2023-02-07 11:19:11 +03:00
{
"version" : "Notebook/1.0" ,
"items" : [
{
"type" : 12 ,
"content" : {
"version" : "NotebookGroup/1.0" ,
"groupType" : "editable" ,
"title" : "Most viewed Websites" ,
"items" : [
{
"type" : 3 ,
"content" : {
"version" : "KqlItem/1.0" ,
2023-02-20 19:11:55 +03:00
"query" : "talon_CL\n| extend SplitAll=split(url_s, '/')[0]\n| summarize AggregatedValue = count() by tostring(SplitAll)\n| where tostring(SplitAll) != ''\n| order by AggregatedValue" ,
2023-02-07 11:19:11 +03:00
"size" : 0 ,
"timeContext" : {
"durationMs" : 86400000
} ,
"queryType" : 0 ,
"resourceType" : "microsoft.operationalinsights/workspaces" ,
"visualization" : "barchart"
} ,
"name" : "query - 1"
}
]
} ,
"name" : "group - 2"
} ,
{
"type" : 12 ,
"content" : {
"version" : "NotebookGroup/1.0" ,
"groupType" : "editable" ,
"title" : "Activities" ,
"items" : [
{
"type" : 12 ,
"content" : {
"version" : "NotebookGroup/1.0" ,
"groupType" : "editable" ,
"title" : "Most Active Users" ,
"items" : [
{
"type" : 3 ,
"content" : {
"version" : "KqlItem/1.0" ,
2023-02-20 19:11:55 +03:00
"query" : "talon_CL \n| where action_s != \"allowed\"\n| summarize AggregatedValue = count() by userEmail_s" ,
2023-02-07 11:19:11 +03:00
"size" : 0 ,
"timeContext" : {
"durationMs" : 172800000
} ,
"queryType" : 0 ,
"resourceType" : "microsoft.operationalinsights/workspaces" ,
"visualization" : "piechart"
} ,
"name" : "High Risk Users"
}
]
} ,
"customWidth" : "50" ,
"name" : "group - 1" ,
"styleSettings" : {
"margin" : "0" ,
"padding" : "0" ,
"maxWidth" : "50"
}
} ,
{
"type" : 3 ,
"content" : {
"version" : "KqlItem/1.0" ,
2023-02-20 19:11:55 +03:00
"query" : "talon_CL \n| summarize AggregatedValue = count() by eventType_s \n" ,
2023-02-07 11:19:11 +03:00
"size" : 0 ,
"title" : "Most Used Policies" ,
"timeContext" : {
"durationMs" : 86400000
} ,
"queryType" : 0 ,
"resourceType" : "microsoft.operationalinsights/workspaces" ,
"visualization" : "piechart" ,
"tileSettings" : {
"showBorder" : false ,
"titleContent" : {
"columnMatch" : "url" ,
"formatter" : 1
} ,
"leftContent" : {
"columnMatch" : "AggregatedValue" ,
"formatter" : 12 ,
"formatOptions" : {
"palette" : "auto"
} ,
"numberFormat" : {
"unit" : 17 ,
"options" : {
"maximumSignificantDigits" : 3 ,
"maximumFractionDigits" : 2
}
}
}
} ,
"mapSettings" : {
"locInfo" : "LatLong" ,
"sizeSettings" : "AggregatedValue" ,
"sizeAggregation" : "Sum" ,
"legendMetric" : "AggregatedValue" ,
"legendAggregation" : "Sum" ,
"itemColorSettings" : {
"type" : "heatmap" ,
"colorAggregation" : "Sum" ,
"nodeColorField" : "AggregatedValue" ,
"heatmapPalette" : "greenRed"
}
}
} ,
"customWidth" : "50" ,
"name" : "Most Used Policies" ,
"styleSettings" : {
"maxWidth" : "50"
}
} ,
{
"type" : 3 ,
"content" : {
"version" : "KqlItem/1.0" ,
2023-02-20 19:11:55 +03:00
"query" : "talon_CL \n| where action_s != \"allowed\"\n| summarize AggregatedValue = count() by deviceHostname_s" ,
2023-02-07 11:19:11 +03:00
"size" : 0 ,
"title" : "High Risk Devices" ,
"timeContext" : {
"durationMs" : 86400000
} ,
"queryType" : 0 ,
"resourceType" : "microsoft.operationalinsights/workspaces" ,
"visualization" : "barchart" ,
"tileSettings" : {
"showBorder" : false ,
"titleContent" : {
"columnMatch" : "deviceHostname_s" ,
"formatter" : 1
} ,
"leftContent" : {
"columnMatch" : "AggregatedValue" ,
"formatter" : 12 ,
"formatOptions" : {
"palette" : "auto"
} ,
"numberFormat" : {
"unit" : 17 ,
"options" : {
"maximumSignificantDigits" : 3 ,
"maximumFractionDigits" : 2
}
}
}
}
} ,
"name" : "query - 2"
}
]
} ,
"name" : "Activities"
}
] ,
2023-02-07 13:52:05 +03:00
"fromTemplateId" : "TalonInsightsWorkbook" ,
2023-02-07 11:19:11 +03:00
"$schema" : "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
2023-02-07 13:52:05 +03:00
}
