From 76ab3cce54210faac1712ed7f121244867507625 Mon Sep 17 00:00:00 2001 From: morshabi <46102293+morshabi@users.noreply.github.com> Date: Wed, 2 Oct 2019 14:17:45 +0300 Subject: [PATCH] Update F5Networks.json change the Attack summary part --- Workbooks/F5Networks.json | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Workbooks/F5Networks.json b/Workbooks/F5Networks.json index fcee2ea0a8..12ed157e94 100644 --- a/Workbooks/F5Networks.json +++ b/Workbooks/F5Networks.json @@ -1,4 +1,4 @@ -{ +{ "version": "Notebook/1.0", "items": [ { @@ -22,7 +22,7 @@ "type": 4, "isRequired": true, "value": { - "durationMs": 604800000 + "durationMs": 2419200000 }, "typeSettings": { "selectableValues": [ @@ -483,8 +483,9 @@ "type": 3, "content": { "version": "KqlItem/1.0", - "query": "F5Telemetry_ASM_CL \r\n| where hostname_s == '{HostName}' or '{HostName}' == \"All\"\r\n| where '{attack_type}' == attack_type_s or '{attack_type}' == \"All\"\r\n| where request_status_s == \"blocked\" \r\n| project ip_client_s, request_status_s, violation_rating_s ,hostname_s, request_s , attack_type_s, violations_s, session_id_s \r\n| order by toint(violation_rating_s) desc\r\n", + "query": "F5Telemetry_ASM_CL \r\n| where hostname_s == '{HostName}' or '{HostName}' == \"All\"\r\n| where '{attack_type}' == attack_type_s or '{attack_type}' == \"All\"\r\n| where request_status_s == \"blocked\" \r\n| project TimeGenerated, ip_client_s, request_status_s, violation_rating_s ,hostname_s, request_s , attack_type_s, violations_s, support_id_s \r\n| order by toint(violation_rating_s) desc\r\n", "size": 0, + "showAnalytics": true, "exportToExcelOptions": "visible", "title": "Attack summary", "timeContext": { @@ -596,4 +597,4 @@ "styleSettings": {}, "fromTemplateId": "sentinel-F5Networks", "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json" -} \ No newline at end of file +}