Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Solutions/ThreatAnalysis&Response/Workbooks/ThreatAnalysis&Response.json

475 строки
24 KiB
JSON
Исходник Ответственный История

{
"version": "Notebook/1.0",
"items": [
{
"type": 11,
"content": {
"version": "LinkItem/1.0",
"style": "tabs",
"links": [
{
"id": "3ac5e194-a6a4-4405-8370-6da952e8bc5b",
"cellValue": "selectedTab",
"linkTarget": "parameter",
"linkLabel": "Overview",
"subTarget": "Overview",
"style": "link"
},
{
"id": "1ba43bf0-5c1a-4081-b357-34f5389cf5f2",
"cellValue": "selectedTab",
"linkTarget": "parameter",
"linkLabel": "DataSource Statistics",
"subTarget": "DataSourceStatistics",
"style": "link"
},
{
"id": "c5d475b0-86f9-4e78-8b32-d19631bc68de",
"cellValue": "selectedTab",
"linkTarget": "parameter",
"linkLabel": "Microsoft Sentinel Github",
"subTarget": "MicrosoftSentinelGithub",
"style": "link"
},
{
"id": "90261d23-b3d6-4b6c-a22c-c74cfe8d2e23",
"cellValue": "selectedTab",
"linkTarget": "parameter",
"linkLabel": "Detection Platform Services",
"subTarget": "DetectionPlatformServices",
"style": "link"
},
{
"id": "6618168f-77ef-4b5b-9ebd-70e2852ba475",
"cellValue": "selectedTab",
"linkTarget": "parameter",
"linkLabel": "MITRE ATT&CK Heatmaps",
"subTarget": "MITREATT&CKHeatmaps",
"style": "link"
}
]
},
"name": "links - 0"
},
{
"type": 1,
"content": {
"json": "<svg viewBox=\"0 0 19 19\" width=\"20\" class=\"fxt-escapeShadow\" role=\"presentation\" focusable=\"false\" xmlns:svg=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" aria-hidden=\"true\"><g><path fill=\"#1b93eb\" d=\"M16.82 8.886c0 4.81-5.752 8.574-7.006 9.411a.477.477 0 01-.523 0C8.036 17.565 2.18 13.7 2.18 8.886V3.135a.451.451 0 01.42-.419C7.2 2.612 6.154.625 9.5.625s2.3 1.987 6.8 2.091a.479.479 0 01.523.419z\"></path><path fill=\"url(#0024423711759027356)\" d=\"M16.192 8.99c0 4.392-5.333 7.947-6.483 8.575a.319.319 0 01-.418 0c-1.15-.732-6.483-4.183-6.483-8.575V3.762a.575.575 0 01.313-.523C7.2 3.135 6.258 1.357 9.4 1.357s2.2 1.882 6.274 1.882a.45.45 0 01.419.418z\"></path><path d=\"M9.219 5.378a.313.313 0 01.562 0l.875 1.772a.314.314 0 00.236.172l1.957.284a.314.314 0 01.174.535l-1.416 1.38a.312.312 0 00-.09.278l.334 1.949a.313.313 0 01-.455.33l-1.75-.92a.314.314 0 00-.292 0l-1.75.92a.313.313 0 01-.455-.33L7.483 9.8a.312.312 0 00-.09-.278L5.977 8.141a.314.314 0 01.174-.535l1.957-.284a.314.314 0 00.236-.172z\" class=\"msportalfx-svg-c01\"></path></g></svg>&nbsp;<span style=\"font-family: Open Sans; font-weight: 620; font-size: 14px;font-style: bold;margin:-10px 0px 0px 0px;position: relative;top:-3px;left:-4px;\"> Please take time to answer a quick survey,\r\n</span>[<span style=\"font-family: Open Sans; font-weight: 620; font-size: 14px;font-style: bold;margin:-10px 0px 0px 0px;position: relative;top:-3px;left:-4px;\"> click here. </span>](https://forms.office.com/r/UjQS9t0TSr)"
},
"name": "Survey"
},
{
"type": 1,
"content": {
"json": "# Getting Started\r\n---\r\n\r\nThis workbook enables SecOps Analysts, Threat Intelligence Professionals, and Threat Hunters to map out-of-the box Microsoft Sentinel detections coverage across MITRE ATT&CK framework. \r\n<br>With this workbook, analysts will be able to get insights into what out-of-the box detections are already available and can make informed decision to either onboard new datasources or enable new analytics and hunting queries to increase MITRE ATT&CK coverage or fill existing gaps. \r\n\r\nThe workbook is designed into separate tabs as deascribed below.\r\n\r\n## DataSource Statistics\r\n---\r\nThis section provides dataSources currently being populated based on Usage Table and security alerts triggered across those datasources from SecurityAlerts Table across Microsoft Sentinel workspace.