Dashboard Configuration¶
Configuration version¶
The dashboard configuration file has a version field that defines the format of the configuration file.
This is used so that we can make changes to the file format, when necessary.
This field is an int, and the current version is 1.
Panels¶
Seizu supports various panel types that can be used to visualize graph data. See the Panel schema for more detailed info about specific fields.
count¶
To simply display a count of a particular query, use a count panel.
Field |
Description |
|---|---|
cypher |
A cypher query to use for this panel. This is a reference to a query in the queries configuration section. The query must return the count as |
details_cypher |
A cypher to use for displaying a table view of the data, in a details view. This is a reference to a query in the queries configuration section. The query must return the rows as |
params |
A list of parameters to pass into the query. See the PanelParam schema for more info. |
caption |
The caption to show as the title of this panel. |
type |
The type of panel. |
metric |
The statsd metric to push for this panel, if stats pushing is enabled. |
size |
The width of this panel. |
Example¶
- cypher: cves
details_cypher: cves-details
caption: Total CVEs
metric: cves.total
type: count
size: 3
progress¶
To display a progress wheel, and x/y display of a particular query, use a progress panel.
By default, this panel will color the progress data based on a threshold of <70% error, >70% <100% primary, 100% success.
Field |
Description |
|---|---|
cypher |
A cypher query to use for this panel. This is a reference to a query in the queries configuration section. The query must return the counts as |
details_cypher |
A cypher to use for displaying a table view of the data, in a details view. This is a reference to a query in the queries configuration section. The query must return the rows as |
params |
A list of parameters to pass into the query. See the PanelParam schema for more info. |
caption |
The caption to show as the title of this panel. |
type |
The type of panel. |
threshold |
The lower threshold percentage to consider this result an error. Set to |
metric |
The statsd metric to push for this panel, if stats pushing is enabled. |
size |
The width of this panel. |
Example¶
- cypher: cve-by-severity
details_cypher: cve-by-severity-details
params:
- name: severity
value: CRITICAL
caption: Critical CVEs
type: progress
threshold: 0
size: 3
pie¶
To display a pie graph, use a pie panel.
Field |
Description |
|---|---|
cypher |
A cypher query to use for this panel. This is a reference to a query in the queries configuration section. The query must return rows, formatted as a dictionary, with keys |
details_cypher |
A cypher to use for displaying a table view of the data, in a details view. This is a reference to a query in the queries configuration section. The query must return the rows as |
params |
A list of parameters to pass into the query. See the PanelParam schema for more info. |
caption |
The caption to show as the title of this panel. |
type |
The type of panel. |
pie_settings |
An object of settings specific to pie panels. |
pie_settings.legend |
Orientation of the legend. |
size |
The width of this panel. |
Example¶
- cypher: cves-by-severity-as-rows
caption: Critical CVEs
type: pie
pie_settings:
legend: column
size: 3
bar¶
To display a bar graph, use a bar panel.
Field |
Description |
|---|---|
cypher |
A cypher query to use for this panel. This is a reference to a query in the queries configuration section. The query must return rows, formatted as a dictionary, with keys |
details_cypher |
A cypher to use for displaying a table view of the data, in a details view. This is a reference to a query in the queries configuration section. The query must return the rows as |
params |
A list of parameters to pass into the query. See the PanelParam schema for more info. |
caption |
The caption to show as the title of this panel. |
type |
The type of panel. |
bar_settings |
An object of settings specific to bar panels. |
bar_settings.legend |
Orientation of the legend. |
size |
The width of this panel. |
Example¶
- cypher: cves-by-severity-as-rows
caption: Critical CVEs
type: bar
bar_settings:
legend: column
size: 3
table¶
To display rows in a paged table, use a table panel.
Field |
Description |
|---|---|
cypher |
A cypher query to use for this panel. This is a reference to a query in the queries configuration section. The query must return the rows as |
params |
A list of parameters to pass into the query. See the PanelParam schema for more info. |
caption |
The caption to show as the title of this panel. |
type |
The type of panel. |
size |
The width of this panel. |
Example¶
- name: CVEs
panels:
- cypher: cve-search
params:
- name: cveId
input_id: cve-id-autocomplete-input
type: table
size: 12
vertical-table¶
To display rows in a less-dense, vertical per-row view, use a vertical-table panel.
Note: the caption per-row is set via the table_id field, and if unset, will display undefined
Field |
Description |
|---|---|
cypher |
A cypher query to use for this panel. This is a reference to a query in the queries configuration section. The query must return the rows as |
params |
A list of parameters to pass into the query. See the PanelParam schema for more info. |
caption |
The caption to show as the title of this panel. |
type |
The type of panel. |
table_id |
The attribute inside of the |
size |
The width of this panel. |
Example¶
- name: CVEs
panels:
- cypher: cve-search
params:
- name: cveId
input_id: cve-id-autocomplete-input
type: vertical-table
table_id: id
size: 12
markdown¶
To render markdown, use a markdown panel.
Field |
Description |
|---|---|
markdown |
The markdown to render. |
type |
The type of panel. |
markdown_settings |
An object of settings specific to pie panels. |
markdown_settings.variables |
A list of variables as dictionaries (with keys |
size |
The width of this panel. |
We’re using markdoc for markdown rendering, which supports variables, functions, etc. in the markdown. Currently, we support injecting variables from queries, and using those variables in functions.
