Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Workbooks/WorkbooksMetadata.json

1314 строки
74 KiB
JSON
Исходник Ответственный История

Этот файл содержит неоднозначные символы Юникода!

Этот файл содержит неоднозначные символы Юникода, которые могут быть перепутаны с другими в текущей локали. Если это намеренно, можете спокойно проигнорировать это предупреждение. Используйте кнопку Экранировать, чтобы подсветить эти символы.

[
{
"workbookKey": "AzureActivityWorkbook",
"logoFileName": "azureactivity_logo.svg",
"description": "Gain extensive insight into your organization's Azure Activity by analyzing, and correlating all user operations and events.\nYou can learn about all user operations, trends, and anomalous changes over time.\nThis workbook gives you the ability to drill down into caller activities and summarize detected failure and warning events.",
"dataTypesDependencies": [ "AzureActivity" ],
"dataConnectorsDependencies": [ "AzureActivity" ],
"previewImagesFileNames": [ "AzureActivityWhite1.png", "AzureActivityBlack1.png" ],
"version": "1.3",
"title": "Azure Activity",
"templateRelativePath": "AzureActivity.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "IdentityAndAccessWorkbook",
"logoFileName": "Microsoft_logo.svg",
"description": "Gain insights into Identity and access operations by collecting and analyzing security logs, using the audit and sign-in logs to gather insights into use of Microsoft products.\nYou can view anomalies and trends across login events from all users and machines. This workbook also identifies suspicious entities from login and access events.",
"dataTypesDependencies": [ "SecurityEvent" ],
"dataConnectorsDependencies": [ "SecurityEvents" ],
"previewImagesFileNames": [ "IdentityAndAccessWhite.png", "IdentityAndAccessBlack.png" ],
"version": "1.1",
"title": "Identity & Access",
"templateRelativePath": "IdentityAndAccess.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "CheckPointWorkbook",
"logoFileName": "",
"description": "Gain insights into Check Point network activities, including number of gateways and servers, security incidents, and identify infected hosts.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "CheckPoint" ],
"previewImagesFileNames": [ "CheckPointWhite.png", "CheckPointBlack.png" ],
"version": "1.0",
"title": "Check Point Software Technologies",
"templateRelativePath": "CheckPoint.json",
"subtitle": "",
"provider": "Check Point"
},
{
"workbookKey": "CiscoWorkbook",
"logoFileName": "cisco_logo.svg",
"description": "Gain insights into your Cisco ASA firewalls by analyzing traffic, events, and firewall operations.\nThis workbook analyzes Cisco ASA threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic directions, and drill down into the Cisco filter results.\nEasily detect attacks on your organization by monitoring management operations, such as configuration and logins.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "CiscoASA" ],
"previewImagesFileNames": [ "CiscoWhite.png", "CiscoBlack.png" ],
"version": "1.1",
"title": "Cisco - ASA",
"templateRelativePath": "Cisco.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "ExchangeOnlineWorkbook",
"logoFileName": "office365_logo.svg",
"description": "Gain insights into Microsoft Exchange online by tracing and analyzing all Exchange operations and user activities.\nThis workbook let you monitor user activities, including logins, account operations, permission changes, and mailbox creations to discover suspicious trends among them.",
"dataTypesDependencies": [ "OfficeActivity" ],
"dataConnectorsDependencies": [ "Office365" ],
"previewImagesFileNames": [ "ExchangeOnlineWhite.png", "ExchangeOnlineBlack.png" ],
"version": "1.1",
"title": "Exchange Online",
"templateRelativePath": "ExchangeOnline.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "PaloAltoOverviewWorkbook",
"logoFileName": "paloalto_logo.svg",
"description": "Gain insights and comprehensive monitoring into Palo Alto firewalls by analyzing traffic and activities.\nThis workbook correlates all Palo Alto data with threat events to identify suspicious entities and relationships.\nYou can learn about trends across user and data traffic, and drill down into Palo Alto Wildfire and filter results.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "PaloAltoNetworks" ],