\r\n\r\n## Microsoft Sentinel Github\r\n---\r\nThis section provides breakdown of existig out-of-the box content by Detection type such as Analytics, Hunting Queries and Fusion detections as well as by MITRE ATT&CK Tactics. \r\n\r\n## Detection Platform Services\r\n---\r\nThis section provides breakdown of built-in alerts from Microsoft suite of security products such as Azure Defender for various cloud resource types/services, Microsoft Defender for Identity (MDI), Microsoft Cloud Application Security (MCAS) and others. \r\n<br> These alerts can be visually represented by products as well as cloud resource types. \r\n\r\n## MITRE ATT&CK Heatmaps\r\n---\r\nThis section provides visual Heatmaps of different MITRE ATT&CK matrix categorized by cloud Platform such as Azure, AWS, GCP as well as by Entra ID, Office 365, Windows, Linux.\r\n\r\nIn order to populate the data you can use either the Jupyter Notebook or deploy the Azure Function as instructed in the solution [ThreatAnalysis&ResponsewithMITREATT&CK](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/ThreatAnalysis%26Response)\r\n\r\n\r\nRefer Notebook : [![nbviewer](https://raw.githubusercontent.com/jupyter/design/master/logos/Badges/nbviewer_badge.svg)](https://nbviewer.jupyter.org/github/Azure/Azure-Sentinel/blob/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/MITRE%20ATT%26CK%20for%20Microsoft%20Sentinel.ipynb)\r\n\r\n\r\n"
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "Overview"
},
"name": "text - 1"
},
{
"type": 1,
"content": {
"json": "## Links and Resources\r\n\r\n- Microsoft Sentinel Github : https://github.com/Azure/Azure-Sentinel/\r\n- Microsoft Sentinel Fusion : https://docs.microsoft.com/azure/sentinel/fusion-scenario-reference\r\n- Microsoft Defender for Cloud: https://docs.microsoft.com/azure/security-center/alerts-reference\r\n- Azure Identity Protection (AIP): https://docs.microsoft.com/azure/active-directory/identity-protection/concept-identity-protection-risks\r\n- Microsoft Defender for Identity: https://docs.microsoft.com/advanced-threat-analytics/suspicious-activity-guide\r\n- Microsoft Defender for Cloud Apps : https://docs.microsoft.com/cloud-app-security/investigate-anomaly-alerts"
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "Overview"
},
"name": "text - 2"
},
{
"type": 1,
"content": {
"json": "\r\n# ** Data Sources Available in Current Microsoft Sentinel **\r\n"
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "DataSourceStatistics"
},
"name": "text - 3"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Usage \r\n| summarize SizeinMB = round(sum(Quantity),2) by DataType \r\n| sort by SizeinMB desc",
"size": 0,
"timeContext": {
"durationMs": 86400000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "categoricalbar"
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "DataSourceStatistics"
},
"name": "query - 4"
},
{
"type": 1,
"content": {
"json": "# Detections Coverage in Existing Microsoft Sentinel"
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "DataSourceStatistics"
},
"name": "text - 5"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityAlert\r\n| where isnotempty(ProviderName)\r\n| summarize Count=dcount(AlertName) by ProviderName, VendorName",
"size": 0,
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart",
"tileSettings": {
"showBorder": false,
"titleContent": {
"columnMatch": "ProviderName",
"formatter": 1
},
"leftContent": {
"columnMatch": "Count",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
},
"graphSettings": {
"type": 0,
"topContent": {
"columnMatch": "ProviderName",
"formatter": 1
},
"centerContent": {
"columnMatch": "Count",
"formatter": 1,
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
}
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "DataSourceStatistics"
