Azure-Sentinel/Workbooks/VisualizationDemo.json

{
  "version": "Notebook/1.0",
  "items": [
    {
      "type": 11,
      "content": {
        "version": "LinkItem/1.0",
        "style": "tabs",
        "links": [
          {
            "cellValue": "Tab",
            "linkTarget": "parameter",
            "linkLabel": "Text, Grids, Tiles",
            "subTarget": "Text",
            "preText": "",
            "style": "link"
          },
          {
            "cellValue": "Tab",
            "linkTarget": "parameter",
            "linkLabel": "Charts and Graphs",
            "subTarget": "Charts",
            "style": "link"
          },
          {
            "cellValue": "Tab",
            "linkTarget": "parameter",
            "linkLabel": "Time Brushing",
            "subTarget": "TB",
            "style": "link"
          },
          {
            "cellValue": "Tab",
            "linkTarget": "parameter",
            "linkLabel": "Dynamic Content",
            "subTarget": "DC",
            "style": "link"
          },
          {
            "cellValue": "Tab",
            "linkTarget": "parameter",
            "linkLabel": "Personalization",
            "subTarget": "Personalization",
            "style": "link"
          }
        ]
      },
      "name": "links - 1"
    },
    {
      "type": 12,
      "content": {
        "version": "NotebookGroup/1.0",
        "groupType": "editable",
        "items": [
          {
            "type": 1,
            "content": {
              "json": "This is an example of text being put in a workbook. This workbook shows different types of visualizations that can be achieved in Sentinel workbooks."
            },
            "name": "text - 0"
          },
          {
            "type": 9,
            "content": {
              "version": "KqlParameterItem/1.0",
              "parameters": [
                {
                  "id": "a39e8bae-dd20-4c06-85ca-83cea33a1fa2",
                  "version": "KqlParameterItem/1.0",
                  "name": "TimeParameter",
                  "label": "Time Parameter",
                  "type": 4,
                  "isRequired": true,
                  "value": {
                    "durationMs": 86400000
                  },
                  "typeSettings": {
                    "selectableValues": [
                      {
                        "durationMs": 300000
                      },
                      {
                        "durationMs": 900000
                      },
                      {
                        "durationMs": 1800000
                      },
                      {
                        "durationMs": 3600000
                      },
                      {
                        "durationMs": 14400000
                      },
                      {
                        "durationMs": 43200000
                      },
                      {
                        "durationMs": 86400000
                      },
                      {
                        "durationMs": 172800000
                      },
                      {
                        "durationMs": 259200000
                      },
                      {
                        "durationMs": 604800000
                      },
                      {
                        "durationMs": 1209600000
                      },
                      {
                        "durationMs": 2419200000
                      },
                      {
                        "durationMs": 2592000000
                      },
                      {
                        "durationMs": 5184000000
                      },
                      {
                        "durationMs": 7776000000
                      }
                    ]
                  },
                  "resourceType": "microsoft.insights/components"
                }
              ],
              "style": "pills",
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces"
            },
            "name": "parameters - 1"
          },
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "SecurityAlert\r\n| take 20",
              "size": 0,
              "timeContext": {
                "durationMs": 0
              },
              "timeContextFromParameter": "TimeParameter",
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces"
            },
            "name": "query - 2"
          },
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "Usage\r\n| summarize count() by DataType\r\n| sort by count_ desc",
              "size": 0,
              "timeContext": {
                "durationMs": 0
              },
              "timeContextFromParameter": "TimeParameter",