"previewImagesFileNames": [ "PaloAltoOverviewWhite1.png", "PaloAltoOverviewBlack1.png", "PaloAltoOverviewWhite2.png", "PaloAltoOverviewBlack2.png", "PaloAltoOverviewWhite3.png", "PaloAltoOverviewBlack3.png" ],
"version": "1.2",
"title": "Palo Alto overview",
"templateRelativePath": "PaloAltoOverview.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "PaloAltoNetworkThreatWorkbook",
"logoFileName": "paloalto_logo.svg",
"description": "Gain insights into Palo Alto network activities by analyzing threat events.\nYou can extract meaningful security information by correlating data between threats, applications, and time.\nThis workbook makes it easy to track malware, vulnerability, and virus log events.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "PaloAltoNetworks" ],
"previewImagesFileNames": [ "PaloAltoNetworkThreatWhite1.png", "PaloAltoNetworkThreatBlack1.png", "PaloAltoNetworkThreatWhite2.png", "PaloAltoNetworkThreatBlack2.png" ],
"version": "1.1",
"title": "Palo Alto Network Threat",
"templateRelativePath": "PaloAltoNetworkThreat.json",
"subtitle": "",
"provider": "Palo Alto Networks"
},
{
"workbookKey": "EsetSMCWorkbook",
"logoFileName": "eset-logo.svg",
"description": "Visualize events and threats from Eset Security Management Center.",
"dataTypesDependencies": [ "eset_CL" ],
"dataConnectorsDependencies": [ "EsetSMC" ],
"previewImagesFileNames": [ "esetSMCWorkbook-black.png", "esetSMCWorkbook-white.png" ],
"version": "1.0",
"title": "Eset Security Management Center Overview",
"templateRelativePath": "esetSMCWorkbook.json",
"subtitle": "",
"provider": "Community",
"featureFlag": "EsetSMCConnector"
},
{
"workbookKey": "FortigateWorkbook",
"logoFileName": "fortinet_logo.svg",
"description": "Gain insights into Fortigate firewalls by analyzing traffic and activities.\nThis workbook finds correlations in Fortigate threat events and identifies suspicious ports, users, protocols and IP addresses.\nYou can learn about trends across user and data traffic, and drill down into the Fortigate filter results.\nEasily detect attacks on your organization by monitoring management operations such as configuration and logins.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "Fortinet" ],
"previewImagesFileNames": [ "FortigateWhite.png", "FortigateBlack.png" ],
"version": "1.1",
"title": "FortiGate",
"templateRelativePath": "Fortigate.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "DnsWorkbook",
"logoFileName": "dns_logo.svg",
"description": "Gain extensive insight into your organization's DNS by analyzing, collecting and correlating all DNS events.\nThis workbook exposes a variety of information about suspicious queries, malicious IP addresses and domain operations.",
"dataTypesDependencies": [ "DnsInventory", "DnsEvents" ],
"dataConnectorsDependencies": [ "DNS" ],
"previewImagesFileNames": [ "DnsWhite.png", "DnsBlack.png" ],
"version": "1.2",
"title": "DNS",
"templateRelativePath": "Dns.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "Office365Workbook",
"logoFileName": "office365_logo.svg",
"description": "Gain insights into Office 365 by tracing and analyzing all operations and activities. You can drill down into your SharePoint, OneDrive, and Exchange.\nThis workbook lets you find usage trends across users, files, folders, and mailboxes, making it easier to identify anomalies in your network.",
"dataTypesDependencies": [ "OfficeActivity" ],
"dataConnectorsDependencies": [ "Office365" ],
"previewImagesFileNames": [ "Office365White1.png", "Office365Black1.png", "Office365White2.png", "Office365Black2.png", "Office365White3.png", "Office365Black3.png" ],
"version": "1.2",
"title": "Office 365",
"templateRelativePath": "Office365.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "SharePointAndOneDriveWorkbook",
"logoFileName": "office365_logo.svg",
"description": "Gain insights into SharePoint and OneDrive by tracing and analyzing all operations and activities.\nYou can view trends across user operation, find correlations between users and files, and identify interesting information such as user IP addresses.",
"dataTypesDependencies": [ "OfficeActivity" ],
"dataConnectorsDependencies": [ "Office365" ],
"previewImagesFileNames": [ "SharePointAndOneDriveBlack1.png", "SharePointAndOneDriveBlack2.png", "SharePointAndOneDriveWhite1.png", "SharePointAndOneDriveWhite2.png" ],