},
"customWidth": "50",
"name": "query - 6",
"styleSettings": {
"maxWidth": "50"
}
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityAlert\r\n| where isnotempty(ProviderName)\r\n| summarize Count=count() by ProviderName, VendorName, AlertName\r\n| sort by ProviderName",
"size": 0,
"timeContext": {
"durationMs": 86400000
},
"showExportToExcel": true,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"gridSettings": {
"rowLimit": 500,
"filter": true
}
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "DataSourceStatistics"
},
"customWidth": "50",
"name": "query - 7",
"styleSettings": {
"maxWidth": "50"
}
},
{
"type": 1,
"content": {
"json": "## MITRE ATT&CK Coverage against Microsoft Sentinel Github\r\n\r\n# Links and Resources :\r\n- Tactics : https://attack.mitre.org/tactics/enterprise/\r\n- Enterprise Matrix : https://attack.mitre.org/matrices/enterprise/\r\n"
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "MicrosoftSentinelGithub"
},
"name": "text - 8"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let SentinelGithub = (externaldata(Tactic: string, TechniqueId: string, Platform: string, DetectionType: string, DetectionService: string, DetectionId: guid, DetectionName: string, DetectionDescription: string, ConnectorId: string, DataTypes: string, Query: string, QueryFrequency: string, QueryPeriod: string, TriggerOperator: string, TriggerThreshold: real, DetectionSeverity: string, DetectionUrl: string, IngestedDate: datetime)\r\n[@\"https://raw.githubusercontent.com/microsoft/mstic/master/PublicFeeds/MITREATT%26CK/MicrosoftSentinel.csv\"] with (format=\"csv\", ignoreFirstRecord=True)\r\n);\r\nSentinelGithub\r\n| where isnotempty(Tactic)\r\n| summarize Count=dcount(DetectionName) by DetectionType",
"size": 0,
"title": "Query Type Breakdown",
"timeContext": {
"durationMs": 86400000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart"
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "MicrosoftSentinelGithub"
},
"customWidth": "50",
"name": "query - 10",
"styleSettings": {
"maxWidth": "20"
}
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let SentinelGithub = (externaldata(Tactic: string, TechniqueId: string, Platform: string, DetectionType: string, DetectionService: string, DetectionId: guid, DetectionName: string, DetectionDescription: string, ConnectorId: string, DataTypes: string, Query: string, QueryFrequency: string, QueryPeriod: string, TriggerOperator: string, TriggerThreshold: real, DetectionSeverity: string, DetectionUrl: string, IngestedDate: datetime)\r\n[@\"https://raw.githubusercontent.com/microsoft/mstic/master/PublicFeeds/MITREATT%26CK/MicrosoftSentinel.csv\"] with (format=\"csv\", ignoreFirstRecord=True)\r\n);\r\nSentinelGithub\r\n| where DetectionService == \"Azure Sentinel Community Github\"\r\n| where isnotempty(Tactic)\r\n| extend Tactic = iff(Tactic in (\"Privilege Escalation\",\"Privilege escalation\") ,\"PrivilegeEscalation\",Tactic)\r\n| extend Tactic = iff(Tactic==\"Persistance\",\"Persistence\",Tactic)\r\n| extend Tactic = iff(Tactic in (\"Command and control\",\"CommandandControl\"), \"CommandAndControl\",Tactic)\r\n| extend Tactic = iff(Tactic in (\"Defense Evasion\",\"Defense evasion\"), \"DefenseEvasion\",Tactic)\r\n| extend Tactic = iff(Tactic==\"Lateral movement\",\"LateralMovement\",Tactic)\r\n| extend Tactic = iff(Tactic==\"Credential Access\",\"CredentialAccess\",Tactic)\r\n| extend Tactic = iff(Tactic in (\"IntialAccess\",\"InitalAccess\", \"Initial access\"),\"InitialAccess\",Tactic)\r\n| where Tactic in (\"InitialAccess\", \"Collection\", \"Discovery\", \"Execution\", \"Exfiltration\", \"LateralMovement\", \"Persistence\", \"PrivilegeEscalation\", \"DefenseEvasion\", \"CredentialAccess\", \"LateralMovement\", \"Reconnaissance\", \"Impact\")\r\n| summarize Count=dcount(DetectionId), make_set(DetectionName) by Tactic\r\n| sort by Count desc",
