1718 строки
56 KiB
JSON
1718 строки
56 KiB
JSON
{
|
|
"version": "Notebook/1.0",
|
|
"items": [
|
|
{
|
|
"type": 9,
|
|
"content": {
|
|
"version": "KqlParameterItem/1.0",
|
|
"parameters": [
|
|
{
|
|
"id": "1694c013-fbeb-43eb-89c7-1417bb59150f",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "TimeRange",
|
|
"label": "Time Range",
|
|
"type": 4,
|
|
"value": {
|
|
"durationMs": 2419200000
|
|
},
|
|
"typeSettings": {
|
|
"selectableValues": [
|
|
{
|
|
"durationMs": 300000
|
|
},
|
|
{
|
|
"durationMs": 900000
|
|
},
|
|
{
|
|
"durationMs": 1800000
|
|
},
|
|
{
|
|
"durationMs": 3600000
|
|
},
|
|
{
|
|
"durationMs": 14400000
|
|
},
|
|
{
|
|
"durationMs": 43200000
|
|
},
|
|
{
|
|
"durationMs": 86400000
|
|
},
|
|
{
|
|
"durationMs": 172800000
|
|
},
|
|
{
|
|
"durationMs": 259200000
|
|
},
|
|
{
|
|
"durationMs": 604800000
|
|
},
|
|
{
|
|
"durationMs": 1209600000
|
|
},
|
|
{
|
|
"durationMs": 2419200000
|
|
},
|
|
{
|
|
"durationMs": 2592000000
|
|
},
|
|
{
|
|
"durationMs": 5184000000
|
|
},
|
|
{
|
|
"durationMs": 7776000000
|
|
}
|
|
],
|
|
"allowCustom": true
|
|
},
|
|
"resourceType": "microsoft.insights/components"
|
|
},
|
|
{
|
|
"id": "a9cc502e-223d-4067-834b-a34a85055664",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "severitySelector",
|
|
"label": "Severity",
|
|
"type": 2,
|
|
"isRequired": true,
|
|
"multiSelect": true,
|
|
"quote": "'",
|
|
"delimiter": ",",
|
|
"query": "QualysHostDetection_CL\r\n| mv-expand todynamic(Detections_s)\r\n| extend Sev = tostring(Detections_s.Severity)\r\n| distinct Sev\r\n| sort by Sev desc",
|
|
"value": [
|
|
"value::all"
|
|
],
|
|
"typeSettings": {
|
|
"additionalResourceOptions": [
|
|
"value::all"
|
|
]
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
{
|
|
"id": "364f8236-9b9d-4e41-9767-ab5f404dcd4e",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "OperatingSystem",
|
|
"label": "Operating System",
|
|
"type": 2,
|
|
"isRequired": true,
|
|
"multiSelect": true,
|
|
"quote": "'",
|
|
"delimiter": ",",
|
|
"query": "QualysHostDetection_CL\r\n| distinct OperatingSystem_s",
|
|
"value": [
|
|
"value::all"
|
|
],
|
|
"typeSettings": {
|
|
"additionalResourceOptions": [
|
|
"value::all"
|
|
]
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
}
|
|
],
|
|
"style": "above",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"name": "parameters - 2"
|
|
},
|
|
{
|
|
"type": 11,
|
|
"content": {
|
|
"version": "LinkItem/1.0",
|
|
"style": "tabs",
|
|
"links": [
|
|
{
|
|
"cellValue": "selectedTab",
|
|
"linkTarget": "parameter",
|
|
"linkLabel": "Scan Detection",
|
|
"subTarget": "Detection",
|
|
"preText": "ScanDetectio",
|
|
"style": "link"
|
|
},
|
|
{
|
|
"cellValue": "selectedTab",
|
|
"linkTarget": "parameter",
|
|
"linkLabel": "Vulnerability Analysis",
|
|
"subTarget": "VulnerabilityAnalysis",
|
|
"style": "link"
|
|
}
|
|
]
|
|
},
|
|
"name": "links - 5"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "QualysHostDetection_CL\n| mv-expand todynamic(Detections_s)\n| extend Sev = tostring(Detections_s.Severity)\n| where Sev in ({severitySelector}) or '*' in ({severitySelector})\n| where OperatingSystem_s in ({OperatingSystem}) or '*' in ({OperatingSystem})\n| where isnotempty(Sev)\n| summarize ['5 - Urgent'] = countif(Sev == \"5\"), ['4 - Critical'] = countif(Sev == \"4\"), ['3 - Serious'] = countif(Sev == \"3\"), ['2 - Medium'] = countif(Sev == \"2\"), ['1 - Minimal'] = countif(Sev == \"1\"), count() by bin(TimeGenerated, {TimeRange:grain})\n| project-away count_\n\n",
|
|
"size": 0,
|
|
"title": "Detections by Severity Timeline",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "barchart",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "5 - Urgent",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "redBright",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "4 - Critical",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "redDark",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "3 - Serious",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "orange",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "2 - Medium",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "magenta",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "1 - Minimal",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "blue",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Total",