"version": "1.1",
"title": "SharePoint & OneDrive",
"templateRelativePath": "SharePointAndOneDrive.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "AzureActiveDirectorySigninLogsWorkbook",
"logoFileName": "azureactivedirectory_logo.svg",
"description": "Gain insights into Azure Active Directory by connecting Azure Sentinel and using the sign-in logs to gather insights around Azure AD scenarios. \nYou can learn about sign-in operations, such as user sign-ins and locations, email addresses, and IP addresses of your users, as well as failed activities and the errors that triggered the failures.",
"dataTypesDependencies": [ "SigninLogs" ],
"dataConnectorsDependencies": [ "AzureActiveDirectory" ],
"previewImagesFileNames": [ "AADsigninBlack1.png", "AADsigninBlack2.png", "AADsigninWhite1.png", "AADsigninWhite2.png" ],
"version": "1.0",
"title": "Azure AD Sign-in logs",
"templateRelativePath": "AzureActiveDirectorySignins.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "VirtualMachinesInsightsWorkbook",
"logoFileName": "azurevirtualmachine_logo.svg",
"description": "Gain rich insight into your organization's virtual machines from Azure Monitor, which analyzes and correlates data in your VM network. \nYou will get visibility on your VM parameters and behavior, and will be able to trace sent and received data. \nIdentify malicious attackers and their targets, and drill down into the protocols, source and destination IP addresses, countries, and ports the attacks occur across.",
"dataTypesDependencies": [ "VMConnection", "ServiceMapComputer_CL", "ServiceMapProcess_CL" ],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "VMInsightBlack1.png", "VMInsightWhite1.png" ],
"version": "1.3",
"title": "VM insights",
"templateRelativePath": "VirtualMachinesInsights.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "AzureActiveDirectoryAuditLogsWorkbook",
"logoFileName": "azureactivedirectory_logo.svg",
"description": "Gain insights into Azure Active Directory by connecting Azure Sentinel and using the audit logs to gather insights around Azure AD scenarios. \nYou can learn about user operations, including password and group management, device activities, and top active users and apps.",
"dataTypesDependencies": [ "AuditLogs" ],
"dataConnectorsDependencies": [ "AzureActiveDirectory" ],
"previewImagesFileNames": [ "AzureADAuditLogsBlack1.png", "AzureADAuditLogsWhite1.png" ],
"version": "1.1",
"title": "Azure AD Audit logs",
"templateRelativePath": "AzureActiveDirectoryAuditLogs.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "ThreatIntelligenceWorkbook",
"logoFileName": "",
"description": "Gain insights into threat indicators, including type and severity of threats, threat activity over time, and correlation with other data sources, including Office 365 and firewalls.",
"dataTypesDependencies": [ "ThreatIntelligenceIndicator", "SecurityAlert" ],
"dataConnectorsDependencies": [ "ThreatIntelligence", "ThreatIntelligenceTaxii" ],
"previewImagesFileNames": [ "ThreatIntelligenceWhite.png", "ThreatIntelligenceBlack.png" ],
"version": "2.3",
"title": "Threat Intelligence",
"templateRelativePath": "ThreatIntelligence.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "WebApplicationFirewallOverviewWorkbook",
"logoFileName": "waf_logo.svg",
"description": "Gain insights into your organization's Azure web application firewall (WAF). You will get a general overview of your application gateway firewall and application gateway access events.",
"dataTypesDependencies": [ "AzureDiagnostics" ],
"dataConnectorsDependencies": [ "WAF" ],
"previewImagesFileNames": [ "WAFOverviewBlack.png", "WAFOverviewWhite.png" ],
"version": "1.1",
"title": "Microsoft Web Application Firewall (WAF) - overview",
"templateRelativePath": "WebApplicationFirewallOverview.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "WebApplicationFirewallFirewallEventsWorkbook",
"logoFileName": "waf_logo.svg",
"description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway firewall. You can view anomalies and trends across all firewall event triggers, attack events, blocked URL addresses and more.",
"dataTypesDependencies": [ "AzureDiagnostics" ],
"dataConnectorsDependencies": [ "WAF" ],
