Volume total d'alarmes critiques + majeures (période : 24h/24 7j/7)

Indicateurs-CEIP

Période de temps souhaitée -30d@d now

Ce tableau de bord représente les métriques du mois de mai 2024 des CEIP: Réseaux, Cyber, Téléphonie (périmètre TIC). Tous les contextes présents sur la TIC (Hydraulique, Nucléaire, Thermique) sont pris en compte dans ces métriques. Le contexte PaH n'est pas pris en compte car il se trouve sur un rebond différent (en attente du déploiement du splunk PaH).

Volume total d'alarmes critiques + majeures (période : 24h/24 7j/7) index="idx_tic_spectrum" Severity="Critical" OR Severity="Major" | dedup id | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie" | stats count as "Total number of alarm" $tk_time.earliest$ $tk_time.latest$ Volume total d'alarmes critiques + majeures "cleared avant acquitement" (période : 24h/24 7j/7) index="idx_tic_spectrum" | transaction id keepevicted=true keeporphans=true | search (NOT Acknowledged=true) Cleared=true Severity="Critical" OR Severity="Major" | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie" | stats count $tk_time.earliest$ $tk_time.latest$ Volume alarmes critiques+ majeures non acquittées (période : 24h/24 7j/7) index="idx_tic_spectrum" | search Severity="Critical" OR Severity="Major" | transaction id keepevicted=true keeporphans=true maxopentxn=10000000 | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search ( Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie") NOT Acknowledged="true" |stats count as "TOTAL" $tk_time.earliest$ $tk_time.latest$ Volume d'alarmes critiques+majeures acquittées (période : 24h/24 7j/7) index="idx_tic_spectrum" | search Severity="Critical" OR Severity="Major" | transaction id keepevicted=true keeporphans=true maxopentxn=10000000 | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search (Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie") Acknowledged="true" |stats count as "TOTAL" $tk_time.earliest$ $tk_time.latest$ Temps acquittement moyen d'une alarme critique+majeure (période : 24h/24 7j/7) index="idx_tic_spectrum" (Creation_Date=* OR Acknowledged="true") | search Severity="Critical" OR Severity="Major" | transaction id keepevicted=true keeporphans=true maxopentxn=10000000 | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie" | eval ack_time_str = mvindex(Date,0) | rex field=ack_time_str " (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | rex field=Creation_Date " (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | eval ack_time = strptime(ack_time_str,"%Y-%m-%d %H:%M:%S") | eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400)) | eval begin_week_day = strftime(begin_day*86400,"%w") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day)) | eval begin_week = floor((begin_day-3)/7) | eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400)) | eval ack_week_day = strftime(ack_day*86400,"%w") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) | eval ack_week = floor((ack_day-3)/7) | eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time) | eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time) | eval diffday = ack_day-begin_day | eval diffweek = ack_week-begin_week | eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800)) | search ack_duration!=0 | stats avg(ack_duration) as moyenne_s| eval moyenne_s =tostring(round(moyenne_s),"duration") | eval moyenne_s=replace(moyenne_s,"\+"," jour(s) ") | eval moyenne_s=replace(moyenne_s,"([0-9]{2}):([0-9]{2}):([0-9]{2})","\1h\2m\3s") $tk_time.earliest$ $tk_time.latest$ Répartition des alarmes (critiques+majeures) acquittées en moins d'une heure et en plus d'une heure (période : 24h/24 7j/7) index="idx_tic_spectrum" (Creation_Date=* OR Acknowledged="true") | search Severity="Critical" OR Severity="Major" | transaction id keepevicted=true keeporphans=true maxopentxn=10000000 | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie" | eval ack_time_str = mvindex(Date,0) | rex field=ack_time_str " (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | rex field=Creation_Date " (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | eval ack_time = strptime(ack_time_str,"%Y-%m-%d %H:%M:%S") | eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400)) | eval begin_week_day = strftime(begin_day*86400,"%w") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day)) | eval begin_week = floor((begin_day-3)/7) | eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400)) | eval ack_week_day = strftime(ack_day*86400,"%w") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) | eval ack_week = floor((ack_day-3)/7) | eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time) | eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time) | eval diffday = ack_day-begin_day | eval diffweek = ack_week-begin_week | eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800)) | search ack_duration!=0 |eval ack_duration=if(ack_duration<=3600,"moins de 60 minutes","plus de 60 minutes") |stats count by ack_duration $tk_time.earliest$ $tk_time.latest$ Volume d'alarmes (critique+majeure) créées entre 08h00 et 17h00 hors week-ends index="idx_tic_spectrum" Creation_Date=* Severity="Critical" OR Severity="Major" | transaction id keepevicted=true keeporphans=true maxopentxn=10000000 | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie" | rex field=Creation_Date " (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | where begin_hour >= 8 and begin_hour <17 | eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400)) | eval begin_week_day = strftime(begin_day*86400,"%w") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day)) | where begin_week_day !=0 and begin_week_day!=6 | eval begin_week = floor((begin_day-3)/7) | eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time) |stats count as "Nombre d'alarmes" $tk_time.earliest$ $tk_time.latest$ Volume d'alarmes crtitiques+majeures créées entre 08h00 et 17h00 hors week-ends "cleared avant acquittement" index="idx_tic_spectrum" | transaction id keepevicted=true keeporphans=true maxopentxn=10000000 | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie" | search (NOT Acknowledged=true) Cleared=true Severity="Critical" OR Severity="Major" | rex field=Creation_Date " (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | where begin_hour >= 8 and begin_hour <17 | eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400)) | eval begin_week_day = strftime(begin_day*86400,"%w") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day)) | where begin_week_day !=0 and begin_week_day!=6 | eval begin_week = floor((begin_day-3)/7) | eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time) |stats count as "Nombre d'alarmes" $tk_time.earliest$ $tk_time.latest$ Volume d'alarmes critiques+majeures non acquittées créées entre 08h00 et 17h00 hors week-ends index="idx_tic_spectrum" Severity="Critical" OR Severity="Major" | transaction id keepevicted=true keeporphans=true maxopentxn=10000000 | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search ( Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie") NOT Acknowledged="true" | rex field=Creation_Date " (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | where begin_hour >= 8 and begin_hour <17 | eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400)) | eval begin_week_day = strftime(begin_day*86400,"%w") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day)) | where begin_week_day !=0 and begin_week_day!=6 | eval begin_week = floor((begin_day-3)/7) | eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time) |stats count as "Nombre d'alarmes" $tk_time.earliest$ $tk_time.latest$ Nombre total d'alarmes critiques et majeures créées et acquittées entre 08h00 et 17h00 hors week-ends index="idx_tic_spectrum" Severity="Critical" OR Severity="Major" | transaction id keepevicted=true keeporphans=true maxopentxn=10000000 | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search ( Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie") Acknowledged="true" | rex field=Creation_Date " (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | where begin_hour >= 8 and begin_hour <17 | eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400)) | eval begin_week_day = strftime(begin_day*86400,"%w") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day)) | where begin_week_day !=0 and begin_week_day!=6 | eval begin_week = floor((begin_day-3)/7) | eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time) |stats count as "Nombre d'alarmes" $tk_time.earliest$ $tk_time.latest$ Temps acquittement moyen d'une alarme (critique+majeure) - alarmes créées et acquittées entre 08:00 et 17:00 , hors week-ends. index="idx_tic_spectrum" (Creation_Date=* OR Acknowledged="true") Severity="Critical" OR Severity="Major" | transaction id keepevicted=true keeporphans=true maxopentxn=10000000 | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search Owner="CEIP Reseau" OR Owner="CEIP Cyber" OR Owner="CEIP Telephonie" | eval ack_time_str = mvindex(Date,0) | rex field=ack_time_str " (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | rex field=Creation_Date " (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | where begin_hour >= 8 and begin_hour <17 | eval ack_time = strptime(ack_time_str,"%Y-%m-%d %H:%M:%S") | eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400)) | eval begin_week_day = strftime(begin_day*86400,"%w") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day)) | where begin_week_day !=0 and begin_week_day!=6 | eval begin_week = floor((begin_day-3)/7) | eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400)) | eval ack_week_day = strftime(ack_day*86400,"%w") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) | eval ack_week = floor((ack_day-3)/7) | eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time) | eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time) | eval diffday = ack_day-begin_day | eval diffweek = ack_week-begin_week | eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800)) | search ack_duration!=0 | stats avg(ack_duration) as moyenne_s| eval moyenne_s =tostring(round(moyenne_s),"duration") | eval moyenne_s=replace(moyenne_s,"\+"," jour(s) ") | eval moyenne_s=replace(moyenne_s,"([0-9]{2}):([0-9]{2}):([0-9]{2})","\1h\2m\3s") $tk_time.earliest$ $tk_time.latest$ Répartition des alarmes (critique+majeure) acquittées en moins d'une heure et en plus d'une heure créées entre 08h00 & 17h00 hors week-ends. index="idx_tic_spectrum" (Creation_Date=* OR Acknowledged="true") Severity="Critical" OR Severity="Major" | transaction id keepevicted=true keeporphans=true maxopentxn=10000000 | lookup spectrum_devices_dynamic.csv IP as Network_Address OUTPUT Owner | search Owner="CEIP Cyber" OR Owner="CEIP Reseau" OR Owner="CEIP Telephonie" | eval ack_time_str = mvindex(Date,0) | rex field=ack_time_str " (?<ack_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | rex field=Creation_Date " (?<begin_hour>[0-9]{2}):[0-9]{2}:[0-9]{2}" | where begin_hour >= 8 and begin_hour <17 | eval ack_time = strptime(ack_time_str,"%Y-%m-%d %H:%M:%S") | eval begin_day=if(begin_hour>=17,floor((_time+7200)/86400)+1,floor((_time+7200)/86400)) | eval begin_week_day = strftime(begin_day*86400,"%w") | eval begin_day = if(begin_week_day==0,begin_day+1,if(begin_week_day==6,begin_day+2,begin_day)) | where begin_week_day !=0 and begin_week_day!=6 | eval begin_week = floor((begin_day-3)/7) | eval ack_day=if(ack_hour>=17,floor((ack_time+7200)/86400)+1,floor((ack_time+7200)/86400)) | eval ack_week_day = strftime(ack_day*86400,"%w") | eval ack_day = if(ack_week_day==0,ack_day+1,if(ack_week_day==6,ack_day+2,ack_day)) | eval ack_week = floor((ack_day-3)/7) | eval begin_date = if(begin_hour>=17 OR begin_hour<8 OR begin_week_day==0 OR begin_week_day==6,begin_day*86400+21600,_time) | eval ack_date = if(ack_hour>=17 OR ack_hour<8 OR ack_week_day==0 OR ack_week_day==6,ack_day*86400+21600,ack_time) | eval diffday = ack_day-begin_day | eval diffweek = ack_week-begin_week | eval ack_duration = round((ack_date-begin_date)-(diffday*54000)-(diffweek*64800)) | search ack_duration!=0 |eval ack_duration=if(ack_duration<=3600,"moins de 60 minutes","plus de 60 minutes") |stats count by ack_duration $tk_time.earliest$ $tk_time.latest$