilldown": [], + "mark_line": [], + "connect_nulls": false, + "no_value_replacement": "", + "wrap_table_cells": false, + "table_transpose": false, + "table_dynamic_columns": false + }, + "queryType": "sql", + "queries": [ + { + "query": "SELECT subscriptionfilters as \"x_axis_1\" FROM \"aws_orgs_cloudtrail\" GROUP BY x_axis_1", + "vrlFunctionQuery": "", + "customQuery": false, + "fields": { + "stream": "aws_orgs_cloudtrail", + "stream_type": "logs", + "x": [ + { + "label": "Subscriptionfilters", + "alias": "x_axis_1", + "column": "subscriptionfilters", + "color": null, + "isDerived": false + } + ], + "y": [], + "z": [], + "breakdown": [], + "filter": { + "filterType": "group", + "logicalOperator": "AND", + "conditions": [] + } + }, + "config": { + "promql_legend": "", + "layer_type": "scatter", + "weight_fixed": 1, + "limit": 0, + "min": 0, + "max": 100, + "time_shift": [] } - }, - "config": { - "promql_legend": "", - "layer_type": "scatter", - "weight_fixed": 1, - "limit": 0, - "min": 0, - "max": 100, - "time_shift": [] } - } - ], - "layout": { - "x": 0, - "y": 10, - "w": 24, - "h": 9, - "i": 3 - }, - "htmlContent": "", - "markdownContent": "" - } - ] + ], + "layout": { + "x": 0, + "y": 10, + "w": 24, + "h": 9, + "i": 3 + }, + "htmlContent": "", + "markdownContent": "" + } + ] + } + ], + "variables": { + "list": [], + "showDynamicFilters": true + }, + "defaultDatetimeDuration": { + "type": "relative", + "relativeTimePeriod": "15m", + "startTime": 1731606501326000, + "endTime": 1731607401326000 } - ], - "variables": { - "list": [], - "showDynamicFilters": true - }, - "defaultDatetimeDuration": { - "type": "relative", - "relativeTimePeriod": "15m", - "startTime": 1731606501326000, - "endTime": 1731607401326000 } -} \ No newline at end of file