|
|
"formatter": 3,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "5 - Urgent"
|
|
},
|
|
{
|
|
"columnId": "4 - Critical"
|
|
},
|
|
{
|
|
"columnId": "3 - Serious"
|
|
},
|
|
{
|
|
"columnId": "2 - Medium"
|
|
},
|
|
{
|
|
"columnId": "1 - Minimal"
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "Severity",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "count_",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "hotCold",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"showBorder": false,
|
|
"sortOrderField": 2
|
|
},
|
|
"chartSettings": {
|
|
"seriesLabelSettings": [
|
|
{
|
|
"seriesName": "5 - Urgent",
|
|
"color": "redBright"
|
|
},
|
|
{
|
|
"seriesName": "4 - Critical",
|
|
"color": "redDark"
|
|
},
|
|
{
|
|
"seriesName": "3 - Serious",
|
|
"color": "orange"
|
|
},
|
|
{
|
|
"seriesName": "2 - Medium",
|
|
"color": "magenta"
|
|
},
|
|
{
|
|
"seriesName": "1 - Minimal",
|
|
"color": "lightBlue"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Detection"
|
|
},
|
|
"name": "query - 2 "
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "QualysHostDetection_CL\n| mv-expand todynamic(Detections_s)\n| extend Sev = tostring(Detections_s.Severity)\n| where Sev in ({severitySelector}) or '*' in ({severitySelector})\n| where OperatingSystem_s in ({OperatingSystem}) or '*' in ({OperatingSystem})\n| extend Status = tostring(Detections_s.Status)\n| summarize count() by Status\n\n",
|
|
"size": 0,
|
|
"title": "Detection Status",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "piechart",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "5 - Urgent",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "redBright",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "4 - Critical",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "redDark",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "3 - Serious",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "orange",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "2 - Medium",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "magenta",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "1 - Minimal",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "blue",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Total",
|
|
"formatter": 3,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "5 - Urgent"
|
|
},
|
|
{
|
|
"columnId": "4 - Critical"
|
|
},
|
|
{
|
|
"columnId": "3 - Serious"
|
|
},
|
|
{
|
|
"columnId": "2 - Medium"
|
|
},
|
|
{
|
|
"columnId": "1 - Minimal"
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "Severity",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "count_",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "hotCold",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"showBorder": false,
|
|
"sortOrderField": 2
|
|
},
|
|
"chartSettings": {
|
|
"seriesLabelSettings": [
|
|
{
|
|
"seriesName": "5 - Urgent",
|
|
"color": "redBright"
|
|
},
|
|
{
|
|
"seriesName": "4 - Critical",
|
|
"color": "redDark"
|
|
},
|
|
{
|
|
"seriesName": "3 - Serious",
|
|
"color": "orange"
|
|
},
|
|
{
|
|
"seriesName": "2 - Medium",
|
|
"color": "magenta"
|
|
},
|
|
{
|
|
"seriesName": "1 - Minimal",
|
|
"color": "lightBlue"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Detection"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 2 - Copy"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let data = QualysHostDetection_CL\n| mv-expand todynamic(Detections_s)\n| where OperatingSystem_s in ({OperatingSystem}) or '*' in ({OperatingSystem})\n| extend Sev = tostring(Detections_s.Severity)\n| where Sev in ({severitySelector}) or '*' in ({severitySelector})\n| extend Vulnerability = tostring(Detections_s.Results)\n| extend Severity = case(Sev == \"5\", \"5 - Urgent\", Sev == \"4\", \"4 - Critical\", Sev == \"3\", \"3 - Serious\", Sev == \"2\", \"2 - Medium\", Sev == \"1\", \"1 - Minimal\", \" \")\n| extend Status = tostring(Detections_s.Status)\n| where Status == \"Re-Opened\"\n| summarize count() by Sev, Severity, Vulnerability ;\nlet topUrgent = data \n| where Sev == \"5\"\n| top 10 by count_;\nlet topCritical = data\n| where Sev == \"4\"\n| top 10 by count_;\nlet topSerious = data\n| where Sev == \"3\"\n| top 10 by count_;\nlet topMedium = data\n| where Sev == \"2\"\n| top 10 by count_;\nlet topMinimal = data\n| where Sev == \"1\"\n| top 10 by count_;\nunion topUrgent, topCritical, topSerious, topMedium, topMinimal\n| project-away Sev\n| sort by Severity, count_ desc\n| project-rename Total = count_\n\n",
|
|
"size": 0,
|
|
"title": "Top 10 Re-Opened Vulnerabilities by Severity",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "Severity",
|
|
"formatter": 18,
|
|
"formatOptions": {
|
|
"showIcon": true,
|
|
"thresholdsOptions": "colors",
|
|
"thresholdsGrid": [
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "5 - Urgent",
|
|
"representation": "redBright",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "4 - Critical",
|
|
"representation": "redDark",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "3 - Serious",
|
|
"representation": "orange",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "2 - Medium",
|
|
"representation": "magenta",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "1 - Minimal",
|
|
"representation": "lightBlue",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "Default",
|
|
"thresholdValue": null,
|
|
"representation": null,
|
|
"text": "{0}{1}"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Total",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "Severity",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "count_",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "hotCold",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"showBorder": false,
|
|
"sortOrderField": 2
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Detection"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 2 - Copy - Copy"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let data = QualysHostDetection_CL\n| mv-expand todynamic(Detections_s)\n| where OperatingSystem_s in ({OperatingSystem}) or '*' in ({OperatingSystem})\n| extend Sev = tostring(Detections_s.Severity)\n| where Sev in ({severitySelector}) or '*' in ({severitySelector})\n| extend Vulnerability = tostring(Detections_s.Results)\n| extend Severity = case(Sev == \"5\", \"5 - Urgent\", Sev == \"4\", \"4 - Critical\", Sev == \"3\", \"3 - Serious\", Sev == \"2\", \"2 - Medium\", Sev == \"1\", \"1 - Minimal\", \" \")\n| extend Status = tostring(Detections_s.Status)\n| where Status == \"New\" and Sev in (\"5\", \"4\")\n| summarize count() by Sev, Severity, IPAddress, DnsName_s;\nlet topUrgent = data \n| where Sev == \"5\"\n| top 10 by count_;\nlet topCritical = data\n| where Sev == \"4\"\n| top 10 by count_;\nunion topUrgent, topCritical\n| project-away Sev\n| sort by Severity, count_ desc\n| project-rename Total = count_\n\n",
|
|
"size": 0,
|
|
"title": "Top 10 Host with New Urgent/Critical Vulnerabilities",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "Severity",
|
|
"formatter": 18,
|
|
"formatOptions": {
|
|
"showIcon": true,
|
|
"thresholdsOptions": "colors",
|
|
"thresholdsGrid": [
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "5 - Urgent",
|
|
"representation": "redBright",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "4 - Critical",
|
|
"representation": "redDark",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "3 - Serious",
|
|
"representation": "orange",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "2 - Medium",
|
|
"representation": "magenta",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "1 - Minimal",
|
|
"representation": "lightBlue",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "Default",
|
|
"thresholdValue": null,
|
|
"representation": null,
|
|
"text": "{0}{1}"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Total",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "Severity",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "count_",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "hotCold",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"showBorder": false,
|
|
"sortOrderField": 2