"previewImagesFileNames": [ "WAFFirewallEventsBlack1.png", "WAFFirewallEventsBlack2.png", "WAFFirewallEventsWhite1.png", "WAFFirewallEventsWhite2.png" ],
"version": "1.1",
"title": "Microsoft Web Application Firewall (WAF) - firewall events",
"templateRelativePath": "WebApplicationFirewallFirewallEvents.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "WebApplicationFirewallGatewayAccessEventsWorkbook",
"logoFileName": "waf_logo.svg",
"description": "Gain insights into your organization's Azure web application firewall (WAF). You will get visibility in to your application gateway access events. You can view anomalies and trends across received and sent data, client IP addresses, URL addresses and more, and drill down into details.",
"dataTypesDependencies": [ "AzureDiagnostics" ],
"dataConnectorsDependencies": [ "WAF" ],
"previewImagesFileNames": [ "WAFGatewayAccessEventsBlack1.png", "WAFGatewayAccessEventsBlack2.png", "WAFGatewayAccessEventsWhite1.png", "WAFGatewayAccessEventsWhite2.png" ],
"version": "1.2",
"title": "Microsoft Web Application Firewall (WAF) - gateway access events",
"templateRelativePath": "WebApplicationFirewallGatewayAccessEvents.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "LinuxMachinesWorkbook",
"logoFileName": "azurevirtualmachine_logo.svg",
"description": "Gain insights into your workspaces' Linux machines by connecting Azure Sentinel and using the logs to gather insights around Linux events and errors.",
"dataTypesDependencies": [ "Syslog" ],
"dataConnectorsDependencies": [ "Syslog" ],
"previewImagesFileNames": [ "LinuxMachinesWhite.png", "LinuxMachinesBlack.png" ],
"version": "1.1",
"title": "Linux machines",
"templateRelativePath": "LinuxMachines.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "AzureFirewallWorkbook",
"logoFileName": "AzFirewalls.svg",
"description": "Gain insights into Azure Firewall events. You can learn about your application and network rules, see metrics for firewall activities across URLs, ports, and addresses across multiple workspaces.",
"dataTypesDependencies": [ "AzureDiagnostics" ],
"dataConnectorsDependencies": ["AzureFirewall"],
"previewImagesFileNames": [ "AzureFirewallWorkbookWhite1.PNG", "AzureFirewallWorkbookBlack1.PNG", "AzureFirewallWorkbookWhite2.PNG", "AzureFirewallWorkbookBlack2.PNG", "AzureFirewallWorkbookWhite3.PNG", "AzureFirewallWorkbookBlack3.PNG", "AzureFirewallWorkbookWhite4.PNG", "AzureFirewallWorkbookBlack4.PNG", "AzureFirewallWorkbookWhite5.PNG", "AzureFirewallWorkbookBlack5.PNG" ],
"version": "1.1",
"title": "Azure Firewall",
"templateRelativePath": "AzureFirewallWorkbook.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "AzureDDoSStandardProtection",
"logoFileName": "AzDDoS.svg",
"description": "This workbook visualizes security-relevant Azure DDoS events across several filterable panels. Offering a summary tab, metrics and a investigate tabs across multiple workspaces.",
"dataTypesDependencies": [ "AzureDiagnostics" ],
"dataConnectorsDependencies": ["DDoS"],
"previewImagesFileNames": [ "AzureDDoSWhite1.PNG", "AzureDDoSBlack1.PNG","AzureDDoSWhite2.PNG", "AzureDDoSBlack2.PNG","AzureDDoSWhite2.PNG", "AzureDDoSBlack2.PNG" ],
"version": "1.0",
"title": "Azure DDoS Protection Workbook",
"templateRelativePath": "AzDDoSStandardWorkbook.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "MicrosoftCloudAppSecurityWorkbook",
"logoFileName": "Microsoft_logo.svg",
"description": "Using this workbook, you can identify which cloud apps are being used in your organization, gain insights from usage trends and drill down to a specific user and application",
"dataTypesDependencies": [ "McasShadowItReporting" ],
"dataConnectorsDependencies": [ "MicrosoftCloudAppSecurity" ],
"previewImagesFileNames": [ "McasDiscoveryBlack.png", "McasDiscoveryWhite.png" ],
"version": "1.2",
"title": "Microsoft Cloud App Security - discovery logs",
"templateRelativePath": "MicrosoftCloudAppSecurity.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "F5BIGIPSytemMetricsWorkbook",
"logoFileName": "f5_logo.svg",
"description": "Gain insight into F5 BIG-IP health and performance. This workbook provides visibility of various metrics including CPU, memory, connectivity, throughput and disk utilization.",
"dataTypesDependencies": [ "F5Telemetry_system_CL", "F5Telemetry_AVR_CL" ],
"dataConnectorsDependencies": [ "F5BigIp" ],