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces",
              "visualization": "tiles",
              "tileSettings": {
                "showBorder": false,
                "titleContent": {
                  "columnMatch": "DataType",
                  "formatter": 1
                },
                "leftContent": {
                  "columnMatch": "count_",
                  "formatter": 12,
                  "formatOptions": {
                    "palette": "auto"
                  },
                  "numberFormat": {
                    "unit": 17,
                    "options": {
                      "maximumSignificantDigits": 3,
                      "maximumFractionDigits": 2
                    }
                  }
                }
              }
            },
            "name": "query - 3"
          }
        ]
      },
      "conditionalVisibility": {
        "parameterName": "Tab",
        "comparison": "isEqualTo",
        "value": "Text"
      },
      "name": "TGT"
    },
    {
      "type": 12,
      "content": {
        "version": "NotebookGroup/1.0",
        "groupType": "editable",
        "items": [
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "SecurityAlert\r\n| where TimeGenerated >= ago(90d)\r\n| summarize count() by ProductName, bin(TimeGenerated,1d)",
              "size": 0,
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces",
              "visualization": "categoricalbar"
            },
            "name": "query - 0"
          },
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "SecurityAlert\r\n| where TimeGenerated >= ago(90d)\r\n| summarize count() by ProductName, bin(TimeGenerated,1d)",
              "size": 0,
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces",
              "visualization": "piechart"
            },
            "customWidth": "33",
            "name": "query - 4"
          },
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "SecurityAlert\r\n| where TimeGenerated >= ago(90d)\r\n| summarize count() by ProductName, bin(TimeGenerated,1d)",
              "size": 0,
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces",
              "visualization": "linechart"
            },
            "customWidth": "66",
            "name": "query - 5"
          },
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "SecurityAlert\r\n| where TimeGenerated >= ago(90d)\r\n| summarize count() by ProductName",
              "size": 0,
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces",
              "visualization": "graph",
              "graphSettings": {
                "type": 2,
                "topContent": {
                  "columnMatch": "ProductName",
                  "formatter": 1,
                  "formatOptions": {
                    "showIcon": true
                  }
                },
                "centerContent": {
                  "columnMatch": "count_",
                  "formatter": 1,
                  "formatOptions": {
                    "showIcon": true
                  },
                  "numberFormat": {
                    "unit": 17,
                    "options": {
                      "maximumSignificantDigits": 3,
                      "maximumFractionDigits": 2
                    }
                  }
                },
                "hivesContent": {
                  "columnMatch": "ProductName",
                  "formatter": 1,
                  "formatOptions": {
                    "showIcon": true
                  }
                },
                "nodeIdField": "ProductName",
                "nodeSize": null,
                "staticNodeSize": 100,
                "colorSettings": {
                  "nodeColorField": "ProductName",
                  "type": 1,
                  "colorPalette": "pastel"
                },
                "groupByField": "ProductName",
                "hivesMargin": 5
              }
            },
            "name": "query - 3"
          }
        ]
      },
      "conditionalVisibility": {
        "parameterName": "Tab",
        "comparison": "isEqualTo",
        "value": "Charts"
      },
      "name": "Charts"
    },
    {
      "type": 12,
      "content": {
        "version": "NotebookGroup/1.0",
        "groupType": "editable",
        "items": [
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "SecurityAlert\r\n| where TimeGenerated >= ago(90d)\r\n| summarize count() by ProductName, bin(TimeGenerated,1d)",
              "size": 0,
              "title": "Time Brushing Example",
              "timeBrushParameterName": "TimeBrush",
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces",
              "visualization": "timechart"
            },
            "name": "query - 0"