"size": 0,
"title": "Tactic Level Breakdown",
"timeContext": {
"durationMs": 86400000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "tiles",
"tileSettings": {
"showBorder": false,
"titleContent": {
"columnMatch": "Tactic",
"formatter": 1
},
"leftContent": {
"columnMatch": "Count",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
}
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "MicrosoftSentinelGithub"
},
"customWidth": "50",
"name": "query - 9",
"styleSettings": {
"maxWidth": "50"
}
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "\r\nlet SentinelGithub = (externaldata(Tactic: string, TechniqueId: string, Platform: string, DetectionType: string, DetectionService: string, DetectionId: guid, DetectionName: string, DetectionDescription: string, ConnectorId: string, DataTypes: string, Query: string, QueryFrequency: string, QueryPeriod: string, TriggerOperator: string, TriggerThreshold: real, DetectionSeverity: string, DetectionUrl: string, IngestedDate: datetime)\r\n[@\"https://raw.githubusercontent.com/microsoft/mstic/master/PublicFeeds/MITREATT%26CK/MicrosoftSentinel.csv\"] with (format=\"csv\", ignoreFirstRecord=True)\r\n);\r\nSentinelGithub\r\n| where DetectionService == \"Azure Sentinel Community Github\"\r\n| where isnotempty(Platform)\r\n| summarize Count=dcount(DetectionId) by Platform\r\n| sort by Count desc",
"size": 0,
"title": "Platform Level Breakdown",
"timeContext": {
"durationMs": 86400000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "categoricalbar"
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "MicrosoftSentinelGithub"
},
"customWidth": "100",
"name": "query - 12",
"styleSettings": {
"maxWidth": "100"
}
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let SentinelGithub = (externaldata(Tactic: string, TechniqueId: string, Platform: string, DetectionType: string, DetectionService: string, DetectionId: guid, DetectionName: string, DetectionDescription: string, ConnectorId: string, DataTypes: string, Query: string, QueryFrequency: string, QueryPeriod: string, TriggerOperator: string, TriggerThreshold: real, DetectionSeverity: string, DetectionUrl: string, IngestedDate: datetime)\r\n[@\"https://raw.githubusercontent.com/microsoft/mstic/master/PublicFeeds/MITREATT%26CK/MicrosoftSentinel.csv\"] with (format=\"csv\", ignoreFirstRecord=True)\r\n);\r\nSentinelGithub\r\n| where DetectionService == \"Azure Sentinel Community Github\"\r\n| where isnotempty(Tactic) and isnotempty(Platform)\r\n| distinct Platform, DataTypes, DetectionType, DetectionName,DetectionUrl \r\n| sort by Platform asc, DetectionType asc",
"size": 0,
"title": "DataSource Level Breakdown",
"timeContext": {
"durationMs": 86400000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "table",
"gridSettings": {
"rowLimit": 9000,
"filter": true
}
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "MicrosoftSentinelGithub"
},
"customWidth": "100",
"name": "query - 11",
"styleSettings": {
"maxWidth": "100"
}
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let MSFTBuiltinAlerts = (externaldata(Alert: string, Description: string, Tactics:string, Severity:string, Provider:string, DetectionService: string)\r\n[@\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/MSFT-Builtin-Alerts.csv\"] with (format=\"csv\", ignoreFirstRecord=True)\r\n);\r\nMSFTBuiltinAlerts\r\n| summarize Count=count() by DetectionService\r\n| sort by Count desc",
"size": 0,
"title": "Detections by Microsoft Services",
"timeContext": {
"durationMs": 86400000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart"
