LearningTechAndDev
New Member
Hey Everyone
I've been exploring a platform called Elasticsearch+Kibana. And recently, I just became aware of DMARC aggregation reports. As a way to learn more Elasticsearch+Kibana, I figure I make a DMARC Visualizer. Once I finish, I want to share this for free with everyone and make a YouTube video explaining how it works incase anyone wants to improve it. I've already come up with a mechanism to quickly ingest all DMARC aggregation reports into Elasticsearch. And I already used Kibana to make a dashboard with the following graphs/visualizations (using pseudo-sql-code):
1) SELECT COUNT(*), AuthResult.Result, AuthResult.Type FROM dmarc_report WHERE AuthResult.Domain = <@emaildomain.com> AND AuthResult.SourceIP IN (<list of authorized IPs>) GROUP BY AuthResult.Result
Example of results:
2) SELECT COUNT(*), AuthResult.Result, AuthResult.Type FROM dmarc_report WHERE AuthResult.Domain = <@emaildomain.com> AND AuthResult.SourceIP NOT IN (<list of authorized IPs>) GROUP BY AuthResult.Result
3) SELECT COUNT(*), Report.ReportOrgName FROM dmarc_report
Example of results
2003 google.com
402 yahoo.com
...etc...
I was wondering if anyone can suggest other graphs that might be useful that I can bundle as default graphs?
I've been exploring a platform called Elasticsearch+Kibana. And recently, I just became aware of DMARC aggregation reports. As a way to learn more Elasticsearch+Kibana, I figure I make a DMARC Visualizer. Once I finish, I want to share this for free with everyone and make a YouTube video explaining how it works incase anyone wants to improve it. I've already come up with a mechanism to quickly ingest all DMARC aggregation reports into Elasticsearch. And I already used Kibana to make a dashboard with the following graphs/visualizations (using pseudo-sql-code):
1) SELECT COUNT(*), AuthResult.Result, AuthResult.Type FROM dmarc_report WHERE AuthResult.Domain = <@emaildomain.com> AND AuthResult.SourceIP IN (<list of authorized IPs>) GROUP BY AuthResult.Result
Example of results:
Code:
349 pass spf
2 fail spf
349 pass dkim
3 fail dkim
2) SELECT COUNT(*), AuthResult.Result, AuthResult.Type FROM dmarc_report WHERE AuthResult.Domain = <@emaildomain.com> AND AuthResult.SourceIP NOT IN (<list of authorized IPs>) GROUP BY AuthResult.Result
3) SELECT COUNT(*), Report.ReportOrgName FROM dmarc_report
Example of results
2003 google.com
402 yahoo.com
...etc...
I was wondering if anyone can suggest other graphs that might be useful that I can bundle as default graphs?