Removing non-ascii character
This commit is contained in:
Родитель
fa2fe752c8
Коммит
f99a9d5742
|
@ -21,7 +21,7 @@ McAfee Network Security Platform,Syslog
|
|||
OpenVPN Server,Syslog
|
||||
Oracle Database Audit,Syslog
|
||||
Pulse Connect Secure,Syslog
|
||||
RSA® SecurID (Authentication Manager),Syslog
|
||||
RSA SecurID (Authentication Manager),Syslog
|
||||
Sophos XG Firewall,Syslog
|
||||
Symantec Endpoint Protection,Syslog
|
||||
Symantec VIP,Syslog
|
||||
|
|
|
|
@ -42,7 +42,7 @@ FunctionQuery: |
|
|||
let OpenVPN_Events = union isfuzzy=true empty_table_connector_Events, OpenVpnEvent | extend DeviceProduct = "OpenVPN Server" |where DeviceProduct_Input == DeviceProduct or DeviceProduct_Input == "*" | where TimeGenerated between (startTime .. endTime) |summarize Count = count() by DeviceProduct, bin_at(TimeGenerated, 1d, now());
|
||||
let OracleDatabaseAudit_Events = union isfuzzy=true empty_table_connector_Events, OracleDatabaseAuditEvent | extend DeviceProduct = "Oracle Database Audit" | where DeviceProduct_Input == DeviceProduct or DeviceProduct_Input == "*" | where TimeGenerated between (startTime .. endTime) |summarize Count = count() by DeviceProduct, bin_at(TimeGenerated, 1d, now());
|
||||
let PulseConnectSecure_Events = union isfuzzy=true empty_table_connector_Events, PulseConnectSecure | extend DeviceProduct = "Pulse Connect Secure" | where DeviceProduct_Input == DeviceProduct or DeviceProduct_Input == "*" | where TimeGenerated between (startTime .. endTime) |summarize Count = count() by DeviceProduct, bin_at(TimeGenerated, 1d, now());
|
||||
let RSASecurIDAM_Events = union isfuzzy=true empty_table_connector_Events, RSASecurIDAMEvent | extend DeviceProduct = "RSA® SecurID (Authentication Manager)" | where DeviceProduct_Input == DeviceProduct or DeviceProduct_Input == "*" | where TimeGenerated between (startTime .. endTime) |summarize Count = count() by DeviceProduct, bin_at(TimeGenerated, 1d, now());
|
||||
let RSASecurIDAM_Events = union isfuzzy=true empty_table_connector_Events, RSASecurIDAMEvent | extend DeviceProduct = "RSA SecurID (Authentication Manager)" | where DeviceProduct_Input == DeviceProduct or DeviceProduct_Input == "*" | where TimeGenerated between (startTime .. endTime) |summarize Count = count() by DeviceProduct, bin_at(TimeGenerated, 1d, now());
|
||||
let SophosXGFirewall_Events = union isfuzzy=true empty_table_connector_Events, SophosXGFirewall | extend DeviceProduct = "Sophos XG Firewall" |where DeviceProduct_Input == DeviceProduct or DeviceProduct_Input == "*" | where TimeGenerated between (startTime .. endTime) |summarize Count = count() by DeviceProduct, bin_at(TimeGenerated, 1d, now());
|
||||
let SymantecEndpointProtection_Events = union isfuzzy=true empty_table_connector_Events, SymantecEndpointProtection | extend DeviceProduct = "Symantec Endpoint Protection" | where DeviceProduct_Input == DeviceProduct or DeviceProduct_Input == "*" | where TimeGenerated between (startTime .. endTime) |summarize Count = count() by DeviceProduct, bin_at(TimeGenerated, 1d, now());
|
||||
let SymantecVIP_Events = union isfuzzy=true empty_table_connector_Events, SymantecVIP | extend DeviceProduct = "Symantec VIP" | where DeviceProduct_Input == DeviceProduct or DeviceProduct_Input == "*" | where TimeGenerated between (startTime .. endTime) |summarize Count = count() by DeviceProduct, bin_at(TimeGenerated, 1d, now());
|
||||
|
|
|
@ -39,7 +39,7 @@ FunctionQuery: |
|
|||
let OpenVPN_Status = union isfuzzy=true empty_table_connector_status, OpenVpnEvent | extend DeviceProduct = "OpenVPN Server" | where TimeGenerated between (startTime .. endTime) | summarize EventCount = count () by DeviceProduct | extend ConnectionStatus = iff(EventCount > 0, "Connected", "Not-Connected");
|
||||
let OracleDatabaseAudit_Status = union isfuzzy=true empty_table_connector_status, OracleDatabaseAuditEvent | extend DeviceProduct = "Oracle Database Audit" | where TimeGenerated between (startTime .. endTime) | summarize EventCount = count () by DeviceProduct | extend ConnectionStatus = iff(EventCount > 0, "Connected", "Not-Connected");
|
||||
let PulseConnectSecure_Status = union isfuzzy=true empty_table_connector_status, PulseConnectSecure | extend DeviceProduct = "Pulse Connect Secure" | where TimeGenerated between (startTime .. endTime) | summarize EventCount = count () by DeviceProduct | extend ConnectionStatus = iff(EventCount > 0, "Connected", "Not-Connected");
|
||||
let RSASecurIDAM_Status = union isfuzzy=true empty_table_connector_status, RSASecurIDAMEvent | extend DeviceProduct = "RSA® SecurID (Authentication Manager)" | where TimeGenerated between (startTime .. endTime) | summarize EventCount = count () by DeviceProduct | extend ConnectionStatus = iff(EventCount > 0, "Connected", "Not-Connected");
|
||||
let RSASecurIDAM_Status = union isfuzzy=true empty_table_connector_status, RSASecurIDAMEvent | extend DeviceProduct = "RSA SecurID (Authentication Manager)" | where TimeGenerated between (startTime .. endTime) | summarize EventCount = count () by DeviceProduct | extend ConnectionStatus = iff(EventCount > 0, "Connected", "Not-Connected");
|
||||
let SophosXGFirewall_Status = union isfuzzy=true empty_table_connector_status, SophosXGFirewall | extend DeviceProduct = "Sophos XG Firewall" | where TimeGenerated between (startTime .. endTime) | summarize EventCount = count () by DeviceProduct | extend ConnectionStatus = iff(EventCount > 0, "Connected", "Not-Connected");
|
||||
let SymantecEndpointProtection_Status = union isfuzzy=true empty_table_connector_status, SymantecEndpointProtection | extend DeviceProduct = "Symantec Endpoint Protection" | where TimeGenerated between (startTime .. endTime) | summarize EventCount = count () by DeviceProduct | extend ConnectionStatus = iff(EventCount > 0, "Connected", "Not-Connected");
|
||||
let SymantecVIP_Status = union isfuzzy=true empty_table_connector_status, SymantecVIP | extend DeviceProduct = "Symantec VIP" | where TimeGenerated between (startTime .. endTime) | summarize EventCount = count () by DeviceProduct | extend ConnectionStatus = iff(EventCount > 0, "Connected", "Not-Connected");
|
||||
|
|
Загрузка…
Ссылка в новой задаче