Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Merge pull request #1812 from adirDev/CognniDataConnector 

Add Cognni data connector,  including:
This commit is contained in:
v-jayakal 2021-03-01 15:19:09 -08:00 коммит произвёл GitHub
Родитель 7be85eea13 5a2b5b2917
Коммит 1c9d02195f
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
8 изменённых файлов: 1069 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

105
DataConnectors/CognniSentinelConnector.json Normal file
Просмотреть файл

@ -0,0 +1,105 @@
{
"id": "CognniSentinelDataConnector",
"title": "Cognni",
"publisher": "Cognni",
"descriptionMarkdown": "The Cognni connector offers a quick and simple integration with Azure Sentinel. You can use Cognni to autonomously map your previously unclassified important information and detect related incidents. This allows you to recognize risks to your important information, understand the severity of the incidents, and investigate the details you need to remediate, fast enough to make a difference.",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "CognniIncidents_CL",
"baseQuery": "CognniIncidents_CL"
}
],
"sampleQueries": [
{
"description" : "Get all incidents order by time",
"query": "CognniIncidents_CL | order by TimeGenerated desc "
},
{
"description" : "Get high risk incidents",
"query": "CognniIncidents_CL | where Severity == 3"
},
{
"description" : "Get medium risk incidents",
"query": "CognniIncidents_CL | where Severity == 2"
},
{
"description" : "Get low risk incidents",
"query": "CognniIncidents_CL | where Severity == 1"
}
],
"dataTypes": [
{
"name": "CognniIncidents_CL",
"lastDataReceivedQuery": "CognniIncidents_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{
"type": "IsConnectedQuery",
"value": [
"CognniIncidents_CL\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
]
}
],
"availability": {
"status": 1,
"isPreview": true
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions are required.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": {
"write": true,
"read": true,
"delete": true
}
},
{
"provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
"permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
"providerDisplayName": "Keys",
"scope": "Workspace",
"requiredPermissions": {
"action": true
}
}
],
"customs": [
{
"name": "Include custom pre-requisites if the connectivity requires - else delete customs",
"description": "Description for any custom pre-requisite"
}
]
},
"instructionSteps": [
{
"title": "Connect to Cognni",
"description": "1. Go to [Cognni integrations page](https://intelligence.cognni.ai/integrations)\n2. Click **'Connect'** on the 'Azure Sentinel' box\n3. Copy and paste **'workspaceId'** and **'sharedKey'** (from below) to the related fields on Cognni's integrations screen\n4. Click the **'Connect'** botton to complete the configuration. \n Soon, all your Cognni-detected incidents will be forwarded here (into Azure Sentinel)\n\nNot a Cognni user? [Join us](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/shieldox.appsource_freetrial)",
"instructions": [
{
"parameters": {
"fillWith": [
"WorkspaceId"
],
"label": "Workspace ID"
},
"type": "CopyableLabel"
},
{
"parameters": {
"fillWith": [
"PrimaryKey"
],
"label": "Shared Key"
},
"type": "CopyableLabel"
}
]
}
]
}

52
Logos/cognni-logo.svg Normal file
Просмотреть файл

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 24.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.2" baseProfile="tiny" id="b22707ed-5350-411e-ba78-d91532361975"
xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 143.07 143.07"
xml:space="preserve">
<g>
<g>
<path fill="#FFC107" d="M139.07,86.29c0.16-0.73,0.31-1.47,0.44-2.21c0.08-0.42,0.15-0.85,0.22-1.28
c0.09-0.56,0.17-1.12,0.25-1.67c0.1-0.76,0.2-1.52,0.28-2.28c0.04-0.36,0.07-0.72,0.11-1.08c0.05-0.58,0.1-1.16,0.14-1.75
c0.01-0.17,0.02-0.35,0.03-0.52c0.06-1.12,0.1-2.24,0.11-3.37c0-0.3,0-0.6,0-0.9c0-0.89-0.03-1.78-0.07-2.67
c-0.01-0.33-0.03-0.66-0.05-0.99c-0.04-0.72-0.1-1.44-0.16-2.15c-0.04-0.5-0.09-0.99-0.14-1.49c-0.06-0.5-0.12-1-0.19-1.5
c-0.09-0.69-0.18-1.38-0.3-2.07c-0.04-0.27-0.1-0.53-0.14-0.79c-0.16-0.89-0.32-1.78-0.51-2.67c-0.01-0.03-0.01-0.06-0.02-0.09
c-1.4-6.42-3.71-12.63-6.88-18.43c-0.26-0.48-0.54-0.94-0.81-1.41c-0.26-0.46-0.52-0.91-0.79-1.36
c-3.44-5.64-7.67-10.76-12.53-15.18c-0.02-0.02-0.04-0.04-0.06-0.06c-0.67-0.61-1.37-1.2-2.06-1.79c-0.2-0.17-0.4-0.34-0.61-0.51
c-0.54-0.44-1.1-0.87-1.65-1.3c-0.4-0.3-0.79-0.61-1.2-0.91c-0.4-0.3-0.82-0.58-1.23-0.87c-0.59-0.41-1.17-0.82-1.78-1.21
c-0.28-0.18-0.56-0.36-0.85-0.54c-0.75-0.47-1.5-0.94-2.27-1.39c-0.26-0.15-0.53-0.31-0.8-0.46c-0.97-0.55-1.94-1.07-2.93-1.57
c-0.17-0.09-0.34-0.18-0.51-0.26c-0.52-0.26-1.05-0.51-1.57-0.75c-0.33-0.15-0.67-0.3-1-0.45c-0.69-0.31-1.39-0.6-2.09-0.89
c-0.53-0.21-1.06-0.43-1.6-0.63c-0.4-0.15-0.81-0.3-1.21-0.44c-0.71-0.25-1.42-0.5-2.15-0.73C92.26,5.59,92,5.51,91.75,5.43
c-0.56-0.17-1.12-0.32-1.68-0.48c12.09,11.87,19.19,27.64,20.45,44.08c13.6,9.31,23.71,23.35,27.95,39.75
c0.15-0.56,0.29-1.12,0.43-1.69C138.95,86.83,139.01,86.56,139.07,86.29z"/>
<path fill="#5BC0EB" d="M71.53,116.56c-12.13-5.81-22.7-15.21-29.93-27.74s-10.09-26.38-9.06-39.79
C18.94,58.34,8.83,72.38,4.6,88.78c1.53,5.93,3.86,11.76,7.07,17.32c3.21,5.56,7.09,10.49,11.46,14.78
C39.46,125.42,56.67,123.68,71.53,116.56z"/>
<path fill="#2196F3" d="M90.07,4.95c-5.9-1.64-12.11-2.53-18.53-2.53S58.9,3.31,53,4.95c-0.56,0.16-1.12,0.31-1.67,0.47
c-0.26,0.08-0.53,0.16-0.79,0.25c-0.72,0.23-1.42,0.47-2.13,0.72C48,6.54,47.59,6.69,47.19,6.84c-0.53,0.2-1.05,0.41-1.57,0.62
c-0.71,0.29-1.41,0.59-2.11,0.9c-0.33,0.15-0.66,0.3-0.99,0.45c-0.53,0.25-1.06,0.49-1.58,0.75c-0.16,0.08-0.32,0.16-0.48,0.25
c-0.99,0.5-1.98,1.03-2.96,1.58c-0.26,0.15-0.53,0.3-0.79,0.45c-0.77,0.45-1.53,0.92-2.27,1.39c-0.28,0.18-0.56,0.36-0.84,0.54
c-0.6,0.4-1.19,0.81-1.78,1.22c-0.41,0.29-0.82,0.57-1.22,0.87c-0.41,0.3-0.8,0.61-1.2,0.92c-0.55,0.42-1.1,0.85-1.64,1.29
c-0.21,0.17-0.41,0.35-0.62,0.52c-0.69,0.58-1.38,1.17-2.05,1.78c-0.02,0.02-0.04,0.04-0.07,0.06
c-4.86,4.43-9.08,9.53-12.52,15.18c-0.28,0.46-0.54,0.93-0.81,1.4c-0.26,0.46-0.54,0.91-0.79,1.38C7.72,44.17,5.4,50.39,4,56.81
c-0.01,0.03-0.01,0.05-0.02,0.08c-0.19,0.89-0.36,1.78-0.52,2.68c-0.05,0.26-0.1,0.52-0.14,0.78c-0.11,0.69-0.21,1.38-0.3,2.08
c-0.07,0.5-0.13,0.99-0.19,1.49c-0.06,0.5-0.1,1-0.14,1.5c-0.06,0.71-0.12,1.43-0.16,2.14c-0.02,0.33-0.03,0.67-0.05,1
c-0.04,0.88-0.06,1.77-0.07,2.66c0,0.31,0,0.61,0,0.92c0.01,1.11,0.04,2.22,0.11,3.32c0.01,0.19,0.02,0.38,0.03,0.57
c0.04,0.58,0.09,1.16,0.14,1.74c0.03,0.36,0.07,0.73,0.11,1.09c0.08,0.76,0.17,1.51,0.28,2.26c0.08,0.57,0.16,1.13,0.25,1.69
c0.07,0.42,0.15,0.85,0.22,1.27C3.69,84.82,3.84,85.56,4,86.3c0.06,0.26,0.11,0.52,0.17,0.78c0.13,0.57,0.28,1.13,0.43,1.7
c4.23-16.41,14.34-30.44,27.95-39.75c11.1-7.6,24.52-12.05,38.99-12.05s27.89,4.45,38.99,12.05
C109.26,32.59,102.16,16.82,90.07,4.95z"/>
<path fill="#4CAF50" d="M110.52,49.03c1.03,13.41-1.82,27.26-9.06,39.79c-7.23,12.53-17.8,21.92-29.93,27.74
c-14.86,7.12-32.08,8.86-48.4,4.33c0.16,0.16,0.33,0.32,0.49,0.48c0.72,0.69,1.46,1.38,2.22,2.04c0.22,0.2,0.44,0.4,0.67,0.59
c2.1,1.79,4.31,3.49,6.66,5.05c0.03,0.02,0.06,0.04,0.08,0.05c1.13,0.75,2.29,1.47,3.48,2.16c0.17,0.1,0.34,0.2,0.51,0.3
c0.78,0.44,1.56,0.86,2.34,1.27c0.3,0.15,0.59,0.31,0.89,0.46c0.64,0.32,1.29,0.63,1.94,0.93c0.45,0.21,0.91,0.42,1.36,0.62
c0.46,0.2,0.93,0.39,1.39,0.58c0.64,0.27,1.29,0.53,1.94,0.78c0.25,0.1,0.5,0.18,0.75,0.27c0.85,0.31,1.71,0.61,2.57,0.89
c0.03,0.01,0.06,0.02,0.09,0.03c6.26,2,12.8,3.1,19.4,3.26c0.54,0.01,1.08,0,1.62,0c0.53,0,1.05,0.01,1.58,0
c6.61-0.16,13.15-1.26,19.41-3.26c0.03-0.01,0.05-0.02,0.08-0.02c0.87-0.28,1.72-0.58,2.58-0.89c0.25-0.09,0.5-0.18,0.75-0.27
c0.65-0.25,1.3-0.51,1.95-0.78c0.46-0.19,0.92-0.38,1.38-0.58c0.46-0.2,0.92-0.42,1.37-0.63c0.65-0.3,1.29-0.61,1.94-0.93
c0.3-0.15,0.6-0.31,0.89-0.46c0.78-0.41,1.56-0.83,2.34-1.27c0.17-0.1,0.34-0.2,0.52-0.3c1.18-0.69,2.34-1.4,3.47-2.15
c0.03-0.02,0.06-0.04,0.09-0.06c2.35-1.56,4.56-3.25,6.66-5.05c0.23-0.19,0.45-0.4,0.68-0.59c0.76-0.67,1.49-1.35,2.22-2.04
c0.16-0.16,0.33-0.32,0.49-0.48c4.37-4.29,8.25-9.22,11.46-14.78c3.21-5.56,5.54-11.39,7.07-17.32
C134.23,72.38,124.12,58.34,110.52,49.03z"/>
</g>
</g>
</svg>
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 4.9 KiB

116
Sample Data/Custom/CognniIncidents_CL.json Normal file
Просмотреть файл

@ -0,0 +1,116 @@
[
{
"orgId" : "29b6be00-aa96-4715-ba44-bd27fe53e0a1",
"fileName": "Elton Slater incident report.doc",
"informationType": "HR Information",
"eventTime": "2021-02-04T10:27:36Z",
"description": null,
"severity": 3,
"labels": [
"Event Is Anomaly",
"Event Shared to Personal Address",
"Event Shared Inside the organization",
"Event High Sensitive",
"Event Shared Outside the organization"
],
"insights": [
"High sensitive content, Shared outside the organization, Anomaly",
"High sensitive content, Shared outside the organization",
"High sensitive content, Shared inside the organization",
"High sensitive content, Shared to private address, Anomaly",
"High sensitive content, Shared inside the organization, Anomaly",
"High sensitive content, Shared to private email address"
],
"attachmentId": "AAMkAGUxMzYwN2YxLWEzMjQtNGVkYy04YzY3LTg2YmUxYWZmOGE3NgBGAAAAAABinZppktVXRqZAkxkN9Bu7BwCUsww3wSDGTIpFyL7YWrt6AAAAAAEJAACUsww3wSDGTIpFyL7YWrt6AAGCWv43AAABEgAQAEpTYcy1TQ9ClJY20tTt2NU=",
"userId": "Amy@probotai.onmicrosoft.com",
"messageId": "AAMkAGUxMzYwN2YxLWEzMjQtNGVkYy04YzY3LTg2YmUxYWZmOGE3NgBGAAAAAABinZppktVXRqZAkxkN9Bu7BwCUsww3wSDGTIpFyL7YWrt6AAAAAAEJAACUsww3wSDGTIpFyL7YWrt6AAGCWv43AAA=",
"name": "Elton Slater incident report.doc"
},
{
"orgId" : "29b6be00-aa96-4715-ba44-bd27fe53e0a1",
"fileName": "COVID Grant Application.docx",
"informationType": "Financial Information",
"eventTime": "2020-11-11T11:11:50Z",
"description": null,
"severity": 2,
"labels": [
"Event Is Anomaly",
"Event Shared Inside the organization",
"Event High Sensitive"
],
"insights": [
"High sensitive content, Shared inside the organization",
"High sensitive content, Shared inside the organization, Anomaly"
],
"attachmentId": "AQMkADU4MWZmAmMtODU5Yi00N2Y0LWJmZGEtYTNiMDk2ZTgwMjhlAEYAAAPfwJDZvdMJTaTw-6GiiCeEBwCyOkR0R7VuTJG_iRI6sLRaAAACAQkAAACyOkR0R7VuTJG_iRI6sLRaAAAADm2KHQAAAAESABAAVAnoomXqgUyCOQaSRNSBeg==",
"userId": "emilyrose@probotai.onmicrosoft.com",
"messageId": "AQMkADU4MWZmAmMtODU5Yi00N2Y0LWJmZGEtYTNiMDk2ZTgwMjhlAEYAAAPfwJDZvdMJTaTw-6GiiCeEBwCyOkR0R7VuTJG_iRI6sLRaAAACAQkAAACyOkR0R7VuTJG_iRI6sLRaAAAADm2KHQAAAA==",
"name": "COVID Grant Application.docx"
},
{
"orgId" : "29b6be00-aa96-4715-ba44-bd27fe53e0a1",
"fileName": "GDPR protocol - Naool.docx",
"informationType": "Legal Information",
"eventTime": "2020-11-16T09:00:35Z",
"description": null,
"severity": 1,
"labels": [
"Event Is Anomaly",
"Event Medium Sensitive",
"Event Shared Inside the organization"
],
"insights": [
"Medium sensitivity content, Shared inside the organization",
"Medium sensitivity content, Shared inside the organization, Anomaly"
],
"attachmentId": "AAMkADMzZWZjYzFlLTkyYTEtNDcyZC05Y2Q2LTU1ODNjNzdjMTdhNABGAAAAAACTivodtp6FSKqsW3i72jrvBwC0e3l0l5THSIWVCUvRK0ZRAAAAAAEJAAC0e3l0l5THSIWVCUvRK0ZRAAF5xMdnAAABEgAQAMi1_naI-31CqUuws9P7w-Q=",
"userId": "Andrew@probotai.onmicrosoft.com",
"messageId": "AAMkADMzZWZjYzFlLTkyYTEtNDcyZC05Y2Q2LTU1ODNjNzdjMTdhNABGAAAAAACTivodtp6FSKqsW3i72jrvBwC0e3l0l5THSIWVCUvRK0ZRAAAAAAEJAAC0e3l0l5THSIWVCUvRK0ZRAAF5xMdnAAA=",
"name": "GDPR protocol - Naool.docx"
},
{
"orgId" : "29b6be00-aa96-4715-ba44-bd27fe53e0a1",
"fileName": "Q3 WP Astrid Atkins updated.docx",
"informationType": "Other",
"eventTime": "2020-11-12T10:21:52Z",
"description": null,
"severity": 1,
"labels": [
"Event Not Sensitive",
"Event Is Anomaly",
"Event Shared to Personal Address",
"Event Shared Outside the organization"
],
"insights": [
"Shared to private email address, Anomaly",
"Shared to private email address",
"Shared Outside the organization, Anomaly",
"Shared Outside the organization"
],
"attachmentId": "AAMkADdmMjdhNzk3LWYwYjEtNDc2OS04NDQ0LWE0ZGFkMmY2NGRmZABGAAAAAADusHPDQdWXQIwYC1p7d9lfBwBcaxB-9W2fRYQDy-2mhr6vAAAAAAEJAABcaxB-9W2fRYQDy-2mhr6vAAARU1DxAAABEgAQABIKuZXrJCJHqOvPYg_JQaI=",
"userId": "edominick@probotai.onmicrosoft.com",
"messageId": "AAMkADdmMjdhNzk3LWYwYjEtNDc2OS04NDQ0LWE0ZGFkMmY2NGRmZABGAAAAAADusHPDQdWXQIwYC1p7d9lfBwBcaxB-9W2fRYQDy-2mhr6vAAAAAAEJAABcaxB-9W2fRYQDy-2mhr6vAAARU1DxAAA=",
"name": "Q3 WP Astrid Atkins updated.docx"
},
{
"orgId" : "29b6be00-aa96-4715-ba44-bd27fe53e0a1",
"fileName": "SWOT R+D Team Virgo Q4.docx",
"informationType": "Other",
"eventTime": "2021-02-17T10:01:59Z",
"description": null,
"severity": 1,
"labels": [
"Event Not Sensitive",
"Event Is Anomaly",
"Event Shared Outside the organization"
],
"insights": [
"Shared Outside the organization, Anomaly",
"Shared Outside the organization"
],
"siteId": "7136b682-5698-4f62-aed6-325f2eee845e",
"listId": "fb75e319-8296-488d-aedf-12f0c727bd08",
"listItemUniqueId": "12be1fc0-7936-490d-bed9-8f698a981d61",
"sourceFileExtension": "docx"
}
]

731
Workbooks/CognniIncidentsWorkbook.json Normal file
Просмотреть файл

@ -0,0 +1,731 @@
{
"version": "Notebook/1.0",
"items": [
{
"type": 1,
"content": {
"json": "## Important Information Incidents\n---\nGain intelligent insights into the risks to your important financial, legal, HR, and governance information. \nThis workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. \nThese incidents are broken into high, medium, and low risk incidents for each information category."
},
"name": "Description"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "CognniIncidents_CL\n| extend Risk = case(Severity == 3, \"3-High Risk\",\n Severity == 2, \"2-Medium Risk\",\n Severity == 1, \"1-Low Risk\", \"0-No Risk\")\n| summarize Count=count() by Risk\n| where Risk <> \"0-No Risk\"\n| order by Risk desc\n| render barchart",
"size": 4,
"title": "Total Events",
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart",
"sortBy": [],
"tileSettings": {
"titleContent": {
"columnMatch": "_TableName",
"formatter": 1
},
"leftContent": {
"columnMatch": "Count",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"useGrouping": false,
"maximumFractionDigits": 2,
"maximumSignificantDigits": 3
}
}
},
"rightContent": {
"columnMatch": "Risk"
},
"showBorder": true,
"sortCriteriaField": "Severity",
"sortOrderField": 2,
"size": "auto"
},
"graphSettings": {
"type": 0
},
"chartSettings": {
"seriesLabelSettings": [
{
"seriesName": "1-Low Risk",
"label": "Low Risk",
"color": "green"
},
{
"seriesName": "2-Medium Risk",
"label": "Medium Risk",
"color": "yellow"
},
{
"seriesName": "3-High Risk",
"label": "High Risk",
"color": "redBright"
}
]
},
"mapSettings": {
"locInfo": "LatLong",
"sizeSettings": "Severity",
"sizeAggregation": "Sum",
"legendMetric": "Severity",
"legendAggregation": "Sum",
"itemColorSettings": {
"type": "heatmap",
"colorAggregation": "Sum",
"nodeColorField": "Severity",
"heatmapPalette": "greenRed"
}
}
},
"name": "Total Events"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "# Incidents by Category\r\nChoose information type category to show detailed events by information type below "
},
"name": "IncidentsByCategory - description"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "CognniIncidents_CL\r\n| summarize totalEvents =count(), \r\n highRisk =count(Severity==3),\r\n mediumRisk =count(Severity==2), \r\n lowRisk =count(Severity==1), \r\n unknownRisk=count(Severity==0)\r\n by informationType_s\r\n| render barchart",
"size": 0,
"title": "Incidents by category",
"timeContext": {
"durationMs": 2592000000
},
"exportMultipleValues": true,
"exportedParameters": [
{
"fieldName": "informationType_s",
"parameterName": "informationType_s",
"parameterType": 1
}
],
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "tiles",
"gridSettings": {
"sortBy": [
{
"itemKey": "fileCategory_s",
"sortOrder": 1
}
]
},
"sortBy": [
{
"itemKey": "fileCategory_s",
"sortOrder": 1
}
],
"tileSettings": {
"titleContent": {
"columnMatch": "informationType_s",
"formatter": 1,
"numberFormat": {
"unit": 0,
"options": {
"style": "decimal"
}
}
},
"subtitleContent": {
"columnMatch": "totalEvents",
"formatter": 22,
"formatOptions": {
"compositeBarSettings": {
"labelText": "Out of [\"totalEvents\"] total events",
"columnSettings": [
{
"columnName": "totalEvents",
"color": "blue"
}
]
}
},
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"useGrouping": false
}
},
"tooltipFormat": {
"tooltip": "Total Events"
}
},
"leftContent": {
"columnMatch": "highRisk",
"formatter": 22,
"formatOptions": {
"compositeBarSettings": {
"labelText": "Events by risk level",
"columnSettings": [
{
"columnName": "highRisk",
"color": "redBright"
},
{
"columnName": "mediumRisk",
"color": "yellow"
},
{
"columnName": "lowRisk",
"color": "green"
},
{
"columnName": "unknownRisk",
"color": "blue"
}
]
}
},
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"useGrouping": false
},
"emptyValCustomText": "Unknown"
}
},
"showBorder": true,
"sortCriteriaField": "totalEvents",
"sortOrderField": 2,
"size": "auto"
},
"graphSettings": {
"type": 0,
"topContent": {
"columnMatch": "fileCategory_s",
"formatter": 1
},
"leftContent": {
"columnMatch": "riskCount",
"formatter": 12,
"formatOptions": {
"palette": "blue"
}
},
"centerContent": {
"columnMatch": "Count",
"formatter": 1,
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"maximumFractionDigits": 2,
"maximumSignificantDigits": 3
}
}
},
"nodeIdField": "fileCategory_s",
"sourceIdField": "fileCategory_s",
"targetIdField": "Count",
"graphOrientation": 3,
"showOrientationToggles": false,
"nodeSize": null,
"staticNodeSize": 100,
"colorSettings": null,
"hivesMargin": 5
},
"chartSettings": {
"xAxis": "fileCategory_s"
},
"mapSettings": {
"locInfo": "LatLong",
"sizeSettings": "riskCount",
"sizeAggregation": "Sum",
"legendMetric": "riskCount",
"legendAggregation": "Sum",
"itemColorSettings": {
"type": "heatmap",
"colorAggregation": "Sum",
"nodeColorField": "riskCount",
"heatmapPalette": "greenRed"
}
}
},
"name": "Incidents by category"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let infoType_ = dynamic([{informationType_s}]);\r\nCognniIncidents_CL\r\n| where informationType_s in (infoType_)\r\n| project TimeGenerated, eventTime_t, informationType_s, userId_s, fileName_s, name_s, labels_s, insights_s, Severity, attachmentId_s, messageId_s",
"size": 0,
"title": "Incidents by specific category",
"timeContext": {
"durationMs": 2592000000
},
"exportMultipleValues": true,
"exportedParameters": [
{
"fieldName": "informationType_s",
"parameterName": "informationType_s",
"parameterType": 1
}
],
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "table",
"gridSettings": {
"sortBy": [
{
"itemKey": "fileName_s",
"sortOrder": 1
}
]
},
"sortBy": [
{
"itemKey": "fileName_s",
"sortOrder": 1
}
],
"tileSettings": {
"titleContent": {
"columnMatch": "informationType_s",
"formatter": 1,
"numberFormat": {
"unit": 0,
"options": {
"style": "decimal",
"useGrouping": false
},
"emptyValCustomText": "Unknown"
}
},
"subtitleContent": {
"columnMatch": "totalEvents",
"formatter": 22,
"formatOptions": {
"compositeBarSettings": {
"labelText": "Out of [\"totalEvents\"] total events",
"columnSettings": [
{
"columnName": "totalEvents",
"color": "blue"
}
]
}
},
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"useGrouping": false
}
},
"tooltipFormat": {
"tooltip": "Total Events"
}
},
"leftContent": {
"columnMatch": "highRisk",
"formatter": 22,
"formatOptions": {
"compositeBarSettings": {
"labelText": "Events by risk level",
"columnSettings": [
{
"columnName": "highRisk",
"color": "redBright"
},
{
"columnName": "mediumRisk",
"color": "yellow"
},
{
"columnName": "lowRisk",
"color": "green"
},
{
"columnName": "unknownRisk",
"color": "blue"
}
]
}
},
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"useGrouping": false
},
"emptyValCustomText": "Unknown"
}
},
"showBorder": true,
"sortCriteriaField": "informationType_s",
"sortOrderField": 1,
"size": "auto"
},
"graphSettings": {
"type": 0,
"topContent": {
"columnMatch": "fileCategory_s",
"formatter": 1
},
"leftContent": {
"columnMatch": "riskCount",
"formatter": 12,
"formatOptions": {
"palette": "blue"
}
},
"centerContent": {
"columnMatch": "Count",
"formatter": 1,
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"maximumFractionDigits": 2,
"maximumSignificantDigits": 3
}
}
},
"nodeIdField": "fileCategory_s",
"sourceIdField": "fileCategory_s",
"targetIdField": "Count",
"graphOrientation": 3,
"showOrientationToggles": false,
"nodeSize": null,
"staticNodeSize": 100,
"colorSettings": null,
"hivesMargin": 5
},
"chartSettings": {
"xAxis": "fileCategory_s"
},
"mapSettings": {
"locInfo": "LatLong",
"sizeSettings": "riskCount",
"sizeAggregation": "Sum",
"legendMetric": "riskCount",
"legendAggregation": "Sum",
"itemColorSettings": {
"type": "heatmap",
"colorAggregation": "Sum",
"nodeColorField": "riskCount",
"heatmapPalette": "greenRed"
}
}
},
"conditionalVisibility": {
"parameterName": "informationType_s",
"comparison": "isNotEqualTo"
},
"name": "Incidents by category - Drill down"
}
]
},
"name": "Incidents by category"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"loadType": "always",
"items": [
{
"type": 1,
"content": {
"json": "# Incidents by risk level \r\nChoose risk level to show detailed events by risk level to the right. "
},
"name": "IncidentsByRiskLevel-description"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "CognniIncidents_CL\n| extend Risk = case(Severity == 1, \"1-Low Risk\",\n Severity == 2, \"2-Medium Risk\",\n Severity == 3, \"3-High Risk\", \"0-No Risk\")\n| summarize Count=count() by Risk\n| where Risk <> \"0-No Risk\"\n| order by Risk desc\n| render barchart",
"size": 0,
"title": "Incidents by risk level ",
"timeContext": {
"durationMs": 2592000000
},
"exportMultipleValues": true,
"exportedParameters": [
{
"fieldName": "Risk",
"parameterName": "Risk",
"parameterType": 1
}
],
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "tiles",
"sortBy": [],
"tileSettings": {
"titleContent": {
"columnMatch": "_TableName",
"formatter": 1
},
"leftContent": {
"columnMatch": "Count",
"formatter": 12,
"formatOptions": {
"palette": "redGreen"
},
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"useGrouping": false,
"maximumFractionDigits": 2,
"maximumSignificantDigits": 3
}
}
},
"rightContent": {
"columnMatch": "Risk"
},
"showBorder": true,
"sortCriteriaField": "Severity",
"sortOrderField": 2
},
"graphSettings": {
"type": 0
},
"mapSettings": {
"locInfo": "LatLong",
"sizeSettings": "Severity",
"sizeAggregation": "Sum",
"legendMetric": "Severity",
"legendAggregation": "Sum",
"itemColorSettings": {
"type": "heatmap",
"colorAggregation": "Sum",
"nodeColorField": "Severity",
"heatmapPalette": "greenRed"
}
}
},
"customWidth": "17",
"name": "Incidents by risk level",
"styleSettings": {
"showBorder": true
}
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let Risk_ = dynamic([{Risk}]);\nCognniIncidents_CL\n| extend Risk = case(Severity == 1, \"1-Low Risk\",\n Severity == 2, \"2-Medium Risk\",\n Severity == 3, \"3-High Risk\", \"0-No Risk\")\n| where Risk in (Risk_)\n| project TimeGenerated, eventTime_t, Risk, userId_s, fileName_s, name_s, informationType_s, labels_s, insights_s, Severity, attachmentId_s, messageId_s",
"size": 0,
"title": "Detailed events by Risk level ",
"timeContext": {
"durationMs": 2592000000
},
"exportFieldName": "Risk",
"exportParameterName": "Risk",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "table",
"sortBy": [],
"tileSettings": {
"titleContent": {
"columnMatch": "_TableName",
"formatter": 1
},
"leftContent": {
"columnMatch": "Count",
"formatter": 12,
"formatOptions": {
"palette": "redGreen"
},
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"useGrouping": false,
"maximumFractionDigits": 2,
"maximumSignificantDigits": 3
}
}
},
"rightContent": {
"columnMatch": "Risk"
},
"showBorder": true,
"sortCriteriaField": "Severity",
"sortOrderField": 2,
"size": "auto"
},
"graphSettings": {
"type": 0
},
"mapSettings": {
"locInfo": "LatLong",
"sizeSettings": "Severity",
"sizeAggregation": "Sum",
"legendMetric": "Severity",
"legendAggregation": "Sum",
"itemColorSettings": {
"type": "heatmap",
"colorAggregation": "Sum",
"nodeColorField": "Severity",
"heatmapPalette": "greenRed"
}
}
},
"customWidth": "83",
"conditionalVisibility": {
"parameterName": "Risk",
"comparison": "isNotEqualTo"
},
"name": "Drill down - total events",
"styleSettings": {
"showBorder": true
}
}
]
},
"name": "Total Events with drill down"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "CognniIncidents_CL\r\n| summarize totalEvents =count(), \r\n highRisk =count(Severity==3),\r\n mediumRisk =count(Severity==2), \r\n lowRisk =count(Severity==1)\r\n by informationType_s\r\n| render barchart",
"size": 1,
"title": "Incidents by Category",
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "table",
"gridSettings": {
"sortBy": [
{
"itemKey": "totalEvents",
"sortOrder": 2
}
]
},
"sortBy": [
{
"itemKey": "totalEvents",
"sortOrder": 2
}
],
"tileSettings": {
"titleContent": {
"columnMatch": "fileCategory_s",
"formatter": 1,
"numberFormat": {
"unit": 0,
"options": {
"style": "decimal",
"useGrouping": false
},
"emptyValCustomText": "Unknown"
}
},
"subtitleContent": {
"columnMatch": "riskCount"
},
"leftContent": {
"columnMatch": "highRisk",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal"
},
"emptyValCustomText": "Unknown"
},
"tooltipFormat": {
"tooltip": "Out of {Count} total events"
}
},
"rightContent": {
"columnMatch": "mediumRisk"
},
"showBorder": false,
"size": "full"
},
"graphSettings": {
"type": 0,
"topContent": {
"columnMatch": "fileCategory_s",
"formatter": 1
},
"leftContent": {
"columnMatch": "riskCount",
"formatter": 12,
"formatOptions": {
"palette": "blue"
}
},
"centerContent": {
"columnMatch": "Count",
"formatter": 1,
"numberFormat": {
"unit": 17,
"options": {
"style": "decimal",
"maximumFractionDigits": 2,
"maximumSignificantDigits": 3
}
}
},
"nodeIdField": "fileCategory_s",
"sourceIdField": "fileCategory_s",
"targetIdField": "Count",
"graphOrientation": 3,
"showOrientationToggles": false,
"nodeSize": null,
"staticNodeSize": 100,
"colorSettings": null,
"hivesMargin": 5
},
"chartSettings": {
"xAxis": "userId_s"
},
"mapSettings": {
"locInfo": "LatLong",
"sizeSettings": "riskCount",
"sizeAggregation": "Sum",
"legendMetric": "riskCount",
"legendAggregation": "Sum",
"itemColorSettings": {
"type": "heatmap",
"colorAggregation": "Sum",
"nodeColorField": "riskCount",
"heatmapPalette": "greenRed"
}
}
},
"name": "Incidents by category"
}
],
"fromTemplateId": "sentinel-CognniIncidents",
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
}

52
Workbooks/Images/Logos/cognni-logo.svg Normal file
Просмотреть файл

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 24.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.2" baseProfile="tiny" id="b22707ed-5350-411e-ba78-d91532361975"
xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 143.07 143.07"
xml:space="preserve">
<g>
<g>
<path fill="#FFC107" d="M139.07,86.29c0.16-0.73,0.31-1.47,0.44-2.21c0.08-0.42,0.15-0.85,0.22-1.28
c0.09-0.56,0.17-1.12,0.25-1.67c0.1-0.76,0.2-1.52,0.28-2.28c0.04-0.36,0.07-0.72,0.11-1.08c0.05-0.58,0.1-1.16,0.14-1.75
c0.01-0.17,0.02-0.35,0.03-0.52c0.06-1.12,0.1-2.24,0.11-3.37c0-0.3,0-0.6,0-0.9c0-0.89-0.03-1.78-0.07-2.67
c-0.01-0.33-0.03-0.66-0.05-0.99c-0.04-0.72-0.1-1.44-0.16-2.15c-0.04-0.5-0.09-0.99-0.14-1.49c-0.06-0.5-0.12-1-0.19-1.5
c-0.09-0.69-0.18-1.38-0.3-2.07c-0.04-0.27-0.1-0.53-0.14-0.79c-0.16-0.89-0.32-1.78-0.51-2.67c-0.01-0.03-0.01-0.06-0.02-0.09
c-1.4-6.42-3.71-12.63-6.88-18.43c-0.26-0.48-0.54-0.94-0.81-1.41c-0.26-0.46-0.52-0.91-0.79-1.36
c-3.44-5.64-7.67-10.76-12.53-15.18c-0.02-0.02-0.04-0.04-0.06-0.06c-0.67-0.61-1.37-1.2-2.06-1.79c-0.2-0.17-0.4-0.34-0.61-0.51
c-0.54-0.44-1.1-0.87-1.65-1.3c-0.4-0.3-0.79-0.61-1.2-0.91c-0.4-0.3-0.82-0.58-1.23-0.87c-0.59-0.41-1.17-0.82-1.78-1.21
c-0.28-0.18-0.56-0.36-0.85-0.54c-0.75-0.47-1.5-0.94-2.27-1.39c-0.26-0.15-0.53-0.31-0.8-0.46c-0.97-0.55-1.94-1.07-2.93-1.57
c-0.17-0.09-0.34-0.18-0.51-0.26c-0.52-0.26-1.05-0.51-1.57-0.75c-0.33-0.15-0.67-0.3-1-0.45c-0.69-0.31-1.39-0.6-2.09-0.89
c-0.53-0.21-1.06-0.43-1.6-0.63c-0.4-0.15-0.81-0.3-1.21-0.44c-0.71-0.25-1.42-0.5-2.15-0.73C92.26,5.59,92,5.51,91.75,5.43
c-0.56-0.17-1.12-0.32-1.68-0.48c12.09,11.87,19.19,27.64,20.45,44.08c13.6,9.31,23.71,23.35,27.95,39.75
c0.15-0.56,0.29-1.12,0.43-1.69C138.95,86.83,139.01,86.56,139.07,86.29z"/>
<path fill="#5BC0EB" d="M71.53,116.56c-12.13-5.81-22.7-15.21-29.93-27.74s-10.09-26.38-9.06-39.79
C18.94,58.34,8.83,72.38,4.6,88.78c1.53,5.93,3.86,11.76,7.07,17.32c3.21,5.56,7.09,10.49,11.46,14.78
C39.46,125.42,56.67,123.68,71.53,116.56z"/>
<path fill="#2196F3" d="M90.07,4.95c-5.9-1.64-12.11-2.53-18.53-2.53S58.9,3.31,53,4.95c-0.56,0.16-1.12,0.31-1.67,0.47
c-0.26,0.08-0.53,0.16-0.79,0.25c-0.72,0.23-1.42,0.47-2.13,0.72C48,6.54,47.59,6.69,47.19,6.84c-0.53,0.2-1.05,0.41-1.57,0.62
c-0.71,0.29-1.41,0.59-2.11,0.9c-0.33,0.15-0.66,0.3-0.99,0.45c-0.53,0.25-1.06,0.49-1.58,0.75c-0.16,0.08-0.32,0.16-0.48,0.25
c-0.99,0.5-1.98,1.03-2.96,1.58c-0.26,0.15-0.53,0.3-0.79,0.45c-0.77,0.45-1.53,0.92-2.27,1.39c-0.28,0.18-0.56,0.36-0.84,0.54
c-0.6,0.4-1.19,0.81-1.78,1.22c-0.41,0.29-0.82,0.57-1.22,0.87c-0.41,0.3-0.8,0.61-1.2,0.92c-0.55,0.42-1.1,0.85-1.64,1.29
c-0.21,0.17-0.41,0.35-0.62,0.52c-0.69,0.58-1.38,1.17-2.05,1.78c-0.02,0.02-0.04,0.04-0.07,0.06
c-4.86,4.43-9.08,9.53-12.52,15.18c-0.28,0.46-0.54,0.93-0.81,1.4c-0.26,0.46-0.54,0.91-0.79,1.38C7.72,44.17,5.4,50.39,4,56.81
c-0.01,0.03-0.01,0.05-0.02,0.08c-0.19,0.89-0.36,1.78-0.52,2.68c-0.05,0.26-0.1,0.52-0.14,0.78c-0.11,0.69-0.21,1.38-0.3,2.08
c-0.07,0.5-0.13,0.99-0.19,1.49c-0.06,0.5-0.1,1-0.14,1.5c-0.06,0.71-0.12,1.43-0.16,2.14c-0.02,0.33-0.03,0.67-0.05,1
c-0.04,0.88-0.06,1.77-0.07,2.66c0,0.31,0,0.61,0,0.92c0.01,1.11,0.04,2.22,0.11,3.32c0.01,0.19,0.02,0.38,0.03,0.57
c0.04,0.58,0.09,1.16,0.14,1.74c0.03,0.36,0.07,0.73,0.11,1.09c0.08,0.76,0.17,1.51,0.28,2.26c0.08,0.57,0.16,1.13,0.25,1.69
c0.07,0.42,0.15,0.85,0.22,1.27C3.69,84.82,3.84,85.56,4,86.3c0.06,0.26,0.11,0.52,0.17,0.78c0.13,0.57,0.28,1.13,0.43,1.7
c4.23-16.41,14.34-30.44,27.95-39.75c11.1-7.6,24.52-12.05,38.99-12.05s27.89,4.45,38.99,12.05
C109.26,32.59,102.16,16.82,90.07,4.95z"/>
<path fill="#4CAF50" d="M110.52,49.03c1.03,13.41-1.82,27.26-9.06,39.79c-7.23,12.53-17.8,21.92-29.93,27.74
c-14.86,7.12-32.08,8.86-48.4,4.33c0.16,0.16,0.33,0.32,0.49,0.48c0.72,0.69,1.46,1.38,2.22,2.04c0.22,0.2,0.44,0.4,0.67,0.59
c2.1,1.79,4.31,3.49,6.66,5.05c0.03,0.02,0.06,0.04,0.08,0.05c1.13,0.75,2.29,1.47,3.48,2.16c0.17,0.1,0.34,0.2,0.51,0.3
c0.78,0.44,1.56,0.86,2.34,1.27c0.3,0.15,0.59,0.31,0.89,0.46c0.64,0.32,1.29,0.63,1.94,0.93c0.45,0.21,0.91,0.42,1.36,0.62
c0.46,0.2,0.93,0.39,1.39,0.58c0.64,0.27,1.29,0.53,1.94,0.78c0.25,0.1,0.5,0.18,0.75,0.27c0.85,0.31,1.71,0.61,2.57,0.89
c0.03,0.01,0.06,0.02,0.09,0.03c6.26,2,12.8,3.1,19.4,3.26c0.54,0.01,1.08,0,1.62,0c0.53,0,1.05,0.01,1.58,0
c6.61-0.16,13.15-1.26,19.41-3.26c0.03-0.01,0.05-0.02,0.08-0.02c0.87-0.28,1.72-0.58,2.58-0.89c0.25-0.09,0.5-0.18,0.75-0.27
c0.65-0.25,1.3-0.51,1.95-0.78c0.46-0.19,0.92-0.38,1.38-0.58c0.46-0.2,0.92-0.42,1.37-0.63c0.65-0.3,1.29-0.61,1.94-0.93
c0.3-0.15,0.6-0.31,0.89-0.46c0.78-0.41,1.56-0.83,2.34-1.27c0.17-0.1,0.34-0.2,0.52-0.3c1.18-0.69,2.34-1.4,3.47-2.15
c0.03-0.02,0.06-0.04,0.09-0.06c2.35-1.56,4.56-3.25,6.66-5.05c0.23-0.19,0.45-0.4,0.68-0.59c0.76-0.67,1.49-1.35,2.22-2.04
c0.16-0.16,0.33-0.32,0.49-0.48c4.37-4.29,8.25-9.22,11.46-14.78c3.21-5.56,5.54-11.39,7.07-17.32
C134.23,72.38,124.12,58.34,110.52,49.03z"/>
</g>
</g>
</svg>
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 4.9 KiB

Двоичные данные
Workbooks/Images/Preview/CognniBlack.PNG Normal file
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 48 KiB

Двоичные данные
Workbooks/Images/Preview/CognniWhite.PNG Normal file
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 49 KiB

13
Workbooks/WorkbooksMetadata.json
Просмотреть файл

@ -1270,5 +1270,18 @@
"templateRelativePath": "WorkspaceUsage.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "CognniIncidentsWorkbook",
"logoFileName": "cognni-logo.svg",
"description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.",
"dataTypesDependencies": ["CognniIncidents_CL"],
"dataConnectorsDependencies": ["CognniSentinelDataConnector"],
"previewImagesFileNames": [ "CognniBlack.PNG", "CognniWhite.PNG"],
"version": "1.0",
"title": "Cognni Important Information Incidents",
"templateRelativePath": "CognniIncidentsWorkbook.json",
"subtitle": "",
"provider": "Cognni"
}
]