Fix IoT workbook template bugs
This commit is contained in:
Родитель
f271d82ac1
Коммит
8aa82021a3
|
@ -19,6 +19,7 @@
|
|||
"name": "TimeRange",
|
||||
"label": "Time Range",
|
||||
"type": 4,
|
||||
"isRequired": true,
|
||||
"value": {
|
||||
"durationMs": 604800000
|
||||
},
|
||||
|
@ -46,13 +47,15 @@
|
|||
"durationMs": 5184000000
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"timeContextFromParameter": "TimeRange"
|
||||
},
|
||||
{
|
||||
"id": "4cd4cbd6-3f2d-4350-9c36-b9292af7864e",
|
||||
"version": "KqlParameterItem/1.0",
|
||||
"name": "Hub",
|
||||
"type": 2,
|
||||
"isRequired": true,
|
||||
"multiSelect": true,
|
||||
"quote": "'",
|
||||
"delimiter": ",",
|
||||
|
@ -63,8 +66,7 @@
|
|||
"typeSettings": {
|
||||
"additionalResourceOptions": [
|
||||
"value::all"
|
||||
],
|
||||
"selectAllValue": "All"
|
||||
]
|
||||
},
|
||||
"timeContext": {
|
||||
"durationMs": 0
|
||||
|
@ -122,7 +124,7 @@
|
|||
"size": 0,
|
||||
"title": "Top 10 alert types",
|
||||
"timeContext": {
|
||||
"durationMs": 0
|
||||
"durationMs": 604800000
|
||||
},
|
||||
"timeContextFromParameter": "TimeRange",
|
||||
"queryType": 0,
|
||||
|
@ -146,7 +148,7 @@
|
|||
"size": 0,
|
||||
"title": "Alerts severity distribution",
|
||||
"timeContext": {
|
||||
"durationMs": 0
|
||||
"durationMs": 604800000
|
||||
},
|
||||
"timeContextFromParameter": "TimeRange",
|
||||
"queryType": 0,
|
||||
|
@ -179,7 +181,7 @@
|
|||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "SecurityAlert \r\n| where ProductName == \"Azure Security Center for IoT\" \r\n| extend Hub = extract(\"[^/]*$\", 0, ResourceId) \r\n| summarize Total = count(), High = countif(AlertSeverity == \"High\"), Medium = countif(AlertSeverity == \"Medium\"), Low = countif(AlertSeverity == \"Low\") by Hub\r\n| order by Total desc\r\n| top 10 by Total\r\n| project Hub, Total, High, Medium, Low",
|
||||
"query": "SecurityAlert \r\n| where ProductName == \"Azure Security Center for IoT\" \r\n| extend HubName = extract(\"[^/]*$\", 0, ResourceId) \r\n| where HubName in ({Hub}) or \"All\" in ({Hub}) \r\n| summarize Total = count(), High = countif(AlertSeverity == \"High\"), Medium = countif(AlertSeverity == \"Medium\"), Low = countif(AlertSeverity == \"Low\") by HubName\r\n| order by Total desc\r\n| top 10 by Total\r\n| project HubName, Total, High, Medium, Low",
|
||||
"size": 0,
|
||||
"title": "Hubs by alert count",
|
||||
"timeContext": {
|
||||
|
@ -190,20 +192,6 @@
|
|||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||||
"gridSettings": {
|
||||
"formatters": [
|
||||
{
|
||||
"columnMatch": "Hub",
|
||||
"formatter": 0,
|
||||
"formatOptions": {
|
||||
"showIcon": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"columnMatch": "Total",
|
||||
"formatter": 0,
|
||||
"formatOptions": {
|
||||
"showIcon": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"columnMatch": "High",
|
||||
"formatter": 8,
|
||||
|
@ -244,9 +232,6 @@
|
|||
}
|
||||
],
|
||||
"labelSettings": [
|
||||
{
|
||||
"columnId": "Hub"
|
||||
},
|
||||
{
|
||||
"columnId": "Total"
|
||||
},
|
||||
|
@ -270,7 +255,7 @@
|
|||
"type": 3,
|
||||
"content": {
|
||||
"version": "KqlItem/1.0",
|
||||
"query": "SecurityAlert \r\n| where ProductName == \"Azure Security Center for IoT\" \r\n| extend Hub = extract(\"[^/]*$\", 0, ResourceId) \r\n| where Hub in ({Hub}) or \"All\" in ({Hub})\r\n| extend Device = tostring(parse_json(ExtendedProperties)[\"DeviceId\"])\r\n| summarize Total = count(), High = countif(AlertSeverity == \"High\"), Medium = countif(AlertSeverity == \"Medium\"), Low = countif(AlertSeverity == \"Low\") by Hub, AlertName, Device\r\n| order by Total desc\r\n| top 20 by Total\r\n| project Device, AlertName, Hub, Total, High, Medium, Low",
|
||||
"query": "SecurityAlert \r\n| where ProductName == \"Azure Security Center for IoT\" \r\n| extend Hub = extract(\"[^/]*$\", 0, ResourceId) \r\n| where Hub in ({Hub}) or \"All\" in ({Hub})\r\n| extend Device = strcat(tostring(parse_json(ExtendedProperties)[\"DeviceId\"]), \" (\", Hub, \")\")\r\n| summarize Total = count(), High = countif(AlertSeverity == \"High\"), Medium = countif(AlertSeverity == \"Medium\"), Low = countif(AlertSeverity == \"Low\") by Hub, AlertName, Device\r\n| order by Total desc\r\n| top 20 by Total\r\n| project Device, AlertName, Hub, Total, High, Medium, Low",
|
||||
"size": 0,
|
||||
"title": "Devices by alert count",
|
||||
"timeContext": {
|
||||
|
@ -288,13 +273,6 @@
|
|||
"showIcon": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"columnMatch": "AlertName",
|
||||
"formatter": 0,
|
||||
"formatOptions": {
|
||||
"showIcon": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"columnMatch": "Hub",
|
||||
"formatter": 5,
|
||||
|
@ -336,13 +314,6 @@
|
|||
"showIcon": true,
|
||||
"aggregation": "Sum"
|
||||
}
|
||||
},
|
||||
{
|
||||
"columnMatch": "$gen_group",
|
||||
"formatter": 0,
|
||||
"formatOptions": {
|
||||
"showIcon": true
|
||||
}
|
||||
}
|
||||
],
|
||||
"hierarchySettings": {
|
||||
|
@ -403,13 +374,6 @@
|
|||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||||
"gridSettings": {
|
||||
"formatters": [
|
||||
{
|
||||
"columnMatch": "Alert",
|
||||
"formatter": 0,
|
||||
"formatOptions": {
|
||||
"showIcon": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"columnMatch": "Previous",
|
||||
"formatter": 1,
|
||||
|
|
|
@ -552,7 +552,7 @@
|
|||
"dataTypesDependencies": [ "SecurityAlert" ],
|
||||
"dataConnectorsDependencies": [ "IoT" ],
|
||||
"previewImagesFileNames": [ "IOTBlack1.png", "IOTWhite1.png" ],
|
||||
"version": "1.0",
|
||||
"version": "1.1",
|
||||
"title": "Azure Security Center for IoT Alerts",
|
||||
"templateRelativePath": "IOT_Alerts.json",
|
||||
"subtitle": "",
|
||||
|
|
Загрузка…
Ссылка в новой задаче