Healthcheckoverview dashboard update #120

ddiabe · 2023-12-18T21:25:11Z

Testing tips*

Had to change the field name to winlog.computer_name from host name.
Go to the client computer (C1) and on an elevated PowerShell command prompt type command wininit to kill the create an unexpected shot down.
After the shut down on C1, reboot machine and on the event viewer, identify wins event log 41.
This event will appear on the dashboard as an unexpected shutdown of computer.

…elease-1.3.0

removed alerting dashboard from this PR healthcheck PR

mitchelbaker-cisa

Ran test and unexpected shutdown displays from client machine.

rgbrow1949

Everything worked as intended, Approved

* added branch naming conventions to Contributing, fixed typo (#85) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * adding line change from clint's old pr * Release 1.2.0 MERGE INTO MAIN (#101) (#102) * Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> * Add .gitattributes file to exclude the testing folder from releases. (#105) * Updated dashboard Process Explorer file downloads panels * Update workflow file to include linting and static security scans (#106) * Update main.yml to add linting * Update main.yml * Update troubleshooting.md with instructions on how to change elastic password (#110) * Delete Chapter 4 Files/dashboards/user_security.ndjson * Delete Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson * Updated dashboards * Remove elastic user password prompt from deploy.sh (#107) * Remove elastic password prompt and condition in setpasswords() * create displaycredentials() fnc, link troubleshooting.md documentation at end of script * update deploy.sh to link to changing elastic username/password in troubleshooting.md * updated upgrading.md for release 1.3.0 and fixed link in chapter3.md (#117) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * imported new dashboard * Rearrange sysmon dashboard (#115) * updating sysmon dashboard * adding line change from clint's old pr * Add .gitattributes file to exclude the testing folder from releases. (#105) * updating sysmon dashboard --------- Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Healthcheckoverview dashboard update (#120) * imported new dashboard * updated healthcheck dashboard * Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (#121) removed alerting dashboard from this PR healthcheck PR --------- Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: ddiabe <you@example.com> * adding push so that I can track this branch * pushing all changes as documented in the PR: 112 * Updated Healthcheck Overview Dashboard panels --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> Co-authored-by: ddiabe <you@example.com>

* added branch naming conventions to Contributing, fixed typo (cisagov#85) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * adding line change from clint's old pr * Release 1.2.0 MERGE INTO MAIN (cisagov#101) (cisagov#102) * Added instructions to update from Release 1.1.0 to Release 1.2.0 to upgrading.md file * Upgrade ELK stack to 8.11.1 (cisagov#86) * Update ELK to 8.11.1 * Pull images before starting cluster * Pull images before deploylme * Upgrade versions in the live docker compose upon upgrade * Pull new images before deploying new stack * Globalize version variable * Adding the following: - get_latest_version function - pulling version from this function - old password reading text update to reduce confusion - print statements in upgrade from 1.0 -> 1.2 - sleep so it doesn't fail if docker does a slow removal * Update the version in dashboard_update.sh --------- * Changed ELK Stack from deploy.sh update to deploy.sh upgrade --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: mreeve.snl <mreeve@sandia.gov> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> * Add .gitattributes file to exclude the testing folder from releases. (cisagov#105) * Updated dashboard Process Explorer file downloads panels * Update workflow file to include linting and static security scans (cisagov#106) * Update main.yml to add linting * Update main.yml * Update troubleshooting.md with instructions on how to change elastic password (cisagov#110) * Delete Chapter 4 Files/dashboards/user_security.ndjson * Delete Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson * Updated dashboards * Remove elastic user password prompt from deploy.sh (cisagov#107) * Remove elastic password prompt and condition in setpasswords() * create displaycredentials() fnc, link troubleshooting.md documentation at end of script * update deploy.sh to link to changing elastic username/password in troubleshooting.md * updated upgrading.md for release 1.3.0 and fixed link in chapter3.md (cisagov#117) Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> * imported new dashboard * Rearrange sysmon dashboard (cisagov#115) * updating sysmon dashboard * adding line change from clint's old pr * Add .gitattributes file to exclude the testing folder from releases. (cisagov#105) * updating sysmon dashboard --------- Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Healthcheckoverview dashboard update (cisagov#120) * imported new dashboard * updated healthcheck dashboard * Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (cisagov#121) removed alerting dashboard from this PR healthcheck PR --------- Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: ddiabe <you@example.com> * adding push so that I can track this branch * pushing all changes as documented in the PR: 112 * Updated Healthcheck Overview Dashboard panels --------- Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse <l.lovero-waterhouse@ecstech.com> Co-authored-by: mreeve-snl <mreeve@sandia.gov> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: Rishi Aggarwal <Rishi.Aggarwal@ecstech.com> Co-authored-by: Clint Baxley <c.baxley-ctr@ecstech.com> Co-authored-by: Clint Baxley <clint.baxley-ctr@ecstech.com> Co-authored-by: ddiabe <133152385+ddiabe@users.noreply.github.com> Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Michael Reeves <147089975+mreeve-snl@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: ddiabe <0743724407@HQ.DHS.GOV> Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> Co-authored-by: ddiabe <you@example.com>

ddiabe and others added 4 commits December 18, 2023 11:21

Merge branch 'main' into release-1.3.0

bf42386

Merge branch 'release-1.3.0' of https://github.com/cisagov/LME into r…

a2b98b0

…elease-1.3.0

imported new dashboard

46265df

updated healthcheck dashboard

0528d74

ddiabe requested review from mitchelbaker-cisa, mreeve-snl, llwaterhouse and rgbrow1949 December 18, 2023 21:25

llwaterhouse changed the base branch from main to release-1.3.0 December 18, 2023 21:26

ddiabe added 2 commits December 18, 2023 16:27

Merge branch 'release-1.3.0' into healthcheckoverview_dashboard_update

f98924b

Delete Chapter 4 Files/dashboards/alerting_dashboard.ndjson (#121)

b8ec76c

removed alerting dashboard from this PR healthcheck PR

mitchelbaker-cisa approved these changes Dec 18, 2023

View reviewed changes

rgbrow1949 approved these changes Dec 18, 2023

View reviewed changes

mitchelbaker-cisa merged commit e3abfd8 into release-1.3.0 Dec 18, 2023
3 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Healthcheckoverview dashboard update #120

Healthcheckoverview dashboard update #120

ddiabe commented Dec 18, 2023

mitchelbaker-cisa left a comment

rgbrow1949 left a comment

Healthcheckoverview dashboard update #120

Healthcheckoverview dashboard update #120

Conversation

ddiabe commented Dec 18, 2023

mitchelbaker-cisa left a comment

Choose a reason for hiding this comment

rgbrow1949 left a comment

Choose a reason for hiding this comment