          },
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "SecurityAlert\r\n",
              "size": 0,
              "timeContext": {
                "durationMs": 0
              },
              "timeContextFromParameter": "TimeBrush",
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces"
            },
            "name": "query - 1"
          }
        ]
      },
      "conditionalVisibility": {
        "parameterName": "Tab",
        "comparison": "isEqualTo",
        "value": "TB"
      },
      "name": "TB"
    },
    {
      "type": 12,
      "content": {
        "version": "NotebookGroup/1.0",
        "groupType": "editable",
        "items": [
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "SecurityAlert\r\n| extend Resource = ResourceId\r\n| summarize count() by Resource\r\n| sort by count_ desc\r\n",
              "size": 0,
              "title": "Machines with Alerts",
              "timeContext": {
                "durationMs": 2592000000
              },
              "exportMultipleValues": true,
              "exportedParameters": [
                {
                  "fieldName": "Resource",
                  "parameterName": "Resource"
                }
              ],
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces",
              "gridSettings": {
                "filter": true
              }
            },
            "customWidth": "25",
            "name": "query - 0"
          },
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "let Resource_ = dynamic({Resource});\r\nSecurityAlert\r\n| where ResourceId contains tostring(Resource_)\r\n| project TimeGenerated, Resource_, AlertName, AlertSeverity, ProductName\r\n",
              "size": 0,
              "title": "Alerts per Resource",
              "timeContext": {
                "durationMs": 2592000000
              },
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces"
            },
            "customWidth": "75",
            "conditionalVisibility": {
              "parameterName": "Resource",
              "comparison": "isNotEqualTo"
            },
            "name": "query - 6"
          }
        ]
      },
      "conditionalVisibility": {
        "parameterName": "Tab",
        "comparison": "isEqualTo",
        "value": "DC"
      },
      "name": "DC"
    },
    {
      "type": 12,
      "content": {
        "version": "NotebookGroup/1.0",
        "groupType": "editable",
        "items": [
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "SecurityRecommendation\r\n| where RecommendationState contains 'unhealthy'\r\n| extend Link = strcat('http://', RecommendationLink)\r\n| project AssessedResourceId, RecommendationName, RecommendationState, RecommendationSeverity, Link",
              "size": 0,
              "timeContext": {
                "durationMs": 2592000000
              },
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces"
            },
            "name": "query - 1"
          },
          {
            "type": 3,
            "content": {
              "version": "KqlItem/1.0",
              "query": "SecurityRecommendation\r\n| where RecommendationState contains 'unhealthy'\r\n| extend Link = strcat('http://', RecommendationLink)\r\n| project AssessedResourceId, RecommendationName, RecommendationState, RecommendationSeverity, Link",
              "size": 0,
              "timeContext": {
                "durationMs": 2592000000
              },
              "queryType": 0,
              "resourceType": "microsoft.operationalinsights/workspaces",
              "gridSettings": {
                "formatters": [
                  {
                    "columnMatch": "RecommendationSeverity",
                    "formatter": 18,
                    "formatOptions": {
                      "thresholdsOptions": "colors",
                      "thresholdsGrid": [
                        {
                          "operator": "==",
                          "thresholdValue": "High",
                          "representation": "redBright",
                          "text": "{0}{1}"
                        },
                        {
                          "operator": "==",
                          "thresholdValue": "Medium",
                          "representation": "yellow",
                          "text": "{0}{1}"
                        },
                        {
                          "operator": "==",
                          "thresholdValue": "Low",
                          "representation": "blue",
                          "text": "{0}{1}"
                        },
                        {
                          "operator": "==",
                          "thresholdValue": "Informational",