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "DetectionPlatformServices"
},
"customWidth": "50",
"name": "query - 13",
"styleSettings": {
"maxWidth": "30"
}
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let MSFTBuiltinAlerts = (externaldata(Alert: string, Description: string, Tactics:string, Severity:string, Provider:string, DetectionService: string)\r\n[@\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/MSFT-Builtin-Alerts.csv\"] with (format=\"csv\", ignoreFirstRecord=True)\r\n);\r\nMSFTBuiltinAlerts\r\n| where Provider != \"N.A.\"\r\n| summarize Count=count() by Provider\r\n| sort by Count desc",
"size": 0,
"title": "ASC - Resource Type Breakdown",
"timeContext": {
"durationMs": 86400000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "tiles",
"tileSettings": {
"showBorder": false,
"titleContent": {
"columnMatch": "Provider",
"formatter": 1
},
"leftContent": {
"columnMatch": "Count",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
}
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "DetectionPlatformServices"
},
"customWidth": "50",
"name": "query - 14",
"styleSettings": {
"maxWidth": "70"
}
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let MSFTBuiltinAlerts = (externaldata(Alert: string, Description: string, Tactics:string, Severity:string, Provider:string, DetectionService: string)\r\n[@\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/MSFT-Builtin-Alerts.csv\"] with (format=\"csv\", ignoreFirstRecord=True)\r\n);\r\nMSFTBuiltinAlerts\r\n",
"size": 0,
"title": "List of Alerts by Microsoft Services",
"timeContext": {
"durationMs": 86400000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "table",
"gridSettings": {
"rowLimit": 500,
"filter": true
}
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "DetectionPlatformServices"
},
"name": "query - 15"
},
{
"type": 1,
"content": {
"json": ""
},
"name": "text - 16"
},
{
"type": 1,
"content": {
"json": "## MITRE ATT&CK Navigator Heatmaps\r\n\r\nThis section provides visual Heatmaps of different MITRE ATT&CK matrix categorized by cloud Platform such as Azure, AWS, GCP as well as by Entra ID, Office 365, Windows, Linux.\r\n\r\n### MITRE ATT&CK Navigator Heatmap for Azure\r\n<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/images/Azure_Layer_Json_File_for_Microsoft_Sentinel.svg?sanitize=true\">\r\n\r\n\r\n### MITRE ATT&CK Navigator Heatmap for Entra ID\r\n<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/images/Azure_AD_Layer_Json_File_for_Microsoft_Sentinel.svg?sanitize=true\">\r\n\r\n### MITRE ATT&CK Navigator Heatmap for Office 365\r\n<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/images/Office_365_Layer_Json_File_for_Microsoft_Sentinel.svg?sanitize=true\">\r\n\r\n### MITRE ATT&CK Navigator Heatmap for AWS\r\n<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/images/AWS_Layer_Json_File_for_Microsoft_Sentinel.svg?sanitize=true\">\r\n\r\n### MITRE ATT&CK Navigator Heatmap for GCP\r\n<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/images/GCP_Layer_Json_File_for_Microsoft_Sentinel.svg?sanitize=true\">\r\n\r\n### MITRE ATT&CK Navigator Heatmap for Windows\r\n<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/images/Windows_Layer_Json_File_for_Microsoft_Sentinel.svg?sanitize=true\">\r\n\r\n### MITRE ATT&CK Navigator Heatmap for Linux\r\n<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Tools/MITREATT%26CK-LayerGeneration-Notebook/images/Linux_Layer_Json_File_for_Microsoft_Sentinel.svg?sanitize=true\">\r\n\r\n\r\n"
},
"conditionalVisibility": {
"parameterName": "selectedTab",
"comparison": "isEqualTo",
"value": "MITREATT&CKHeatmaps"
},
"name": "text - 1"
}
],
"fromTemplateId": "sentinel-ThreatAnalysis&Response",
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку