168 строки
5.4 KiB
JSON
168 строки
5.4 KiB
JSON
{
|
|
"version": "Notebook/1.0",
|
|
"items": [
|
|
{
|
|
"type": 12,
|
|
"content": {
|
|
"version": "NotebookGroup/1.0",
|
|
"groupType": "editable",
|
|
"title": "Most viewed Websites",
|
|
"items": [
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "talon_CL\n| extend SplitAll=split(url_s, '/')[0]\n| summarize AggregatedValue = count() by tostring(SplitAll)\n| where tostring(SplitAll) != ''\n| order by AggregatedValue",
|
|
"size": 0,
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "barchart"
|
|
},
|
|
"name": "query - 1"
|
|
}
|
|
]
|
|
},
|
|
"name": "group - 2"
|
|
},
|
|
{
|
|
"type": 12,
|
|
"content": {
|
|
"version": "NotebookGroup/1.0",
|
|
"groupType": "editable",
|
|
"title": "Activities",
|
|
"items": [
|
|
{
|
|
"type": 12,
|
|
"content": {
|
|
"version": "NotebookGroup/1.0",
|
|
"groupType": "editable",
|
|
"title": "Most Active Users",
|
|
"items": [
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "talon_CL \n| where action_s != \"allowed\"\n| summarize AggregatedValue = count() by userEmail_s",
|
|
"size": 0,
|
|
"timeContext": {
|
|
"durationMs": 172800000
|
|
},
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "piechart"
|
|
},
|
|
"name": "High Risk Users"
|
|
}
|
|
]
|
|
},
|
|
"customWidth": "50",
|
|
"name": "group - 1",
|
|
"styleSettings": {
|
|
"margin": "0",
|
|
"padding": "0",
|
|
"maxWidth": "50"
|
|
}
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "talon_CL \n| summarize AggregatedValue = count() by eventType_s \n",
|
|
"size": 0,
|
|
"title": "Most Used Policies",
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "piechart",
|
|
"tileSettings": {
|
|
"showBorder": false,
|
|
"titleContent": {
|
|
"columnMatch": "url",
|
|
"formatter": 1
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "AggregatedValue",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "auto"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"maximumSignificantDigits": 3,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"mapSettings": {
|
|
"locInfo": "LatLong",
|
|
"sizeSettings": "AggregatedValue",
|
|
"sizeAggregation": "Sum",
|
|
"legendMetric": "AggregatedValue",
|
|
"legendAggregation": "Sum",
|
|
"itemColorSettings": {
|
|
"type": "heatmap",
|
|
"colorAggregation": "Sum",
|
|
"nodeColorField": "AggregatedValue",
|
|
"heatmapPalette": "greenRed"
|
|
}
|
|
}
|
|
},
|
|
"customWidth": "50",
|
|
"name": "Most Used Policies",
|
|
"styleSettings": {
|
|
"maxWidth": "50"
|
|
}
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "talon_CL \n| where action_s != \"allowed\"\n| summarize AggregatedValue = count() by deviceHostname_s",
|
|
"size": 0,
|
|
"title": "High Risk Devices",
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
},
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "barchart",
|
|
"tileSettings": {
|
|
"showBorder": false,
|
|
"titleContent": {
|
|
"columnMatch": "deviceHostname_s",
|
|
"formatter": 1
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "AggregatedValue",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "auto"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"maximumSignificantDigits": 3,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"name": "query - 2"
|
|
}
|
|
]
|
|
},
|
|
"name": "Activities"
|
|
}
|
|
],
|
|
"fromTemplateId": "TalonInsightsWorkbook",
|
|
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
|
|
}
|