                          "representation": "gray",
                          "text": "{0}{1}"
                        },
                        {
                          "operator": "Default",
                          "thresholdValue": null,
                          "representation": "blue",
                          "text": "{0}{1}"
                        }
                      ]
                    }
                  },
                  {
                    "columnMatch": "Link",
                    "formatter": 7,
                    "formatOptions": {
                      "linkTarget": "GenericDetails",
                      "linkIsContextBlade": true
                    }
                  }
                ],
                "labelSettings": [
                  {
                    "columnId": "AssessedResourceId",
                    "label": "Resource"
                  },
                  {
                    "columnId": "RecommendationName",
                    "label": "Recommendation"
                  },
                  {
                    "columnId": "RecommendationState",
                    "label": "Status"
                  },
                  {
                    "columnId": "RecommendationSeverity",
                    "label": "Severity"
                  },
                  {
                    "columnId": "Link"
                  }
                ]
              }
            },
            "name": "query - 5"
          }
        ]
      },
      "conditionalVisibility": {
        "parameterName": "Tab",
        "comparison": "isEqualTo",
        "value": "Personalization"
      },
      "name": "Personalization"
    }
  ],
  "styleSettings": {},
  "fromTemplateId": "sentinel-VisualizationDemo",
  "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
}
adding new visualizations workbook adding new visualizations demo workbook 2020-06-26 20:39:32 +03:00			`{`
			`"version": "Notebook/1.0",`
			`"items": [`
			`{`
			`"type": 11,`
			`"content": {`
			`"version": "LinkItem/1.0",`
			`"style": "tabs",`
			`"links": [`
			`{`
			`"cellValue": "Tab",`
			`"linkTarget": "parameter",`
			`"linkLabel": "Text, Grids, Tiles",`
			`"subTarget": "Text",`
			`"preText": "",`
			`"style": "link"`
			`},`
			`{`
			`"cellValue": "Tab",`
			`"linkTarget": "parameter",`
			`"linkLabel": "Charts and Graphs",`
			`"subTarget": "Charts",`
			`"style": "link"`
			`},`
			`{`
			`"cellValue": "Tab",`
			`"linkTarget": "parameter",`
			`"linkLabel": "Time Brushing",`
			`"subTarget": "TB",`
			`"style": "link"`
			`},`
			`{`
			`"cellValue": "Tab",`
			`"linkTarget": "parameter",`
			`"linkLabel": "Dynamic Content",`
			`"subTarget": "DC",`
			`"style": "link"`
			`},`
			`{`
			`"cellValue": "Tab",`
			`"linkTarget": "parameter",`
			`"linkLabel": "Personalization",`
			`"subTarget": "Personalization",`
			`"style": "link"`
			`}`
			`]`
			`},`
			`"name": "links - 1"`
			`},`
			`{`
			`"type": 12,`
			`"content": {`
			`"version": "NotebookGroup/1.0",`
			`"groupType": "editable",`
			`"items": [`
			`{`
			`"type": 1,`
			`"content": {`
			`"json": "This is an example of text being put in a workbook. This workbook shows different types of visualizations that can be achieved in Sentinel workbooks."`
			`},`
			`"name": "text - 0"`
			`},`
			`{`
			`"type": 9,`
			`"content": {`
			`"version": "KqlParameterItem/1.0",`
			`"parameters": [`
			`{`
			`"id": "a39e8bae-dd20-4c06-85ca-83cea33a1fa2",`
			`"version": "KqlParameterItem/1.0",`
			`"name": "TimeParameter",`
			`"label": "Time Parameter",`
			`"type": 4,`
			`"isRequired": true,`
			`"value": {`
			`"durationMs": 86400000`
			`},`
			`"typeSettings": {`
			`"selectableValues": [`
			`{`
			`"durationMs": 300000`
			`},`
			`{`
			`"durationMs": 900000`
			`},`
			`{`
			`"durationMs": 1800000`
			`},`
			`{`
			`"durationMs": 3600000`
			`},`
			`{`
			`"durationMs": 14400000`
			`},`
			`{`
			`"durationMs": 43200000`
			`},`
			`{`
			`"durationMs": 86400000`
			`},`
			`{`
			`"durationMs": 172800000`
			`},`
			`{`
			`"durationMs": 259200000`
			`},`
			`{`
			`"durationMs": 604800000`
			`},`
			`{`
			`"durationMs": 1209600000`
			`},`
			`{`
			`"durationMs": 2419200000`
			`},`
			`{`
			`"durationMs": 2592000000`
			`},`
			`{`
			`"durationMs": 5184000000`
			`},`
			`{`
			`"durationMs": 7776000000`
			`}`
			`]`
			`},`
			`"resourceType": "microsoft.insights/components"`
			`}`
			`],`
			`"style": "pills",`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces"`
			`},`
			`"name": "parameters - 1"`
			`},`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "SecurityAlert\r\n\| take 20",`
			`"size": 0,`
			`"timeContext": {`