Currently supported markdoc functions:
value: Return the value of a specified key from the specified variable. Example (returntotalfromcves):{% value("cves", "total") %}
Example¶
- markdown: |-
## CVE info
1. [CVE-2021-44228](https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720): Remote Code Execution (RCE), affects log4j versions below 2.15.0
1. [CVE-2021-4104](https://security.snyk.io/vuln/SNYK-JAVA-LOG4J-2316893): Arbitrary Code Execution, affects log4j 1.x
1. [CVE-2021-45046](https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014): Remote Code Execution (RCE), affects log4j versions below 2.16.0
1. [CVE-2021-45105](https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524): Denial of Service (DoS), affects log4j versions below 2.17.0
1. [CVE-2021-44832](https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339): Arbitrary Code Execution (RCE), affects log4j versions below 2.17.1
## Recommended action
Upgrade to log4j 2.17.1 or higher.
## Current counts
Total: {% value("cves", "total") %}
markdown_settings:
variables:
- name: cves
cypher: log4shell-cves-total
type: markdown
size: 12
Inputs¶
Reports can define inputs that can be used to pass parameters into queries used in panels in the report. These will be rendered at the top of the report, in the order specified in the configuration.
autocomplete¶
An autocomplete input can be used to use results queried from the graph as inputs to panels.
End-users can select through a dropdown list of the values, or can type to search/autocomplete a value.
Field |
Description |
|---|---|
input_id |
An ID for this input, that can be referenced from the params section of a panel. |
cypher |
A cypher query used to return the relevant data. This is not a reference to a query, but the actual query to run. It’s recommended to use |
default |
A dictionary with the default |
type |
The type of input. |
size |
The width of this input. |
Example¶
- input_id: cve-severity-autocomplete-input
cypher: >-
MATCH (c:CVE)
RETURN DISTINCT c.base_severity AS value
label: CVE Severity
type: autocomplete
size: 2
text¶
A text input can be used for user-defined input for panel query parameters.
Field |
Description |
|---|---|
input_id |
An ID for this input, that can be referenced from the params section of a panel. |
default |
A dictionary with the default |
type |
The type of input. |
size |
The width of this input. |
Example¶
- input_id: cve-id-regex
label: Regex
type: text
size: 2
Example Configuration¶
All panel types have an info button, which will show extra details about the panel, such as the query used, the parameters to the query, metrics that may be pushed with it, etc. Non-table panel types can also show a query related to the panel as more details, in the details view.
Example configuration
version: 1
queries:
cves-total: |-
MATCH (c:CVE)
RETURN count(c.id) AS total
cves-severity-of-total: |-
MATCH (c:CVE)
WITH COUNT(DISTINCT c.id) AS denominator
MATCH (c:CVE)
WHERE c.base_severity = $base_severity
RETURN count(DISTINCT c.id) AS numerator, denominator
cves-severity-of-total-details: |-
MATCH (c:CVE)
WHERE c.base_severity = $base_severity
RETURN c AS details
cves-by-severity-as-rows: |-
MATCH (c:CVE)
RETURN {id: c.base_severity, value: count(c.id)} AS details
cves: |-
MATCH (c:CVE)
WHERE c.base_severity =~ ($base_severity)
RETURN DISTINCT {
id: c.id,
base_severity: c.base_severity,
description: c.description_en,
published_date: c.published_date
} AS details
ORDER BY details.severity DESC
recent-cves: |-
MATCH (s:SyncMetadata)
WHERE s.grouptype = "CVE" AND s.syncedtype IN $syncedtype
WITH datetime({epochSeconds: s.lastupdated}) - duration({hours: 24}) AS feedupdatetime
MATCH (c:CVE)
WHERE (datetime(c.published_date)) > feedupdatetime AND c.base_severity IN $base_severity
RETURN {id: c.id, base_severity: c.base_severity, base_score: c.base_score, description: c.description_en} AS details
dashboard:
rows:
- name: CVEs as count and progress panels
panels:
- cypher: cves-total
type: count
caption: Total CVEs
metric: cve.count
size: 2.4
- cypher: cves-severity-of-total
details_cypher: cves-severity-of-total-details
type: progress
params:
- name: base_severity
value: CRITICAL
caption: Critical CVEs
metric: cve.progress
size: 2.4
threshold: 0
- cypher: cves-severity-of-total
details_cypher: cves-severity-of-total-details
type: progress
params:
- name: base_severity
value: HIGH
caption: High CVEs
metric: cve.progress
size: 2.4
threshold: 0
- cypher: cves-severity-of-total
details_cypher: cves-severity-of-total-details
type: progress
params:
- name: base_severity
value: MEDIUM
caption: Medium CVEs
metric: cve.progress
size: 2.4
threshold: 0
- cypher: cves-severity-of-total
details_cypher: cves-severity-of-total-details
type: progress
params:
- name: base_severity
value: LOW
caption: Low CVEs
metric: cve.progress
size: 2.4
threshold: 0
- name: CVEs as pie, bar panels
panels:
- cypher: cves-by-severity-as-rows
type: pie
caption: CVE severities
size: 6
- cypher: cves-by-severity-as-rows
type: bar
caption: CVE severities
size: 6
reports:
cves:
name: CVEs
inputs:
- input_id: cve_base_severity
cypher: |-
MATCH (c:CVE)
RETURN DISTINCT c.base_severity AS value
label: Base Severity
type: autocomplete
size: 2
rows:
- name: CVEs
panels:
- cypher: cves
type: table
params:
- name: base_severity
input_id: cve_base_severity
size: 12
scheduled_queries:
recent-cves-by-severity:
name: Recently published HIGH/CRITICAL CVEs
cypher: recent-cves
params:
- name: syncedtype
value:
- recent
- name: base_severity
value:
- HIGH
- CRITICAL
# every 1 minute, for testing
frequency: 1
enabled: True
actions:
- action_type: log
action_config:
message: Recently published HIGH/CRITICAL CVEs
level: info
log_attrs:
- id
- base_severity
- base_score
- description