2019-02-20 14:47:58 +03:00
{
"name" : "VMInsightsDashboard_{Workspace_Name}" ,
"type" : "Microsoft.Portal/dashboards" ,
"location" : "{Dashboard_Location}" ,
"tags" : {
"dashboardKey" : "VMInsightsDashboard" ,
"hidden-title" : "VMInsightsDashboard - {Workspace_Name}" ,
2019-04-18 10:59:03 +03:00
"version" : "1.1" ,
2019-02-20 14:47:58 +03:00
"workspaceName" : "{Workspace_Name}"
} ,
"properties" : {
"lenses" : {
"0" : {
"order" : 0 ,
"parts" : {
"0" : {
"position" : {
"x" : 1 ,
"y" : 0 ,
"colSpan" : 24 ,
"rowSpan" : 1
} ,
"metadata" : {
"inputs" : [ ] ,
"type" : "Extension/HubsExtension/PartType/MarkdownPart" ,
"settings" : {
"content" : {
"settings" : {
"content" : "<div style=\"font-size:300%;\">Infrastructure insights</div>" ,
"title" : "" ,
"subtitle" : ""
}
}
}
}
} ,
"1" : {
"position" : {
"x" : 0 ,
"y" : 1 ,
"colSpan" : 12 ,
"rowSpan" : 4
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| summarize TotalBytesSent = sum(BytesSent) by Computer, TimeGenerated\r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Dimensions" ,
"value" : {
"xAxis" : {
"name" : "TimeGenerated" ,
"type" : "DateTime"
} ,
"yAxis" : [
{
"name" : "TotalBytesSent" ,
"type" : "Int64"
}
] ,
"splitBy" : [
{
"name" : "Computer" ,
"type" : "String"
}
] ,
"aggregation" : "Sum"
}
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "bca439b5-1241-4ec8-b507-945f1b891713"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsChart"
} ,
{
"name" : "SpecificChart" ,
"value" : "Line"
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Bytes sent, by computer" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"2" : {
"position" : {
"x" : 12 ,
"y" : 1 ,
"colSpan" : 6 ,
"rowSpan" : 8
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| summarize Total_Traffic = sum(BytesSent) + sum(BytesReceived), TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by Computer | sort by Total_Traffic desc | project-away Total_Traffic \r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "1c263215-31f9-4f6c-b165-d04ad1f0cfd5"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsGrid"
} ,
{
"name" : "Dimensions" ,
"isOptional" : true
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Top communicating computers" ,
"PartSubTitle" : " " ,
"GridColumnsWidth" : {
"Computer" : "184px" ,
"TotalBytesSent" : "125px" ,
"TotalBytesReceived" : "183px"
}
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"3" : {
"position" : {
"x" : 18 ,
"y" : 1 ,
"colSpan" : 7 ,
"rowSpan" : 4
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "ServiceMapComputer_CL\r\n| summarize by Computer, Region = iff(HostingProvider_s == \"azure\", AzureLocation_s, \"non-azure\")\r\n| project Region \r\n| summarize count() by Region\r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Dimensions" ,
"value" : {
"xAxis" : {
"name" : "Region" ,
"type" : "String"
} ,
"yAxis" : [
{
"name" : "count_" ,
"type" : "Int64"
}
] ,
"splitBy" : [ ] ,
"aggregation" : "Sum"
}
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "0390dcac-6452-4a01-9de8-503dcc51bb32"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsDonut"
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Computers, by region" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"4" : {
"position" : {
"x" : 0 ,
"y" : 5 ,
"colSpan" : 12 ,
"rowSpan" : 4
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| summarize TotalBytesReceived = sum(BytesReceived) by Computer, TimeGenerated\r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Dimensions" ,
"value" : {
"xAxis" : {
"name" : "TimeGenerated" ,
"type" : "DateTime"
} ,
"yAxis" : [
{
"name" : "TotalBytesReceived" ,
"type" : "Int64"
}
] ,
"splitBy" : [
{
"name" : "Computer" ,
"type" : "String"
}
] ,
"aggregation" : "Sum"
}
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "37e714db-ff06-42bf-920f-e8b8064ab9e7"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsChart"
} ,
{
"name" : "SpecificChart" ,
"value" : "Line"
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Bytes received, by computer" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"5" : {
"position" : {
"x" : 18 ,
"y" : 5 ,
"colSpan" : 7 ,
"rowSpan" : 4
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "ServiceMapComputer_CL\r\n| where HostingProvider_s == \"azure\"\r\n| summarize by AzureResourceID = AzureResourceId_s\r\n| project Subscription = split(AzureResourceID, \"/\")[2]\r\n| summarize count() by tostring(Subscription)\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Dimensions" ,
"value" : {
"xAxis" : {
"name" : "Subscription" ,
"type" : "String"
} ,
"yAxis" : [
{
"name" : "count_" ,
"type" : "Int64"
}
] ,
"splitBy" : [ ] ,
"aggregation" : "Sum"
}
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "19c9a3f5-0c8c-475e-afc2-3e8136a33e41"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsDonut"
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Computers, by subscription" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"6" : {
"position" : {
"x" : 0 ,
"y" : 9 ,
"colSpan" : 18 ,
"rowSpan" : 4
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "ServiceMapComputer_CL\r\n| where HostingProvider_s == \"azure\"\r\n| summarize by Computer, Region = AzureLocation_s, IPv4Addresses = Ipv4Addresses_s, IPv6Addresses = Ipv6Addresses_s, AzureResourceID = AzureResourceId_s\r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "aca4fd76-0098-4529-a699-33b0af35064f"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsGrid"
} ,
{
"name" : "Dimensions" ,
"isOptional" : true
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Azure computers" ,
"PartSubTitle" : " " ,
"GridColumnsWidth" : {
"Computer" : "313px" ,
"Region" : "198px" ,
"IPv4Addresses" : "271px" ,
"IPv6Addresses" : "317px" ,
"AzureResourceID" : "423px"
}
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"7" : {
"position" : {
"x" : 18 ,
"y" : 9 ,
"colSpan" : 7 ,
"rowSpan" : 4
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "ServiceMapComputer_CL\r\n| where HostingProvider_s != \"azure\"\r\n| summarize by Computer, IPv4Addresses = Ipv4Addresses_s, IPv6Addresses = Ipv6Addresses_s\r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "dcbc07cd-edca-4690-b148-5b984e58b3f1"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsGrid"
} ,
{
"name" : "Dimensions" ,
"isOptional" : true
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Non-Azure computers" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"8" : {
"position" : {
"x" : 0 ,
"y" : 13 ,
"colSpan" : 25 ,
"rowSpan" : 1
} ,
"metadata" : {
"inputs" : [ ] ,
"type" : "Extension/HubsExtension/PartType/MarkdownPart" ,
"settings" : {
"content" : {
"settings" : {
"content" : "<div style=\"font-size:300%;\">Malicious actors</div>" ,
"title" : "" ,
"subtitle" : ""
}
}
}
}
} ,
"9" : {
"position" : {
"x" : 0 ,
"y" : 14 ,
"colSpan" : 9 ,
"rowSpan" : 5
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesCommunicated = sum(BytesSent) + sum(BytesReceived), TotalSent = sum(BytesSent), TotalReceived = sum(BytesReceived) by MaliciousIP = strcat(MaliciousIp, ' (', RemoteCountry, ')') | sort by TotalBytesCommunicated desc\r\n| where TotalBytesCommunicated > 0 \r\n| project-away TotalBytesCommunicated\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Dimensions" ,
"value" : {
"xAxis" : {
"name" : "MaliciousIP" ,
"type" : "String"
} ,
"yAxis" : [
{
"name" : "TotalSent" ,
"type" : "Int64"
} ,
{
"name" : "TotalReceived" ,
"type" : "Int64"
}
] ,
"splitBy" : [ ] ,
"aggregation" : "Sum"
}
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "ce20f3cb-22aa-49e2-bd99-076df71b0ef4"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsChart"
} ,
{
"name" : "SpecificChart" ,
"value" : "Bar"
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : { } ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"10" : {
"position" : {
"x" : 9 ,
"y" : 14 ,
"colSpan" : 5 ,
"rowSpan" : 5
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalTraffic = sum(BytesSent) + sum(BytesReceived) by Country = RemoteCountry | sort by TotalTraffic desc\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Dimensions" ,
"value" : {
"xAxis" : {
"name" : "Country" ,
"type" : "String"
} ,
"yAxis" : [
{
"name" : "TotalTraffic" ,
"type" : "Int64"
}
] ,
"splitBy" : [ ] ,
"aggregation" : "Sum"
}
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "fb1f7b11-e884-4ed6-8934-b0c93b1ceb64"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsDonut"
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Malicious traffic, by country" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"11" : {
"position" : {
"x" : 14 ,
"y" : 14 ,
"colSpan" : 5 ,
"rowSpan" : 5
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalTraffic = sum(BytesSent) + sum(BytesReceived) by IndicatorThreatType | sort by TotalTraffic desc \r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Dimensions" ,
"value" : {
"xAxis" : {
"name" : "IndicatorThreatType" ,
"type" : "String"
} ,
"yAxis" : [
{
"name" : "TotalTraffic" ,
"type" : "Int64"
}
] ,
"splitBy" : [ ] ,
"aggregation" : "Sum"
}
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "bd6654cd-7dc0-494c-ae41-6ab279d8859a"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsDonut"
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Malicious traffic, by threat types" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"12" : {
"position" : {
"x" : 19 ,
"y" : 14 ,
"colSpan" : 6 ,
"rowSpan" : 5
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by MaliciousIP = strcat(MaliciousIp, ' (', RemoteCountry, ')') | sort by TotalBytesReceived desc \r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "d5081c5b-fcf9-4840-868d-ccea7a6bcd54"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsGrid"
} ,
{
"name" : "Dimensions" ,
"isOptional" : true
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Malicious IP addresses" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"13" : {
"position" : {
"x" : 0 ,
"y" : 19 ,
"colSpan" : 25 ,
"rowSpan" : 1
} ,
"metadata" : {
"inputs" : [ ] ,
"type" : "Extension/HubsExtension/PartType/MarkdownPart" ,
"settings" : {
"content" : {
"settings" : {
"content" : "<div style=\"font-size:300%;\">Attacked resources</div>" ,
"title" : "" ,
"subtitle" : ""
}
}
}
}
} ,
"14" : {
"position" : {
"x" : 0 ,
"y" : 20 ,
"colSpan" : 10 ,
"rowSpan" : 5
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by Computer | sort by TotalBytesReceived desc \r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Dimensions" ,
"value" : {
"xAxis" : {
"name" : "Computer" ,
"type" : "String"
} ,
"yAxis" : [
{
"name" : "TotalBytesSent" ,
"type" : "Int64"
} ,
{
"name" : "TotalBytesReceived" ,
"type" : "Int64"
}
] ,
"splitBy" : [ ] ,
"aggregation" : "Sum"
}
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "5eeda570-c912-40f9-a5fc-9d642f9983a4"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsChart"
} ,
{
"name" : "SpecificChart" ,
"value" : "Bar"
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Most attacked computers" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"15" : {
"position" : {
"x" : 10 ,
"y" : 20 ,
"colSpan" : 6 ,
"rowSpan" : 5
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by Computer | sort by TotalBytesReceived desc \r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "2059ad02-ed77-46e8-8cc0-0019e188285d"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsGrid"
} ,
{
"name" : "Dimensions" ,
"isOptional" : true
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Most attacked computers" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"16" : {
"position" : {
"x" : 16 ,
"y" : 20 ,
"colSpan" : 9 ,
"rowSpan" : 5
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by ProcessName, DestinationPort, Protocol | sort by TotalBytesReceived desc \r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "6b5cd20e-6bb6-4bc0-b423-3813197f8c9a"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsGrid"
} ,
{
"name" : "Dimensions" ,
"isOptional" : true
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Most attacked processes" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"17" : {
"position" : {
"x" : 0 ,
"y" : 25 ,
"colSpan" : 6 ,
"rowSpan" : 6
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalTraffic = sum(BytesSent) + sum(BytesReceived) by Target = strcat (Computer, '/', ProcessName, '/', DestinationIp, '/', DestinationPort) | sort by TotalTraffic desc \r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Dimensions" ,
"value" : {
"xAxis" : {
"name" : "Target" ,
"type" : "String"
} ,
"yAxis" : [
{
"name" : "TotalTraffic" ,
"type" : "Int64"
}
] ,
"splitBy" : [ ] ,
"aggregation" : "Sum"
}
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "95103663-2a3e-45bc-817b-260364eb998e"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsDonut"
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Attack targets, by computer, process, IP address, and port" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"18" : {
"position" : {
"x" : 6 ,
"y" : 25 ,
"colSpan" : 5 ,
"rowSpan" : 6
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by Process = strcat (ProcessName, ' (', DestinationPort, ',', Protocol, ')') | sort by TotalBytesReceived desc \r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Dimensions" ,
"value" : {
"xAxis" : {
"name" : "Process" ,
"type" : "String"
} ,
"yAxis" : [
{
"name" : "TotalBytesSent" ,
"type" : "Int64"
}
] ,
"splitBy" : [ ] ,
"aggregation" : "Sum"
}
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "e8544b5c-7c62-4d05-b013-a7a7cecac428"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsDonut"
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Most attacked processes" ,
"PartSubTitle" : " "
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"19" : {
"position" : {
"x" : 11 ,
"y" : 25 ,
"colSpan" : 14 ,
"rowSpan" : 6
} ,
"metadata" : {
"inputs" : [
{
"name" : "ComponentId" ,
"value" : {
"SubscriptionId" : "{Subscription_Id}" ,
"ResourceGroup" : "{Resource_Group}" ,
"Name" : "{Workspace_Name}" ,
"ResourceId" : "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
}
} ,
{
"name" : "Query" ,
"value" : "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by Computer, ProcessName, DestinationIp, DestinationPort | sort by TotalBytesReceived desc \r\n"
} ,
{
"name" : "TimeRange" ,
"value" : "P1D"
} ,
{
"name" : "Version" ,
"value" : "1.0"
} ,
{
"name" : "DashboardId" ,
"value" : "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
} ,
{
"name" : "PartId" ,
"value" : "b062ea69-11df-496b-a5bd-bd752b73e3e5"
} ,
{
"name" : "PartTitle" ,
"value" : "Analytics"
} ,
{
"name" : "PartSubTitle" ,
"value" : "{Workspace_Name}"
} ,
{
"name" : "resourceTypeMode" ,
"value" : "workspace"
} ,
{
"name" : "ControlType" ,
"value" : "AnalyticsGrid"
} ,
{
"name" : "Dimensions" ,
"isOptional" : true
} ,
{
"name" : "SpecificChart" ,
"isOptional" : true
}
] ,
"type" : "Extension/AppInsightsExtension/PartType/AnalyticsPart" ,
"settings" : {
"content" : {
"PartTitle" : "Attack targets" ,
"PartSubTitle" : " " ,
"GridColumnsWidth" : {
"Computer" : "224px" ,
"ProcessName" : "169px" ,
"DestinationIp" : "202px" ,
"DestinationPort" : "202px" ,
"TotalBytesSent" : "202px" ,
"TotalBytesReceived" : "202px"
}
}
} ,
"asset" : {
"idInputName" : "ComponentId" ,
"type" : "ApplicationInsights"
}
}
} ,
"20" : {
"position" : {
"x" : 0 ,
"y" : 0 ,
"colSpan" : 1 ,
"rowSpan" : 1
} ,
"metadata" : {
"inputs" : [
{
"name" : "subscriptionId" ,
"value" : "{Subscription_Id}"
} ,
{
"name" : "resourceGroup" ,
"value" : "{Resource_Group}"
} ,
{
"name" : "workspaceName" ,
"value" : "{Workspace_Name}"
2019-04-18 10:59:03 +03:00
} ,
{
"name" : "dashboardName" ,
"value" : "VMInsightsDashboard"
2019-02-20 14:47:58 +03:00
} ,
{
"name" : "menuItemToOpen" ,
"value" : "Dashboards"
}
] ,
"type" : "Extension/Microsoft_Azure_Security_Insights/PartType/AsiOverviewPart" ,
"defaultMenuItemId" : "0"
}
}
}
}
}
}
}