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Detection"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 2 - Copy - Copy - Copy"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let data = QualysHostDetection_CL\n| mv-expand todynamic(Detections_s)\n| where OperatingSystem_s in ({OperatingSystem}) or '*' in ({OperatingSystem})\n| extend Sev = tostring(Detections_s.Severity)\n| where Sev in ({severitySelector}) or '*' in ({severitySelector})\n| extend Vulnerability = tostring(Detections_s.Results)\n| extend Severity = case(Sev == \"5\", \"5 - Urgent\", Sev == \"4\", \"4 - Critical\", Sev == \"3\", \"3 - Serious\", Sev == \"2\", \"2 - Medium\", Sev == \"1\", \"1 - Minimal\", \" \")\n| extend Status = tostring(Detections_s.Status)\n| where Status == \"Re-Opened\" and Sev in (\"5\", \"4\")\n| summarize count() by Sev, Severity, IPAddress, DnsName_s;\nlet topUrgent = data \n| where Sev == \"5\"\n| top 10 by count_;\nlet topCritical = data\n| where Sev == \"4\"\n| top 10 by count_;\nunion topUrgent, topCritical\n| project-away Sev\n| sort by Severity, count_ desc\n| project-rename Total = count_\n\n",
|
|
"size": 0,
|
|
"title": "Top 10 Host with Re-Opened Urgent/Critical Vulnerabilities",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "Severity",
|
|
"formatter": 18,
|
|
"formatOptions": {
|
|
"showIcon": true,
|
|
"thresholdsOptions": "colors",
|
|
"thresholdsGrid": [
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "5 - Urgent",
|
|
"representation": "redBright",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "4 - Critical",
|
|
"representation": "redDark",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "3 - Serious",
|
|
"representation": "orange",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "2 - Medium",
|
|
"representation": "magenta",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "1 - Minimal",
|
|
"representation": "lightBlue",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "Default",
|
|
"thresholdValue": null,
|
|
"representation": null,
|
|
"text": "{0}{1}"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Total",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "Severity",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "count_",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "hotCold",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"showBorder": false,
|
|
"sortOrderField": 2
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Detection"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 2 - Copy - Copy - Copy - Copy"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "QualysHostDetection_CL\n| mv-expand todynamic(Detections_s)\n| extend Sev = tostring(Detections_s.Severity)\n| where isnotempty(Sev)\n| summarize ['5 - Urgent'] = countif(Sev == \"5\"), ['4 - Critical'] = countif(Sev == \"4\"), ['3 - Serious'] = countif(Sev == \"3\"), ['2 - Medium'] = countif(Sev == \"2\"), ['1 - Minimal'] = countif(Sev == \"1\"), count() by OperatingSystem_s\n| project-rename Total = count_\n| sort by Total desc \n| top 10 by Total\n\n",
|
|
"size": 0,
|
|
"title": "Top Total Detections by Operation System",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "5 - Urgent",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "redBright",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "4 - Critical",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "redDark",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "3 - Serious",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "orange",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "2 - Medium",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "magenta",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "1 - Minimal",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "blue",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Total",
|
|
"formatter": 3,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "OperatingSystem_s",
|
|
"label": "Operating System"
|
|
},
|
|
{
|
|
"columnId": "5 - Urgent"
|
|
},
|
|
{
|
|
"columnId": "4 - Critical"
|
|
},
|
|
{
|
|
"columnId": "3 - Serious"
|
|
},
|
|
{
|
|
"columnId": "2 - Medium"
|
|
},
|
|
{
|
|
"columnId": "1 - Minimal"
|
|
},
|
|
{
|
|
"columnId": "Total"
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "Severity",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "count_",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "hotCold",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"showBorder": false,
|
|
"sortOrderField": 2
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Detection"
|
|
},
|
|
"name": "query - 2 - Copy"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let data = QualysHostDetection_CL\n| mv-expand todynamic(Detections_s)\n| where OperatingSystem_s in ({OperatingSystem}) or '*' in ({OperatingSystem})\n| extend Sev = tostring(Detections_s.Severity)\n| where Sev in ({severitySelector}) or '*' in ({severitySelector})\n| extend Vulnerability = tostring(Detections_s.Results)\n| extend Severity = case(Sev == \"5\", \"5 - Urgent\", Sev == \"4\", \"4 - Critical\", Sev == \"3\", \"3 - Serious\", Sev == \"2\", \"2 - Medium\", Sev == \"1\", \"1 - Minimal\", \" \")\n| summarize count() by Sev, Severity, Vulnerability ;\nlet topUrgent = data \n| where Sev == \"5\"\n| top 10 by count_;\nlet topCritical = data\n| where Sev == \"4\"\n| top 10 by count_;\nlet topSerious = data\n| where Sev == \"3\"\n| top 10 by count_;\nlet topMedium = data\n| where Sev == \"2\"\n| top 10 by count_;\nlet topMinimal = data\n| where Sev == \"1\"\n| top 10 by count_;\nunion topUrgent, topCritical, topSerious, topMedium, topMinimal\n| project-away Sev\n| sort by Severity, count_ desc\n| project-rename Total = count_\n\n",
|
|
"size": 0,
|
|
"title": "Top 10 Vulnerabilities Detected per Severity",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "Severity",
|
|
"formatter": 18,
|
|
"formatOptions": {
|
|
"showIcon": true,
|
|
"thresholdsOptions": "colors",
|
|
"thresholdsGrid": [
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "5 - Urgent",
|
|
"representation": "redBright",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "4 - Critical",
|
|
"representation": "redDark",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "3 - Serious",
|
|
"representation": "orange",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "2 - Medium",
|
|
"representation": "magenta",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "1 - Minimal",
|
|
"representation": "lightBlue",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "Default",
|
|
"thresholdValue": null,
|
|
"representation": null,
|
|
"text": "{0}{1}"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Total",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "Severity",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "count_",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "hotCold",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"showBorder": false,
|
|
"sortOrderField": 2
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Detection"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 2 - Copy"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let data = QualysHostDetection_CL\n| mv-expand todynamic(Detections_s)\n| where OperatingSystem_s in ({OperatingSystem}) or '*' in ({OperatingSystem})\n| extend Sev = tostring(Detections_s.Severity)\n| where Sev in ({severitySelector}) or '*' in ({severitySelector})\n| extend Vulnerability = tostring(Detections_s.Results)\n| extend Severity = case(Sev == \"5\", \"5 - Urgent\", Sev == \"4\", \"4 - Critical\", Sev == \"3\", \"3 - Serious\", Sev == \"2\", \"2 - Medium\", Sev == \"1\", \"1 - Minimal\", \" \")\n| summarize count() by Sev, Severity, IPAddress, DnsName_s;\nlet topUrgent = data \n| where Sev == \"5\"\n| top 10 by count_;\nlet topCritical = data\n| where Sev == \"4\"\n| top 10 by count_;\nlet topSerious = data\n| where Sev == \"3\"\n| top 10 by count_;\nlet topMedium = data\n| where Sev == \"2\"\n| top 10 by count_;\nlet topMinimal = data\n| where Sev == \"1\"\n| top 10 by count_;\nunion topUrgent, topCritical, topSerious, topMedium, topMinimal\n| project-away Sev\n| sort by Severity, count_ desc\n| project-rename Total = count_\n\n",
|
|
"size": 0,
|
|
"title": "Top 10 Detections by Host per Severity",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "Severity",
|
|
"formatter": 18,
|
|
"formatOptions": {
|
|
"showIcon": true,
|
|
"thresholdsOptions": "colors",
|
|
"thresholdsGrid": [
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "5 - Urgent",
|
|
"representation": "redBright",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "4 - Critical",
|
|
"representation": "redDark",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "3 - Serious",
|
|
"representation": "orange",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "2 - Medium",
|
|
"representation": "magenta",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "1 - Minimal",
|
|
"representation": "lightBlue",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "Default",
|
|
"thresholdValue": null,
|
|
"representation": null,
|
|
"text": "{0}{1}"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Total",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "Severity",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "count_",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "hotCold",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"showBorder": false,
|
|
"sortOrderField": 2
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Detection"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 2 - Copy - Copy"
|
|
},
|
|
{
|
|
"type": 9,
|
|
"content": {
|
|
"version": "KqlParameterItem/1.0",
|
|
"parameters": [
|
|
{
|
|
"id": "d7f3f8af-5b1a-46b1-8fe6-a0440175704a",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "Vuln",
|
|
"label": "Vulnerability Detected",
|
|
"type": 2,
|
|
"query": "QualysHostDetection_CL\r\n| mv-expand todynamic(Detections_s)\r\n| where OperatingSystem_s in ({OperatingSystem}) or '*' in ({OperatingSystem})\r\n| extend Sev = tostring(Detections_s.Severity)\r\n| where Sev in ({severitySelector}) or '*' in ({severitySelector})\r\n| extend Vuln = tostring(Detections_s.Results)\r\n| distinct Vuln\r\n",
|
|
"value": null,
|
|
"typeSettings": {
|
|
"additionalResourceOptions": []
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
}
|
|
],
|
|
"style": "formVertical",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "VulnerabilityAnalysis"
|
|
},
|
|
"name": "parameters - 10"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "QualysHostDetection_CL\n| mv-expand todynamic(Detections_s)\n| extend Sev = tostring(Detections_s.Severity)\n| where Sev in ({severitySelector}) or '*' in ({severitySelector})\n| where OperatingSystem_s in ({OperatingSystem}) or '*' in ({OperatingSystem})\n| extend Vuln = tostring(Detections_s.Results)\n| where Vuln in (\"{Vuln}\") or '*' in (\"{Vuln}\")\n| summarize ['5 - Urgent'] = countif(Sev == \"5\"), ['4 - Critical'] = countif(Sev == \"4\"), ['3 - Serious'] = countif(Sev == \"3\"), ['2 - Medium'] = countif(Sev == \"2\"), ['1 - Minimal'] = countif(Sev == \"1\"), count() by bin(TimeGenerated, {TimeRange:grain})\n| project-away count_\n\n",
|
|
"size": 0,
|
|
"title": "Detection Timeline",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "barchart",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "5 - Urgent",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "redBright",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "4 - Critical",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "redDark",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "3 - Serious",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "orange",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "2 - Medium",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "magenta",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "1 - Minimal",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "blue",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Total",
|
|
"formatter": 3,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "5 - Urgent"
|
|
},
|
|
{
|
|
"columnId": "4 - Critical"
|
|
},
|
|
{
|
|
"columnId": "3 - Serious"
|
|
},
|
|
{
|
|
"columnId": "2 - Medium"
|
|
},
|
|
{
|
|
"columnId": "1 - Minimal"
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "Severity",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "count_",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "hotCold",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"showBorder": false,
|
|
"sortOrderField": 2
|
|
},
|
|
"chartSettings": {
|
|
"seriesLabelSettings": [
|
|
{
|
|
"seriesName": "5 - Urgent",
|
|
"color": "redBright"
|
|
},
|
|
{
|
|
"seriesName": "4 - Critical",
|
|
"color": "redDark"
|
|
},
|
|
{
|
|
"seriesName": "3 - Serious",
|
|
"color": "orange"
|
|
},
|
|
{
|
|
"seriesName": "2 - Medium",
|
|
"color": "magenta"
|
|
},
|
|
{
|
|
"seriesName": "1 - Minimal",
|
|
"color": "lightBlue"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "VulnerabilityAnalysis"
|
|
},
|
|
"name": "query - 2 - Copy"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "QualysHostDetection_CL\n| mv-expand todynamic(Detections_s)\n| extend Sev = tostring(Detections_s.Severity)\n| where Sev in ({severitySelector}) or '*' in ({severitySelector})\n| where OperatingSystem_s in ({OperatingSystem}) or '*' in ({OperatingSystem})\n| extend Status = tostring(Detections_s.Status)\n| extend Vulnerability = tostring(Detections_s.Results)\n| where Vulnerability in (\"{Vuln}\") or '*' in (\"{Vuln}\") \n| summarize count() by Status\n\n",
|
|
"size": 0,
|
|
"title": "Detection Status",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "piechart",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "5 - Urgent",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "redBright",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "4 - Critical",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "redDark",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "3 - Serious",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "orange",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "2 - Medium",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "magenta",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "1 - Minimal",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "blue",
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Total",
|
|
"formatter": 3,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": false,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "5 - Urgent"
|
|
},
|
|
{
|
|
"columnId": "4 - Critical"
|
|
},
|
|
{
|
|
"columnId": "3 - Serious"
|
|
},
|
|
{
|
|
"columnId": "2 - Medium"
|
|
},
|
|
{
|
|
"columnId": "1 - Minimal"
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "Severity",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "count_",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "hotCold",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"showBorder": false,
|
|
"sortOrderField": 2
|
|
},
|
|
"chartSettings": {
|
|
"seriesLabelSettings": [
|
|
{
|
|
"seriesName": "5 - Urgent",
|
|
"color": "redBright"
|
|
},
|
|
{
|
|
"seriesName": "4 - Critical",
|
|
"color": "redDark"
|
|
},
|
|
{
|
|
"seriesName": "3 - Serious",
|
|
"color": "orange"
|
|
},
|
|
{
|
|
"seriesName": "2 - Medium",
|
|
"color": "magenta"
|
|
},
|
|
{
|
|
"seriesName": "1 - Minimal",
|
|
"color": "lightBlue"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "VulnerabilityAnalysis"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 2 - Copy - Copy"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "QualysHostDetection_CL\n| mv-expand todynamic(Detections_s)\n| where OperatingSystem_s in ({OperatingSystem}) or '*' in ({OperatingSystem})\n| extend Sev = tostring(Detections_s.Severity)\n| where Sev in ({severitySelector}) or '*' in ({severitySelector})\n| extend Vulnerability = tostring(Detections_s.Results)\n| where Vulnerability in (\"{Vuln}\") or '*' in (\"{Vuln}\")\n| summarize Total = count() by IPAddress, DnsName_s\n| sort by Total desc\n\n\n\n",
|
|
"size": 0,
|
|
"title": "Host(s) with Vulnerability Detected",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "Severity",
|
|
"formatter": 18,
|
|
"formatOptions": {
|
|
"showIcon": true,
|
|
"thresholdsOptions": "colors",
|
|
"thresholdsGrid": [
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "5 - Urgent",
|
|
"representation": "redBright",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "4 - Critical",
|
|
"representation": "redDark",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "3 - Serious",
|
|
"representation": "orange",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "2 - Medium",
|
|
"representation": "magenta",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "==",
|
|
"thresholdValue": "1 - Minimal",
|
|
"representation": "lightBlue",
|
|
"text": "{0}{1}"
|
|
},
|
|
{
|
|
"operator": "Default",
|
|
"thresholdValue": null,
|
|
"representation": null,
|
|
"text": "{0}{1}"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Total",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "Severity",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "count_",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "hotCold",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"showBorder": false,
|
|
"sortOrderField": 2
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "selectedTab",
|
|
"comparison": "isEqualTo",
|
|
"value": "VulnerabilityAnalysis"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 2 -"
|
|
}
|
|
],
|
|
"fromTemplateId": "sentinel-UserWorkbook",
|
|
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
|
|
} |