{ "properties": { "lenses": { "0": { "order": 0, "parts": { "0": { "position": { "x": 0, "y": 0, "colSpan": 2, "rowSpan": 1 }, "metadata": { "inputs": [ { "name": "ComponentId", "value": { "SubscriptionId": "{Subscription_ID}", "ResourceGroup": "{Resource_Group}", "Name": "{Workspace_Name}", "LinkedApplicationType": 2, "ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.operationalinsights/workspaces/thycotic02", "ResourceType": "microsoft.operationalinsights/workspaces", "IsAzureFirst": false } }, { "name": "ResourceIds", "value": [ "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.operationalinsights/workspaces/thycotic02" ], "isOptional": true }, { "name": "Type", "value": "sentinel", "isOptional": true }, { "name": "TimeContext", "isOptional": true }, { "name": "ConfigurationId", "value": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.insights/workbooks/27acb77c-c5fb-4b01-9734-6ae39c497028", "isOptional": true }, { "name": "ViewerMode", "value": false, "isOptional": true }, { "name": "GalleryResourceType", "value": "Sentinel", "isOptional": true }, { "name": "NotebookParams", "isOptional": true }, { "name": "Location", "value": "eastus", "isOptional": true }, { "name": "Version", "value": "1.0", "isOptional": true } ], "type": "Extension/AppInsightsExtension/PartType/NotebookPinnedPart", "viewState": { "content": { "configurationId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.insights/workbooks/27acb77c-c5fb-4b01-9734-6ae39c497028" } } } }, "1": { "position": { "x": 2, "y": 0, "colSpan": 19, "rowSpan": 1 }, "metadata": { "inputs": [], "type": "Extension/HubsExtension/PartType/MarkdownPart", "settings": { "content": { "settings": { "content": "", "title": "Thycotic Dashboard", "subtitle": "Thycotic Dashboard", "markdownSource": 1 } } } } }, "2": { "position": { "x": 0, "y": 1, "colSpan": 6, "rowSpan": 9 }, "metadata": { "inputs": [ { "name": "ComponentId", "value": { "SubscriptionId": "80e05ab0-5906-45a8-98ff-c9520c4b418b", "ResourceGroup": "thycotic", "Name": "thycotic02", "ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.operationalinsights/workspaces/thycotic02" }, "isOptional": true }, { "name": "Dimensions", "value": { "xAxis": { "name": "Activity", "type": "string" }, "yAxis": [ { "name": "countRecord", "type": "long" } ], "splitBy": [], "aggregation": "Sum" }, "isOptional": true }, { "name": "Query", "value": "CommonSecurityLog\n| where LogSeverity == 2\n| summarize countRecord = count() by Activity\n| order by countRecord\n| take 10\n| project Activity, countRecord\n| render columnchart\n", "isOptional": true }, { "name": "PartTitle", "value": "Analytics", "isOptional": true }, { "name": "PartSubTitle", "value": "thycotic02", "isOptional": true }, { "name": "PartId", "value": "72e66bad-16a3-4f42-a50c-a1c8d207833d", "isOptional": true }, { "name": "Version", "value": "1.0", "isOptional": true }, { "name": "resourceTypeMode", "value": "workspace", "isOptional": true }, { "name": "TimeRange", "value": "P7D", "isOptional": true }, { "name": "DashboardId", "isOptional": true }, { "name": "ControlType", "value": "AnalyticsChart", "isOptional": true }, { "name": "SpecificChart", "value": "Bar", "isOptional": true } ], "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart", "settings": { "content": { "PartTitle": "Recent activity", "PartSubTitle": "More used operations", "Query": "CommonSecurityLog\n| where LogSeverity == 2\n| summarize countRecord = count() by Activity\n| order by countRecord\n| take 5\n| project Activity, countRecord\n| render columnchart\n", "ControlType": "FrameControlChart", "SpecificChart": "Bar" } } } }, "3": { "position": { "x": 6, "y": 1, "colSpan": 11, "rowSpan": 5 }, "metadata": { "inputs": [ { "name": "ComponentId", "value": { "SubscriptionId": "80e05ab0-5906-45a8-98ff-c9520c4b418b", "ResourceGroup": "thycotic", "Name": "thycotic02", "ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.operationalinsights/workspaces/thycotic02" }, "isOptional": true }, { "name": "Dimensions", "isOptional": true }, { "name": "Query", "value": "CommonSecurityLog\n| where LogSeverity == 2\n| where FileType == \"Secret\"\n| extend SecretName = FileName\n| summarize countRecord = count(), lastDate = arg_max(TimeGenerated, *) by FileName\n| order by countRecord\n| project SecretName, countRecord, lastDate\n", "isOptional": true }, { "name": "PartTitle", "value": "Analytics", "isOptional": true }, { "name": "PartSubTitle", "value": "thycotic02", "isOptional": true }, { "name": "PartId", "value": "684b8773-9d10-4767-810e-3a714b10806c", "isOptional": true }, { "name": "Version", "value": "1.0", "isOptional": true }, { "name": "resourceTypeMode", "value": "workspace", "isOptional": true }, { "name": "TimeRange", "value": "P1D", "isOptional": true }, { "name": "DashboardId", "isOptional": true }, { "name": "ControlType", "value": "AnalyticsGrid", "isOptional": true }, { "name": "SpecificChart", "isOptional": true } ], "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart", "settings": { "content": { "PartTitle": "Recent secrets", "PartSubTitle": "Most used secrets", "Query": "CommonSecurityLog\n| where LogSeverity == 2\n| where FileType == \"Secret\"\n| extend SecretName = FileName\n| summarize countRecord = count(), lastDate = arg_max(TimeGenerated, *) by FileName\n| order by countRecord\n| project SecretName, Count = countRecord,LastDate = lastDate\n" } } } }, "4": { "position": { "x": 17, "y": 1, "colSpan": 4, "rowSpan": 9 }, "metadata": { "inputs": [ { "name": "ComponentId", "value": { "SubscriptionId": "80e05ab0-5906-45a8-98ff-c9520c4b418b", "ResourceGroup": "thycotic", "Name": "thycotic02", "ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.operationalinsights/workspaces/thycotic02" }, "isOptional": true }, { "name": "Dimensions", "isOptional": true }, { "name": "Query", "value": "CommonSecurityLog\n| where LogSeverity == 2\n| where TimeGenerated > ago(1d)\n| summarize count() by Activity, FileName\n| where Activity == \"SECRET - EXPIREDTODAY\"\n| project SecretName = FileName\n", "isOptional": true }, { "name": "PartTitle", "value": "Analytics", "isOptional": true }, { "name": "PartSubTitle", "value": "thycotic02", "isOptional": true }, { "name": "PartId", "value": "1559840a-5e39-455a-a89d-bf59cf14676d", "isOptional": true }, { "name": "Version", "value": "1.0", "isOptional": true }, { "name": "resourceTypeMode", "value": "workspace", "isOptional": true }, { "name": "TimeRange", "isOptional": true }, { "name": "DashboardId", "isOptional": true }, { "name": "ControlType", "value": "AnalyticsGrid", "isOptional": true }, { "name": "SpecificChart", "isOptional": true } ], "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart", "settings": { "content": { "PartTitle": "Expired secrets today", "PartSubTitle": "Expired secrets" } } } }, "5": { "position": { "x": 6, "y": 6, "colSpan": 11, "rowSpan": 4 }, "metadata": { "inputs": [ { "name": "ComponentId", "value": { "SubscriptionId": "80e05ab0-5906-45a8-98ff-c9520c4b418b", "ResourceGroup": "thycotic", "Name": "thycotic02", "ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourceGroups/thycotic/providers/Microsoft.OperationalInsights/workspaces/thycotic02" }, "isOptional": true }, { "name": "Dimensions", "isOptional": true }, { "name": "Query", "value": "CommonSecurityLog\r\n| where TimeGenerated >= ago(10d)\r\n| where DeviceVendor == 'Thycotic Software' \r\n| where Message contains 'Login Failure'\r\n| parse Message with 'Login Failure - ' ErrorDetails\r\n| extend Application = 'Secret Server'\r\n| where DeviceEventClassID == '500'\r\n| summarize Login_Failures=count(), First=min(TimeGenerated), Last=max(TimeGenerated) by Application, ErrorDetails\r\n| sort by Login_Failures desc\r\n| where Login_Failures >= 5\r\n| extend AccountCustomEntity = ErrorDetails\r\n", "isOptional": true }, { "name": "PartTitle", "value": "Analytics", "isOptional": true }, { "name": "PartSubTitle", "value": "thycotic02", "isOptional": true }, { "name": "PartId", "value": "11de89b3-92bf-4008-a195-bfb27e2abef3", "isOptional": true }, { "name": "Version", "value": "1.0", "isOptional": true }, { "name": "resourceTypeMode", "value": "workspace", "isOptional": true }, { "name": "TimeRange", "isOptional": true }, { "name": "DashboardId", "isOptional": true }, { "name": "ControlType", "value": "AnalyticsGrid", "isOptional": true }, { "name": "SpecificChart", "isOptional": true } ], "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart", "settings": { "content": { "PartTitle": "Login Failure", "PartSubTitle": "Login Failure", "Query": "CommonSecurityLog\n| where TimeGenerated >= ago(1d)\n| where DeviceVendor == 'Thycotic Software' \n| where Message contains 'Login Failure'\n| parse Message with 'Login Failure - ' ErrorDetails\n| extend Application = 'Secret Server'\n| where DeviceEventClassID == '500'\n| summarize Login_Failures=count(), First=min(TimeGenerated), Last=max(TimeGenerated) by Application, ErrorDetails\n| sort by Login_Failures desc\n| where Login_Failures >= 5\n| extend AccountCustomEntity = ErrorDetails\n" } } } }, "6": { "position": { "x": 0, "y": 10, "colSpan": 21, "rowSpan": 5 }, "metadata": { "inputs": [ { "name": "ComponentId", "value": { "SubscriptionId": "80e05ab0-5906-45a8-98ff-c9520c4b418b", "ResourceGroup": "thycotic", "Name": "thycotic02", "ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourceGroups/thycotic/providers/Microsoft.OperationalInsights/workspaces/thycotic02" }, "isOptional": true }, { "name": "Dimensions", "isOptional": true }, { "name": "Query", "value": "CommonSecurityLog\r\n| project TimeGenerated,LogSeverity, Message, SourceIP, Activity, DestinationUserID, FileID,FileType,FileName,SourceUserID,SourceUserName, DeviceCustomString4\n", "isOptional": true }, { "name": "PartTitle", "value": "Analytics", "isOptional": true }, { "name": "PartSubTitle", "value": "thycotic02", "isOptional": true }, { "name": "PartId", "value": "1235b776-14b3-46cb-8f81-0f8734fa14c0", "isOptional": true }, { "name": "Version", "value": "1.0", "isOptional": true }, { "name": "resourceTypeMode", "value": "workspace", "isOptional": true }, { "name": "TimeRange", "value": "P1D", "isOptional": true }, { "name": "DashboardId", "isOptional": true }, { "name": "ControlType", "value": "AnalyticsGrid", "isOptional": true }, { "name": "SpecificChart", "isOptional": true } ], "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart", "settings": {} } } } } }, "metadata": { "model": { "timeRange": { "value": { "relative": { "duration": 24, "timeUnit": 1 } }, "type": "MsPortalFx.Composition.Configuration.ValueTypes.TimeRange" }, "filterLocale": { "value": "en-us" }, "filters": { "value": { "MsPortalFx_TimeRange": { "model": { "format": "utc", "granularity": "auto", "relative": "30d" }, "displayCache": { "name": "UTC Time", "value": "Past 30 days" }, "filteredPartIds": [ "StartboardPart-AnalyticsPart-6e2f774f-9aaf-42a8-9a7e-2ef2473bf1c1", "StartboardPart-AnalyticsPart-6e2f774f-9aaf-42a8-9a7e-2ef2473bf1c3", "StartboardPart-AnalyticsPart-6e2f774f-9aaf-42a8-9a7e-2ef2473bf1c5", "StartboardPart-AnalyticsPart-6e2f774f-9aaf-42a8-9a7e-2ef2473bf1c7", "StartboardPart-AnalyticsPart-6e2f774f-9aaf-42a8-9a7e-2ef2473bf1c9" ] } } } } } }, "name": "Thycotic Dashboard", "type": "Microsoft.Portal/dashboards", "location": "INSERT LOCATION", "tags": { "hidden-title": "Thycotic Dashboard" }, "apiVersion": "2015-08-01-preview" }