			`"durationMs": 0`
			`},`
			`"timeContextFromParameter": "TimeParameter",`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces"`
			`},`
			`"name": "query - 2"`
			`},`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "Usage\r\n\| summarize count() by DataType\r\n\| sort by count_ desc",`
			`"size": 0,`
			`"timeContext": {`
			`"durationMs": 0`
			`},`
			`"timeContextFromParameter": "TimeParameter",`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces",`
			`"visualization": "tiles",`
			`"tileSettings": {`
			`"showBorder": false,`
			`"titleContent": {`
			`"columnMatch": "DataType",`
			`"formatter": 1`
			`},`
			`"leftContent": {`
			`"columnMatch": "count_",`
			`"formatter": 12,`
			`"formatOptions": {`
			`"palette": "auto"`
			`},`
			`"numberFormat": {`
			`"unit": 17,`
			`"options": {`
			`"maximumSignificantDigits": 3,`
			`"maximumFractionDigits": 2`
			`}`
			`}`
			`}`
			`}`
			`},`
			`"name": "query - 3"`
			`}`
			`]`
			`},`
			`"conditionalVisibility": {`
			`"parameterName": "Tab",`
			`"comparison": "isEqualTo",`
			`"value": "Text"`
			`},`
			`"name": "TGT"`
			`},`
			`{`
			`"type": 12,`
			`"content": {`
			`"version": "NotebookGroup/1.0",`
			`"groupType": "editable",`
			`"items": [`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "SecurityAlert\r\n\| where TimeGenerated >= ago(90d)\r\n\| summarize count() by ProductName, bin(TimeGenerated,1d)",`
			`"size": 0,`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces",`
			`"visualization": "categoricalbar"`
			`},`
			`"name": "query - 0"`
			`},`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "SecurityAlert\r\n\| where TimeGenerated >= ago(90d)\r\n\| summarize count() by ProductName, bin(TimeGenerated,1d)",`
			`"size": 0,`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces",`
			`"visualization": "piechart"`
			`},`
			`"customWidth": "33",`
			`"name": "query - 4"`
			`},`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "SecurityAlert\r\n\| where TimeGenerated >= ago(90d)\r\n\| summarize count() by ProductName, bin(TimeGenerated,1d)",`
			`"size": 0,`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces",`
			`"visualization": "linechart"`
			`},`
			`"customWidth": "66",`
			`"name": "query - 5"`
			`},`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "SecurityAlert\r\n\| where TimeGenerated >= ago(90d)\r\n\| summarize count() by ProductName",`
			`"size": 0,`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces",`
			`"visualization": "graph",`
			`"graphSettings": {`
			`"type": 2,`
			`"topContent": {`
			`"columnMatch": "ProductName",`
			`"formatter": 1,`
			`"formatOptions": {`
			`"showIcon": true`
			`}`
			`},`
			`"centerContent": {`
			`"columnMatch": "count_",`
			`"formatter": 1,`
			`"formatOptions": {`
			`"showIcon": true`
			`},`
			`"numberFormat": {`
			`"unit": 17,`
			`"options": {`
			`"maximumSignificantDigits": 3,`
			`"maximumFractionDigits": 2`
			`}`
			`}`
			`},`
			`"hivesContent": {`
			`"columnMatch": "ProductName",`
			`"formatter": 1,`
			`"formatOptions": {`
			`"showIcon": true`
			`}`
			`},`
			`"nodeIdField": "ProductName",`
			`"nodeSize": null,`
			`"staticNodeSize": 100,`
			`"colorSettings": {`
			`"nodeColorField": "ProductName",`
			`"type": 1,`
			`"colorPalette": "pastel"`
			`},`
			`"groupByField": "ProductName",`
			`"hivesMargin": 5`
			`}`
			`},`
			`"name": "query - 3"`
			`}`
			`]`
			`},`
			`"conditionalVisibility": {`
			`"parameterName": "Tab",`
			`"comparison": "isEqualTo",`
			`"value": "Charts"`
			`},`
			`"name": "Charts"`
			`},`
			`{`
			`"type": 12,`
			`"content": {`
			`"version": "NotebookGroup/1.0",`
			`"groupType": "editable",`
			`"items": [`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "SecurityAlert\r\n\| where TimeGenerated >= ago(90d)\r\n\| summarize count() by ProductName, bin(TimeGenerated,1d)",`
			`"size": 0,`
			`"title": "Time Brushing Example",`
			`"timeBrushParameterName": "TimeBrush",`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces",`
			`"visualization": "timechart"`
			`},`
			`"name": "query - 0"`
			`},`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "SecurityAlert\r\n",`
			`"size": 0,`
			`"timeContext": {`
			`"durationMs": 0`
			`},`
			`"timeContextFromParameter": "TimeBrush",`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces"`
			`},`
			`"name": "query - 1"`
			`}`
			`]`
			`},`
			`"conditionalVisibility": {`
			`"parameterName": "Tab",`
			`"comparison": "isEqualTo",`
			`"value": "TB"`
			`},`
			`"name": "TB"`
			`},`
			`{`
			`"type": 12,`
			`"content": {`
			`"version": "NotebookGroup/1.0",`
			`"groupType": "editable",`
			`"items": [`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "SecurityAlert\r\n\| extend Resource = ResourceId\r\n\| summarize count() by Resource\r\n\| sort by count_ desc\r\n",`
			`"size": 0,`
			`"title": "Machines with Alerts",`
			`"timeContext": {`
			`"durationMs": 2592000000`
			`},`
			`"exportMultipleValues": true,`
			`"exportedParameters": [`
			`{`
			`"fieldName": "Resource",`
			`"parameterName": "Resource"`
			`}`
			`],`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces",`
			`"gridSettings": {`
			`"filter": true`
			`}`
			`},`
			`"customWidth": "25",`
			`"name": "query - 0"`
			`},`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "let Resource_ = dynamic({Resource});\r\nSecurityAlert\r\n\| where ResourceId contains tostring(Resource_)\r\n\| project TimeGenerated, Resource_, AlertName, AlertSeverity, ProductName\r\n",`
			`"size": 0,`
			`"title": "Alerts per Resource",`
			`"timeContext": {`
			`"durationMs": 2592000000`
			`},`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces"`
			`},`
			`"customWidth": "75",`
Update VisualizationDemo.json Changing view condition for the grid that relies on selecting a resource 2020-07-14 05:22:45 +03:00			`"conditionalVisibility": {`
			`"parameterName": "Resource",`
			`"comparison": "isNotEqualTo"`
			`},`
adding new visualizations workbook adding new visualizations demo workbook 2020-06-26 20:39:32 +03:00			`"name": "query - 6"`
			`}`
			`]`
			`},`
			`"conditionalVisibility": {`
			`"parameterName": "Tab",`
			`"comparison": "isEqualTo",`
			`"value": "DC"`
			`},`
			`"name": "DC"`
			`},`
			`{`
			`"type": 12,`
			`"content": {`
			`"version": "NotebookGroup/1.0",`
			`"groupType": "editable",`
			`"items": [`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "SecurityRecommendation\r\n\| where RecommendationState contains 'unhealthy'\r\n\| extend Link = strcat('http://', RecommendationLink)\r\n\| project AssessedResourceId, RecommendationName, RecommendationState, RecommendationSeverity, Link",`
			`"size": 0,`
			`"timeContext": {`
			`"durationMs": 2592000000`
			`},`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces"`
			`},`
			`"name": "query - 1"`
			`},`
			`{`
			`"type": 3,`
			`"content": {`
			`"version": "KqlItem/1.0",`
			`"query": "SecurityRecommendation\r\n\| where RecommendationState contains 'unhealthy'\r\n\| extend Link = strcat('http://', RecommendationLink)\r\n\| project AssessedResourceId, RecommendationName, RecommendationState, RecommendationSeverity, Link",`
			`"size": 0,`
			`"timeContext": {`
			`"durationMs": 2592000000`
			`},`
			`"queryType": 0,`
			`"resourceType": "microsoft.operationalinsights/workspaces",`
			`"gridSettings": {`
			`"formatters": [`
			`{`
			`"columnMatch": "RecommendationSeverity",`
			`"formatter": 18,`
			`"formatOptions": {`
			`"thresholdsOptions": "colors",`
			`"thresholdsGrid": [`
			`{`
			`"operator": "==",`
			`"thresholdValue": "High",`
			`"representation": "redBright",`
			`"text": "{0}{1}"`
			`},`
			`{`
			`"operator": "==",`
			`"thresholdValue": "Medium",`
			`"representation": "yellow",`
			`"text": "{0}{1}"`
			`},`
			`{`
			`"operator": "==",`
			`"thresholdValue": "Low",`
			`"representation": "blue",`
			`"text": "{0}{1}"`
			`},`
			`{`
			`"operator": "==",`
			`"thresholdValue": "Informational",`
			`"representation": "gray",`
			`"text": "{0}{1}"`
			`},`
			`{`
			`"operator": "Default",`
			`"thresholdValue": null,`
			`"representation": "blue",`
			`"text": "{0}{1}"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"columnMatch": "Link",`
			`"formatter": 7,`
			`"formatOptions": {`
			`"linkTarget": "GenericDetails",`
			`"linkIsContextBlade": true`
			`}`
			`}`
			`],`
			`"labelSettings": [`
			`{`
			`"columnId": "AssessedResourceId",`
			`"label": "Resource"`
			`},`
			`{`
			`"columnId": "RecommendationName",`
			`"label": "Recommendation"`
			`},`
			`{`
			`"columnId": "RecommendationState",`
			`"label": "Status"`
			`},`
			`{`
			`"columnId": "RecommendationSeverity",`
			`"label": "Severity"`
			`},`
			`{`
			`"columnId": "Link"`
			`}`
			`]`
			`}`
			`},`
			`"name": "query - 5"`
			`}`
			`]`
			`},`
			`"conditionalVisibility": {`
			`"parameterName": "Tab",`
			`"comparison": "isEqualTo",`
			`"value": "Personalization"`
			`},`
			`"name": "Personalization"`
			`}`
			`],`
			`"styleSettings": {},`
Update VisualizationDemo.json Updating workbook fromTemplateId name per comment 2020-07-13 16:38:45 +03:00			`"fromTemplateId": "sentinel-VisualizationDemo",`
adding new visualizations workbook adding new visualizations demo workbook 2020-06-26 20:39:32 +03:00			`"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"`
Update VisualizationDemo.json Updating workbook fromTemplateId name per comment 2020-07-13 16:38:45 +03:00			`}`