{ "version": "Notebook/1.0", "items": [ { "type": 12, "content": { "version": "NotebookGroup/1.0", "groupType": "editable", "title": "Most viewed Websites", "items": [ { "type": 3, "content": { "version": "KqlItem/1.0", "query": "talon_CL\n| extend SplitAll=split(url_s, '/')[0]\n| summarize AggregatedValue = count() by tostring(SplitAll)\n| where tostring(SplitAll) != ''\n| order by AggregatedValue", "size": 0, "timeContext": { "durationMs": 86400000 }, "queryType": 0, "resourceType": "microsoft.operationalinsights/workspaces", "visualization": "barchart" }, "name": "query - 1" } ] }, "name": "group - 2" }, { "type": 12, "content": { "version": "NotebookGroup/1.0", "groupType": "editable", "title": "Activities", "items": [ { "type": 12, "content": { "version": "NotebookGroup/1.0", "groupType": "editable", "title": "Most Active Users", "items": [ { "type": 3, "content": { "version": "KqlItem/1.0", "query": "talon_CL \n| where action_s != \"allowed\"\n| summarize AggregatedValue = count() by userEmail_s", "size": 0, "timeContext": { "durationMs": 172800000 }, "queryType": 0, "resourceType": "microsoft.operationalinsights/workspaces", "visualization": "piechart" }, "name": "High Risk Users" } ] }, "customWidth": "50", "name": "group - 1", "styleSettings": { "margin": "0", "padding": "0", "maxWidth": "50" } }, { "type": 3, "content": { "version": "KqlItem/1.0", "query": "talon_CL \n| summarize AggregatedValue = count() by eventType_s \n", "size": 0, "title": "Most Used Policies", "timeContext": { "durationMs": 86400000 }, "queryType": 0, "resourceType": "microsoft.operationalinsights/workspaces", "visualization": "piechart", "tileSettings": { "showBorder": false, "titleContent": { "columnMatch": "url", "formatter": 1 }, "leftContent": { "columnMatch": "AggregatedValue", "formatter": 12, "formatOptions": { "palette": "auto" }, "numberFormat": { "unit": 17, "options": { "maximumSignificantDigits": 3, "maximumFractionDigits": 2 } } } }, "mapSettings": { "locInfo": "LatLong", "sizeSettings": "AggregatedValue", "sizeAggregation": "Sum", "legendMetric": "AggregatedValue", "legendAggregation": "Sum", "itemColorSettings": { "type": "heatmap", "colorAggregation": "Sum", "nodeColorField": "AggregatedValue", "heatmapPalette": "greenRed" } } }, "customWidth": "50", "name": "Most Used Policies", "styleSettings": { "maxWidth": "50" } }, { "type": 3, "content": { "version": "KqlItem/1.0", "query": "talon_CL \n| where action_s != \"allowed\"\n| summarize AggregatedValue = count() by deviceHostname_s", "size": 0, "title": "High Risk Devices", "timeContext": { "durationMs": 86400000 }, "queryType": 0, "resourceType": "microsoft.operationalinsights/workspaces", "visualization": "barchart", "tileSettings": { "showBorder": false, "titleContent": { "columnMatch": "deviceHostname_s", "formatter": 1 }, "leftContent": { "columnMatch": "AggregatedValue", "formatter": 12, "formatOptions": { "palette": "auto" }, "numberFormat": { "unit": 17, "options": { "maximumSignificantDigits": 3, "maximumFractionDigits": 2 } } } } }, "name": "query - 2" } ] }, "name": "Activities" } ], "fromTemplateId": "TalonInsightsWorkbook", "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json" }