{
  "annotations": {
    "list": []
  },
  "editable": true,
  "panels": [
    {
      "type": "stat",
      "title": "Active Agents",
      "gridPos": { "h": 4, "w": 6, "x": 0, "y": 0 },
      "targets": [
        {
          "expr": "eventcollector_active_agents",
          "refId": "A"
        }
      ]
    },
    {
      "type": "stat",
      "title": "High Detections (5m)",
      "gridPos": { "h": 4, "w": 6, "x": 6, "y": 0 },
      "targets": [
        {
          "expr": "increase(eventcollector_detection_hits_total{severity=\"high\"}[5m])",
          "refId": "A"
        }
      ]
    },
    {
      "type": "timeseries",
      "title": "HTTP Requests",
      "gridPos": { "h": 8, "w": 12, "x": 0, "y": 4 },
      "targets": [
        {
          "expr": "rate(eventcollector_http_requests_total[5m])",
          "legendFormat": "{{path}} {{status}}",
          "refId": "A"
        }
      ]
    },
    {
      "type": "timeseries",
      "title": "Detection Hits",
      "gridPos": { "h": 8, "w": 12, "x": 12, "y": 4 },
      "targets": [
        {
          "expr": "increase(eventcollector_detection_hits_total[5m])",
          "legendFormat": "{{rule}} {{severity}}",
          "refId": "A"
        }
      ]
    },
    {
      "type": "timeseries",
      "title": "Ingested Events",
      "gridPos": { "h": 8, "w": 24, "x": 0, "y": 12 },
      "targets": [
        {
          "expr": "rate(eventcollector_ingest_events_total[5m])",
          "legendFormat": "{{channel}} {{event_id}}",
          "refId": "A"
        }
      ]
    }
  ],
  "schemaVersion": 39,
  "style": "dark",
  "tags": ["siem"],
  "templating": { "list": [] },
  "time": {
    "from": "now-6h",
    "to": "now"
  },
  "title": "SIEM Overview",
  "version": 1
}