From 3b501677b71d7d7a9405e53976cff0dce03453ca Mon Sep 17 00:00:00 2001 From: David Calvert Date: Wed, 17 Apr 2024 23:10:00 +0200 Subject: [PATCH] feat: updated grafana dashboard Signed-off-by: David Calvert --- charts/falco-exporter/CHANGELOG.md | 4 + charts/falco-exporter/Chart.yaml | 2 +- charts/falco-exporter/README.md | 2 +- .../templates/grafana-dashboard.yaml | 736 +++++++++++++----- 4 files changed, 540 insertions(+), 204 deletions(-) diff --git a/charts/falco-exporter/CHANGELOG.md b/charts/falco-exporter/CHANGELOG.md index 803eaf4fb..6177104e2 100644 --- a/charts/falco-exporter/CHANGELOG.md +++ b/charts/falco-exporter/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to `falco-exporter` Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v0.11.0 + +* updated grafana dashboard + ## v0.10.0 * added ability to set the grafana folder annotation name diff --git a/charts/falco-exporter/Chart.yaml b/charts/falco-exporter/Chart.yaml index a27165a40..037ed8ca1 100644 --- a/charts/falco-exporter/Chart.yaml +++ b/charts/falco-exporter/Chart.yaml @@ -14,7 +14,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 0.10.0 +version: 0.11.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. diff --git a/charts/falco-exporter/README.md b/charts/falco-exporter/README.md index 5641cd6e2..56f5d2800 100644 --- a/charts/falco-exporter/README.md +++ b/charts/falco-exporter/README.md @@ -70,7 +70,7 @@ helm install falco-exporter \ ## Configuration -The following table lists the main configurable parameters of the falco-exporter chart v0.10.0 and their default values. Please, refer to [values.yaml](./values.yaml) for the full list of configurable parameters. +The following table lists the main configurable parameters of the falco-exporter chart v0.11.0 and their default values. Please, refer to [values.yaml](./values.yaml) for the full list of configurable parameters. ## Values diff --git a/charts/falco-exporter/templates/grafana-dashboard.yaml b/charts/falco-exporter/templates/grafana-dashboard.yaml index ce8aa4060..24ceb3ff7 100644 --- a/charts/falco-exporter/templates/grafana-dashboard.yaml +++ b/charts/falco-exporter/templates/grafana-dashboard.yaml @@ -10,7 +10,7 @@ data: "type": "grafana", "id": "grafana", "name": "Grafana", - "version": "6.7.3" + "version": "7.0.3" }, { "type": "panel", @@ -35,268 +35,600 @@ data: "list": [ { "builtIn": 1, - "datasource": "-- Grafana --", + "datasource": { + "type": "datasource", + "uid": "grafana" + }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, "type": "dashboard" } ] }, + "description": "", "editable": true, - "gnetId": null, - "graphTooltip": 0, + "fiscalYearStartMonth": 0, + "graphTooltip": 1, "id": null, "links": [], + "liveNow": false, "panels": [ { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "", - "fill": 1, - "fillGradient": 0, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic", + "seriesBy": "last" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, "gridPos": { - "h": 11, - "w": 24, + "h": 8, + "w": 12, "x": 0, "y": 0 }, - "hiddenSeries": false, - "id": 2, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null as zero", + "id": 90, "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "8.3.3", "targets": [ { - "expr": "rate(falco_events[5m]) > 0", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{`{{rule}} (node=\"{{kubernetes_node}}\",ns=\"{{k8s_ns_name}}\",pod=\"{{k8s_pod_name}}\")"`}}, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(falco_events[$__rate_interval])) by (rule)\n# {container=\"falco-exporter\", endpoint=\"metrics\", hostname=\"falco-27jks\", instance=\"10.0.0.5:9376\", job=\"falco-exporter\", k8s_ns_name=\"\", k8s_pod_name=\"\", namespace=\"falco\", pod=\"falco-exporter-x86b5\", priority=\"5\", rule=\"Contact K8S API Server From Container\", service=\"falco-exporter\", source=\"syscall\", tags=\",T1565,container,k8s,maturity_stable,mitre_discovery,network,\"}", + "hide": false, + "instant": false, + "legendFormat": "__auto", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" + "title": "Events rate by rule", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic", + "seriesBy": "last" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 72, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } + }, + "pluginVersion": "8.3.3", + "targets": [ { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(falco_events[$__rate_interval])) by (priority)", + "hide": false, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" } ], - "yaxis": { - "align": false, - "alignLevel": null - } + "title": "Events rate by priority", + "type": "timeseries" }, { - "columns": [], - "datasource": "$datasource", - "fontSize": "100%", + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic", + "seriesBy": "last" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, "gridPos": { - "h": 10, - "w": 24, + "h": 8, + "w": 12, "x": 0, - "y": 11 + "y": 8 }, - "id": 4, - "links": [], - "pageSize": null, - "showHeader": true, - "sort": { - "col": null, - "desc": false + "id": 89, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } }, - "styles": [ + "pluginVersion": "8.3.3", + "targets": [ { - "alias": "Time", - "align": "auto", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(falco_events[$__rate_interval])) by (tags)", + "hide": false, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Events rate by tags", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic", + "seriesBy": "last" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" }, - { - "alias": "", - "align": "auto", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "mappingType": 1, - "pattern": "/__name__|instance|job|kubernetes_name|(__name|helm_|app_).*/", - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "id": 91, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } + }, + "pluginVersion": "8.3.3", + "targets": [ { - "alias": "Count", - "align": "auto", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "mappingType": 1, - "pattern": "Value", - "thresholds": [], - "type": "number", - "unit": "short" + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(falco_events[$__rate_interval])) by (pod, hostname)\n# {container=\"falco-exporter\", endpoint=\"metrics\", hostname=\"falco-27jks\", instance=\"10.0.0.5:9376\", job=\"falco-exporter\", k8s_ns_name=\"\", k8s_pod_name=\"\", namespace=\"falco\", pod=\"falco-exporter-x86b5\", priority=\"5\", rule=\"Contact K8S API Server From Container\", service=\"falco-exporter\", source=\"syscall\", tags=\",T1565,container,k8s,maturity_stable,mitre_discovery,network,\"}", + "hide": false, + "instant": false, + "legendFormat": "{{`{{ pod }} ({{hostname}})`}}", + "range": true, + "refId": "A" + } + ], + "title": "Events rate by pod, hostname", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "color-text" + }, + "filterable": true, + "inspect": false, + "minWidth": 50 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "#EAB839", + "value": 100 + }, + { + "color": "red", + "value": 1000 + } + ] + } }, - { - "alias": "", - "align": "left", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "mappingType": 1, - "pattern": "priority", - "thresholds": [ - "" + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 94, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" ], - "type": "number", - "unit": "none", - "valueMaps": [ - { - "text": "5", - "value": "5" - } - ] + "show": false }, - { - "alias": "", - "align": "left", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "string", - "unit": "short" - } - ], + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Count" + } + ] + }, + "pluginVersion": "10.4.1", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "exemplar": false, "expr": "falco_events", "format": "table", "instant": true, + "legendFormat": "__auto", + "range": false, "refId": "A" } ], - "timeFrom": null, - "timeShift": null, - "title": "Totals", - "transform": "table", - "transparent": true, + "title": "Events Total", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "__name__": true, + "container": true, + "endpoint": true, + "instance": true, + "job": true, + "k8s_ns_name": true, + "k8s_pod_name": true, + "service": true + }, + "includeByName": {}, + "indexByName": {}, + "renameByName": { + "Value": "Count" + } + } + } + ], "type": "table" } ], - "schemaVersion": 22, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, + "refresh": "30s", + "schemaVersion": 39, + "tags": [ + "security", + "falco" + ], "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "{{ .Values.grafanaDashboard.prometheusDatasourceName }}", - "value": "{{ .Values.grafanaDashboard.prometheusDatasourceName }}" - }, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "datasource", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - } - ] + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "isNone": true, + "selected": false, + "text": "None", + "value": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(kube_node_info,cluster)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "cluster", + "options": [], + "query": { + "qryType": 1, + "query": "label_values(kube_node_info,cluster)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query" + } + ] }, "time": { - "from": "now-6h", + "from": "now-1h", "to": "now" }, "timepicker": {}, "timezone": "", - "title": "Falco Dashboard", - "uid": "FvUFlfuZz" + "title": "Falco Events", + "uid": "FvUFlfuZz", + "version": 2, + "weekStart": "" } kind: ConfigMap metadata: