Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Adding M365 Security Posture workbook to go with playbook.

This commit is contained in:
Matt Lowe 2021-05-24 18:03:49 -04:00
Родитель c106a9aa39
Коммит 52faf446ac
5 изменённых файлов: 971 добавлений и 1 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

Двоичные данные
Workbooks/Images/Logos/M365securityposturelogo.svg Normal file
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 3.4 KiB

Двоичные данные
Workbooks/Images/Preview/M365securitypostureblack.png Normal file
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 61 KiB

Двоичные данные
Workbooks/Images/Preview/M365securityposturewhite.png Normal file
Просмотреть файл

Двоичный файл не отображается.
Режим "рядом"

После

Ширина:  |  Высота:  |  Размер: 63 KiB

957
Workbooks/M365SecurityPosture.json Normal file
Просмотреть файл

@ -0,0 +1,957 @@
{
"version": "Notebook/1.0",
"items": [
{
"type": 1,
"content": {
"json": "Microsoft Security Posture",
"style": "info"
},
"name": "text - 2"
},
{
"type": 9,
"content": {
"version": "KqlParameterItem/1.0",
"crossComponentResources": [
"value::selected"
],
"parameters": [
{
"id": "3218e2b0-1bcc-46d4-affa-d298e0cf90f6",
"version": "KqlParameterItem/1.0",
"name": "DefaultSubscription_Internal",
"type": 1,
"isRequired": true,
"query": "where type =~ 'microsoft.operationalinsights/workspaces'\r\n| take 1\r\n| project subscriptionId",
"crossComponentResources": [
"value::selected"
],
"isHiddenWhenLocked": true,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources"
},
{
"id": "e6ded9a1-a83c-4762-938d-5bf8ff3d3d38",
"version": "KqlParameterItem/1.0",
"name": "Subscription",
"type": 6,
"isRequired": true,
"query": "summarize by subscriptionId\r\n| project value = strcat(\"/subscriptions/\", subscriptionId), label = subscriptionId, selected = iff(subscriptionId =~ '{DefaultSubscription_Internal}', true, false)",
"crossComponentResources": [
"value::selected"
],
"typeSettings": {
"additionalResourceOptions": []
},
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources"
}
],
"style": "pills",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources"
},
"customWidth": "33",
"name": "parameters - 10"
},
{
"type": 9,
"content": {
"version": "KqlParameterItem/1.0",
"parameters": [
{
"id": "befbf593-c171-4129-b890-7e642265ed0c",
"version": "KqlParameterItem/1.0",
"name": "TimeRange",
"type": 4,
"isRequired": true,
"value": {
"durationMs": 2592000000
},
"typeSettings": {
"selectableValues": [
{
"durationMs": 300000
},
{
"durationMs": 900000
},
{
"durationMs": 1800000
},
{
"durationMs": 3600000
},
{
"durationMs": 14400000
},
{
"durationMs": 43200000
},
{
"durationMs": 86400000
},
{
"durationMs": 172800000
},
{
"durationMs": 259200000
},
{
"durationMs": 604800000
},
{
"durationMs": 1209600000
},
{
"durationMs": 2419200000
},
{
"durationMs": 2592000000
},
{
"durationMs": 5184000000
},
{
"durationMs": 7776000000
}
]
}
}
],
"style": "pills",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"customWidth": "50",
"name": "parameters - 8"
},
{
"type": 11,
"content": {
"version": "LinkItem/1.0",
"style": "tabs",
"links": [
{
"id": "d4aa2831-0ab8-4977-a80e-359420e7d5f7",
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Azure Security Center",
"subTarget": "ASC",
"style": "link"
},
{
"id": "797538b2-ca75-48ad-85b2-e12d9d59fb08",
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Microsoft 365",
"subTarget": "M365",
"style": "link"
},
{
"id": "d4f75516-6286-4660-8294-395da6b9c29a",
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Defender for Endpoint",
"subTarget": "D4E",
"style": "link"
},
{
"id": "96141225-a0ad-43ca-bf96-e701c64318ce",
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Microsoft Cloud App Security",
"subTarget": "MCAS",
"style": "link"
}
]
},
"name": "links - 6"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityResources \r\n| where type == 'microsoft.security/securescores'\r\n| extend Name = properties.displayName, CurrentScore = properties.score.current, MaximumScore = properties.score.max, Percentage1 = todouble(properties.score.percentage)\r\n| project Name, CurrentScore, MaximumScore, Percentage = round(Percentage1*100,2), subscriptionId",
"size": 4,
"aggregation": 5,
"title": "Azure Security Center Secure Score",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "Percentage",
"formatter": 0,
"numberFormat": {
"unit": 1,
"options": {
"style": "decimal",
"useGrouping": false
}
}
}
]
}
},
"name": "query - 6"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityResources \r\n| where type == 'microsoft.security/securescores/securescorecontrols'\r\n| extend SecureControl = properties.displayName, unhealthy = properties.unhealthyResourceCount, currentscore = properties.score.current, maxscore = properties.score.max\r\n| where maxscore != 0\r\n| project SecureControl , unhealthy, currentscore, maxscore",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "SecureControl",
"formatter": 1
},
{
"columnMatch": "unhealthy",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "!=",
"thresholdValue": "0",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "0",
"representation": "greenDark",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "blue",
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "currentscore",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "0",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "greenDark",
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "maxscore",
"formatter": 1
}
]
}
},
"name": "query - 1"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "securityresources\r\n| where type == \"microsoft.security/regulatorycompliancestandards\"\r\n| extend \r\n\tpassedControls = trim (' ', tostring(properties.passedControls)), \r\n\tfailedControls = trim(' ',tostring(properties.failedControls)), \r\n\tstate \t\t = trim(' ', tostring(properties.state)), \r\n\tunsupportedControls = trim(' ', tostring(properties.unsupportedControls)), \r\n\tskippedControls = trim(' ', tostring(properties.skippedControls))\r\n| project name, passedControls, failedControls, unsupportedControls, skippedControls , subscriptionId\r\n| order by passedControls desc",
"size": 1,
"title": "Regulatory compliance",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "passedControls",
"formatter": 3,
"formatOptions": {
"palette": "greenDark"
}
},
{
"columnMatch": "failedControls",
"formatter": 3,
"formatOptions": {
"palette": "redBright"
}
},
{
"columnMatch": "unsupportedControls",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "Default",
"thresholdValue": null,
"representation": "blue",
"text": "{0}{1}"
}
],
"compositeBarSettings": {
"labelText": "",
"columnSettings": []
}
}
},
{
"columnMatch": "skippedControls",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "Default",
"thresholdValue": null,
"representation": "gray",
"text": "{0}{1}"
}
]
}
}
]
}
},
"name": "query - 2"
},
{
"type": 9,
"content": {
"version": "KqlParameterItem/1.0",
"crossComponentResources": [
"{Subscription}"
],
"parameters": [
{
"id": "bc9db514-ebcc-4e47-bf23-a0dfe8cb1594",
"version": "KqlParameterItem/1.0",
"name": "SelectCompliance",
"label": "Control",
"type": 2,
"isRequired": true,
"query": "securityresources\r\n| where type == \"microsoft.security/regulatorycompliancestandards\"\r\n| project name\r\n",
"crossComponentResources": [
"{Subscription}"
],
"value": "Azure-Security-Benchmark",
"typeSettings": {
"additionalResourceOptions": [
"value::1"
],
"showDefault": false
},
"timeContext": {
"durationMs": 86400000
},
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources"
},
{
"id": "385b8e2e-be15-416d-8ed0-730f6dd34737",
"version": "KqlParameterItem/1.0",
"name": "selectState",
"label": "State",
"type": 2,
"isRequired": true,
"query": "securityresources\r\n| where type == \"microsoft.security/regulatorycompliancestandards/regulatorycompliancecontrols\"\r\n | extend state \t\t = trim(' ', tostring(properties.state))\r\n| summarize by state",
"crossComponentResources": [
"{Subscription}"
],
"value": "Failed",
"typeSettings": {
"additionalResourceOptions": [
"value::1"
]
},
"timeContext": {
"durationMs": 86400000
},
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources"
}
],
"style": "pills",
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources"
},
"name": "parameters - 5"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "securityresources\r\n| where type == \"microsoft.security/regulatorycompliancestandards/regulatorycompliancecontrols\"\r\n| parse id with *\"/regulatoryComplianceStandards/\" strControlName \"/regulatory\"*\r\n | extend \r\n\t state \t\t = trim(' ', tostring(properties.state))\r\n\t,description = trim(' ', tostring(properties.description))\r\n| where strControlName startswith '{SelectCompliance}'\r\n| extend isState = iif(isempty('{selectState}'),\"All states\",'{selectState}')\r\n//| where isSstate == '{selectState}'\r\n| summarize by ControlName = strControlName, name, Status = isState, description",
"size": 0,
"queryType": 1,
"resourceType": "microsoft.resourcegraph/resources",
"crossComponentResources": [
"{Subscription}"
],
"gridSettings": {
"formatters": [
{
"columnMatch": "Status",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "Passed",
"representation": "greenDark",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Failed",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Skipped",
"representation": "gray",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Unsupported",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "blue",
"text": "{0}{1}"
}
]
}
}
]
}
},
"name": "query - 3"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "ASC"
},
"name": "ASC"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "M365SecureScore_CL \r\n| extend ActiveUsers=activeUserCount_d, \r\n CurrentScore=currentScore_d, \r\n MaximumScore=maxScore_d, \r\n TenanatID=azureTenantId_g \r\n| summarize by round(CurrentScore), bin(TimeGenerated, 1d)",
"size": 0,
"aggregation": 5,
"timeContext": {
"durationMs": 2419200000
},
"timeContextFromParameter": "TimeRange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "timechart",
"tileSettings": {
"showBorder": false
},
"graphSettings": {
"type": 0
}
},
"name": "query - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "M365SecureScore_CL \r\n| project TimeGenerated, \r\n ActiveUsers=activeUserCount_d, \r\n CurrentScore=currentScore_d, \r\n MaximumScore=maxScore_d, \r\n TenanatID=azureTenantId_g \r\n| sort by TimeGenerated desc",
"size": 1,
"title": "Microsoft 365 Secure Score",
"timeContext": {
"durationMs": 0
},
"timeContextFromParameter": "TimeRange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"name": "query - 2",
"styleSettings": {
"showBorder": true
}
},
{
"type": 9,
"content": {
"version": "KqlParameterItem/1.0",
"parameters": [
{
"id": "7c67a766-4287-4a07-a256-4ef237151489",
"version": "KqlParameterItem/1.0",
"name": "Category",
"type": 5,
"isRequired": true,
"multiSelect": true,
"quote": "'",
"delimiter": ",",
"query": "M365SecureScoreControls_CL \r\n| project RecommendationCategory=controlCategory_s \r\n| distinct RecommendationCategory",
"value": [
"value::all"
],
"typeSettings": {
"additionalResourceOptions": [
"value::all"
],
"showDefault": false
},
"timeContext": {
"durationMs": 2419200000
},
"timeContextFromParameter": "TimeRange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
}
],
"style": "above",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"name": "parameters - 4"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "M365SecureScoreControls_CL \r\n| where TimeGenerated >= ago(7d) \r\n| extend RecommendationCategory=controlCategory_s \r\n| where RecommendationCategory in ({Category}) \r\n| project RecommendationCategory, \r\n ControlName=controlName_s, \r\n Recommendation=description_s, \r\n ImplementationStatus=implementationStatus_s",
"size": 1,
"title": "Microsoft 365 Secure Score Recommendations",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"name": "query - 5",
"styleSettings": {
"showBorder": true
}
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "M365"
},
"name": "M365"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "MDfESecureScore_CL \r\n| summarize by SecureScore=score_d, bin(TimeGenerated, 1d)\r\n| union ( MDfEExposureScore_CL\r\n| summarize by ExposureScore=round(score_d), bin(TimeGenerated, 1d))",
"size": 0,
"aggregation": 5,
"timeContext": {
"durationMs": 2419200000
},
"timeContextFromParameter": "TimeRange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "timechart"
},
"name": "query - 4"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "MDfESecureScore_CL \r\n| project TimeGenerated, CurrentScore=score_d\r\n| sort by TimeGenerated desc",
"size": 1,
"title": "Microsoft Defender for Endpoint Secure Score",
"timeContext": {
"durationMs": 0
},
"timeContextFromParameter": "TimeRange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"customWidth": "50",
"name": "query - 3",
"styleSettings": {
"showBorder": true
}
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "MDfEExposureScore_CL\r\n| project TimeGenerated, CurrentScore=round(score_d)\r\n| sort by TimeGenerated desc",
"size": 1,
"title": "Microsoft Defender for Endpoint Exposure Score",
"timeContext": {
"durationMs": 0
},
"timeContextFromParameter": "TimeRange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"customWidth": "50",
"name": "query - 4",
"styleSettings": {
"showBorder": true
}
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "MDfERecommendations_CL \r\n| where TimeGenerated >= ago(7d)\r\n| project TimeGenerated, Vendor=vendor_s, ProductName=relatedComponent_s, RecommendationName=recommendationName_s, \r\n Weaknesses=weaknesses_d, PublicExploit=publicExploit_b, ConfigScoreImpact=configScoreImpact_d, \r\n ExposureScoreImpact=round(exposureImpact_d), NumberOfExposedMachines=exposedMachinesCount_d, \r\n TotalNumberOfMachines=totalMachineCount_d, RecommendationCategory=recommendationCategory_s, \r\n SubCategory=subCategory_s, RemediationType=remediationType_s",
"size": 0,
"title": "Microsoft Defender for Endpoint Recommendations",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"gridSettings": {
"formatters": [
{
"columnMatch": "PublicExploit",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "True",
"representation": "redBright",
"text": "True"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "blue",
"text": "{0}{1}"
}
]
}
}
],
"sortBy": [
{
"itemKey": "TimeGenerated",
"sortOrder": 1
}
]
},
"sortBy": [
{
"itemKey": "TimeGenerated",
"sortOrder": 1
}
]
},
"name": "query - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "MDfEVulnerabilitiesList_CL\r\n| where isnotempty(name_s) and exposedMachines_d > 0 \r\n| where TimeGenerated > ago(7d)\r\n| project Name=name_s, Description=description_s, Severity=severity_s, ExposedMachines=exposedMachines_d, CVSS=cvssV3_d,\r\n PublicExploit=publicExploit_b, ExploitVerified=exploitVerified_b, ExploitType=exploitTypes_s, ExploitURL=exploitUris_s, \r\n PublishedOn=publishedOn_t, UpdatedOn=updatedOn_t",
"size": 0,
"title": "Microsoft Defender for Endpoint Vulnerabilities",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"gridSettings": {
"formatters": [
{
"columnMatch": "Severity",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "High",
"representation": "redBright",
"text": "High"
},
{
"operator": "==",
"thresholdValue": "Medium",
"representation": "yellow",
"text": "Medium"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "blue",
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "PublicExploit",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "True",
"representation": "redBright",
"text": "True"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "blue",
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "ExploitVerified",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "True",
"representation": "redBright",
"text": "True"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "blue",
"text": "{0}{1}"
}
]
}
}
]
}
},
"name": "query - 3"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "D4E"
},
"name": "D4E"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "McasShadowItReporting\r\n| summarize count() by AppName, AppCategory, tostring(AppTags), AppScore\r\n| order by AppScore asc",
"size": 0,
"title": "Microsoft Cloud App Security - Detected Applications",
"timeContext": {
"durationMs": 1209600000
},
"timeContextFromParameter": "TimeRange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"gridSettings": {
"formatters": [
{
"columnMatch": "AppTags",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "[]",
"representation": "yellow",
"text": "uncategorized"
},
{
"operator": "==",
"thresholdValue": "[\"unsanctioned\"]",
"representation": "redBright",
"text": "unsanctioned"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "blue",
"text": "sanctioned"
}
]
}
},
{
"columnMatch": "AppScore",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "<=",
"thresholdValue": "7",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "blue",
"text": "{0}{1}"
}
]
}
}
]
}
},
"name": "query - 0"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "McasShadowItReporting\r\n| summarize avg(AppScore) by TimeGenerated\r\n| project AverageAppScore = round(avg_AppScore, 2), format_datetime(TimeGenerated, \"yyyy-MM-dd\")\r\n| sort by TimeGenerated asc",
"size": 0,
"title": "Daily Average App Score",
"timeContext": {
"durationMs": 1209600000
},
"timeContextFromParameter": "TimeRange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "barchart",
"tileSettings": {
"showBorder": false,
"titleContent": {
"columnMatch": "TimeGenerated",
"formatter": 1
},
"leftContent": {
"columnMatch": "AverageAppScore",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
},
"graphSettings": {
"type": 0,
"topContent": {
"columnMatch": "TimeGenerated",
"formatter": 1
},
"centerContent": {
"columnMatch": "AverageAppScore",
"formatter": 1,
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
}
},
"name": "query - 1"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "McasShadowItReporting\r\n| summarize by AppId, AppScore, bin(TimeGenerated, 1d)",
"size": 0,
"aggregation": 5,
"timeContext": {
"durationMs": 1209600000
},
"timeContextFromParameter": "TimeRange",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "timechart"
},
"name": "query - 2"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "MCAS"
},
"name": "group - 6"
}
],
"fallbackResourceIds": [
"{Subscription}"
],
"styleSettings": {},
"fromTemplateId": "M365-SecurityPosture",
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
}

15
Workbooks/WorkbooksMetadata.json
Просмотреть файл

@ -1363,5 +1363,18 @@
"templateRelativePath": "SOCProcessFramework.json",
"subtitle": "",
"provider": "Azure Sentinel Community"
}
},
{
"workbookKey": "Microsoft365SecurityPosture",
"logoFileName": "M365securityposturelogo.svg",
"description": "This workbook presents security posture data collected from Azure Security Center, M365 Defender, Defender for Endpoint, and Microsoft Cloud App Security. This workbook relies on the M365 Security Posture Playbook in order to bring the data in.",
"dataTypesDependencies": [ "M365SecureScore_CL", "MDfESecureScore_CL", "MDfEExposureScore_CL", "MDfERecommendations_CL", "MDfEVulnerabilitiesList_CL", "McasShadowItReporting"],
"dataConnectorsDependencies": ["M365 Security Posture"],
"previewImagesFileNames": ["M365securitypostureblack.png", "M365securityposturewhite.png" ],
"version": "1.0",
"title": "Microsoft 365 Security Posture",
"templateRelativePath": "M365SecurityPosture.json",
"subtitle": "",
"provider": "Azure Sentinel Community"
}
]