"previewImagesFileNames": [ "F5SMBlack.png", "F5SMWhite.png" ],
"version": "1.1",
"title": "F5 BIG-IP System Metrics",
"templateRelativePath": "F5BIGIPSystemMetrics.json",
"subtitle": "",
"provider": "F5 Networks"
},
{
"workbookKey": "F5NetworksWorkbook",
"logoFileName": "f5_logo.svg",
"description": "Gain insights into F5 BIG-IP Application Security Manager (ASM), by analyzing traffic and activities.\nThis workbook provides insight into F5's web application firewall events and identifies attack traffic patterns across multiple ASM instances as well as overall BIG-IP health.",
"dataTypesDependencies": [ "F5Telemetry_LTM_CL", "F5Telemetry_system_CL", "F5Telemetry_ASM_CL" ],
"dataConnectorsDependencies": [ "F5BigIp" ],
"previewImagesFileNames": [ "F5White.png", "F5Black.png" ],
"version": "1.1",
"title": "F5 BIG-IP ASM",
"templateRelativePath": "F5Networks.json",
"subtitle": "",
"provider": "F5 Networks"
},
{
"workbookKey": "AzureNetworkWatcherWorkbook",
"logoFileName": "networkwatcher_logo.svg",
"description": "Gain deeper understanding of your organization's Azure network traffic by analyzing, and correlating Network Security Group flow logs. \nYou can trace malicious traffic flows, and drill down into their protocols, source and destination IP addresses, machines, countries, and subnets. \nThis workbook also helps you protect your network by identifying weak NSG rules.",
"dataTypesDependencies": [ "AzureNetworkAnalytics_CL" ],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "AzureNetworkWatcherWhite.png", "AzureNetworkWatcherBlack.png" ],
"version": "1.1",
"title": "Azure Network Watcher",
"templateRelativePath": "AzureNetworkWatcher.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "ZscalerFirewallWorkbook",
"logoFileName": "zscaler_logo.svg",
"description": "Gain insights into your ZIA cloud firewall logs by connecting to Azure Sentinel.\nThe Zscaler firewall overview workbook provides an overview and ability to drill down into all cloud firewall activity in your Zscaler instance including non-web related networking events, security events, firewall rules, and bandwidth consumption",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "Zscaler" ],
"previewImagesFileNames": [ "ZscalerFirewallWhite1.png", "ZscalerFirewallBlack1.png", "ZscalerFirewallWhite2.png", "ZscalerFirewallBlack2.png" ],
"version": "1.1",
"title": "Zscaler Firewall",
"templateRelativePath": "ZscalerFirewall.json",
"subtitle": "",
"provider": "Zscaler"
},
{
"workbookKey": "ZscalerWebOverviewWorkbook",
"logoFileName": "zscaler_logo.svg",
"description": "Gain insights into your ZIA web logs by connecting to Azure Sentinel.\nThe Zscaler web overview workbook provides a bird's eye view and ability to drill down into all the security and networking events related to web transactions, types of devices, and bandwidth consumption.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "Zscaler" ],
"previewImagesFileNames": [ "ZscalerWebOverviewWhite.png", "ZscalerWebOverviewBlack.png" ],
"version": "1.1",
"title": "Zscaler Web Overview",
"templateRelativePath": "ZscalerWebOverview.json",
"subtitle": "",
"provider": "Zscaler"
},
{
"workbookKey": "ZscalerThreatsOverviewWorkbook",
"logoFileName": "zscaler_logo.svg",
"description": "Gain insights into threats blocked by Zscaler Internet access on your network.\nThe Zscaler threat overview workbook shows your entire threat landscape including blocked malware, IPS/AV rules, and blocked cloud apps. Threats are displayed by threat categories, filetypes, inbound vs outbound threats, usernames, user location, and more.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "Zscaler" ],
"previewImagesFileNames": [ "ZscalerThreatsWhite.png", "ZscalerThreatsBlack.png" ],
"version": "1.2",
"title": "Zscaler Threats",
"templateRelativePath": "ZscalerThreats.json",
"subtitle": "",
"provider": "Zscaler"
},
{
"workbookKey": "ZscalerOffice365AppsWorkbook",
"logoFileName": "zscaler_logo.svg",
"description": "Gain insights into Office 365 use on your network.\nThe Zscaler Office 365 overview workbook shows you the Microsoft apps running on your network and their individual bandwidth consumption. It also helps identify phishing attempts in which attackers disguised themselves as Microsoft services.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "Zscaler" ],
"previewImagesFileNames": [ "ZscalerOffice365White.png", "ZscalerOffice365Black.png" ],
"version": "1.1",
"title": "Zscaler Office365 Apps",
"templateRelativePath": "ZscalerOffice365Apps.json",
"subtitle": "",
"provider": "Zscaler"
},
{
"workbookKey": "InsecureProtocolsWorkbook",
"logoFileName": "Microsoft_logo.svg",
"description": "Gain insights into insecure protocol traffic by collecting and analyzing security events from Microsoft products.\nYou can view analytics and quickly identify use of weak authentication as well as sources of legacy protocol traffic, like NTLM and SMBv1.\nYou will also have the ability to monitor use of weak ciphers, allowing you to find weak spots in your organization's security.",
"dataTypesDependencies": [ "SecurityEvent", "Event", "SigninLogs" ],
"dataConnectorsDependencies": [ "SecurityEvents", "AzureActiveDirectory" ],
"previewImagesFileNames": [ "InsecureProtocolsWhite1.png", "InsecureProtocolsBlack1.png", "InsecureProtocolsWhite2.png", "InsecureProtocolsBlack2.png" ],
"version": "2.0",
"title": "Insecure Protocols",
"templateRelativePath": "InsecureProtocols.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "AzureInformationProtectionWorkbook",
"logoFileName": "informationProtection.svg",
"description": "The Azure Information Protection Usage report workbook provides information on the volume of labeled and protected documents and emails over time, label distribution of files by label type, along with where the label was applied.",
"dataTypesDependencies": [ "InformationProtectionLogs_CL" ],
"dataConnectorsDependencies": [ "AzureInformationProtection" ],
"previewImagesFileNames": [ "AzureInformationProtectionWhite.png", "AzureInformationProtectionBlack.png" ],
"version": "1.1",
"title": "Azure Information Protection - Usage Report",
"templateRelativePath": "AzureInformationProtection.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "AmazonWebServicesNetworkActivitiesWorkbook",
"logoFileName": "amazon_web_services_Logo.svg",
"description": "Gain insights into AWS network related resource activities, including the creation, update, and deletions of security groups, network ACLs and routes, gateways, elastic load balancers, VPCs, subnets, and network interfaces.",
"dataTypesDependencies": [ "AWSCloudTrail" ],
"dataConnectorsDependencies": [ "AWS" ],
"previewImagesFileNames": [ "AwsNetworkActivitiesWhite.png", "AwsNetworkActivitiesBlack.png" ],
"version": "1.0",
"title": "AWS Network Activities",
"templateRelativePath": "AmazonWebServicesNetworkActivities.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "AmazonWebServicesUserActivitiesWorkbook",
"logoFileName": "amazon_web_services_Logo.svg",
"description": "Gain insights into AWS user activities, including failed sign-in attempts, IP addresses, regions, user agents, and identity types, as well as potential malicious user activities with assumed roles.",
"dataTypesDependencies": [ "AWSCloudTrail" ],
"dataConnectorsDependencies": [ "AWS" ],
"previewImagesFileNames": [ "AwsUserActivitiesWhite.png", "AwsUserActivitiesBlack.png" ],
"version": "1.0",
"title": "AWS User Activities",
"templateRelativePath": "AmazonWebServicesUserActivities.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "TrendMicroDeepSecurityAttackActivityWorkbook",
"logoFileName": "trendmicro_logo.svg",
"description": "Visualize and gain insights into the MITRE ATT&CK related activity detected by Trend Micro Deep Security.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "TrendMicro" ],
"previewImagesFileNames": [ "TrendMicroDeepSecurityAttackActivityWhite.png", "TrendMicroDeepSecurityAttackActivityBlack.png" ],
"version": "1.0",
"title": "Trend Micro Deep Security ATT&CK Related Activity",
"templateRelativePath": "TrendMicroDeepSecurityAttackActivity.json",
"subtitle": "",
"provider": "Trend Micro"
},
{
"workbookKey": "TrendMicroDeepSecurityOverviewWorkbook",
"logoFileName": "trendmicro_logo.svg",
"description": "Gain insights into your Trend Micro Deep Security security event data by visualizing your Deep Security Anti-Malware, Firewall, Integrity Monitoring, Intrusion Prevention, Log Inspection, and Web Reputation event data.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "TrendMicro" ],
"previewImagesFileNames": [ "TrendMicroDeepSecurityOverviewWhite1.png", "TrendMicroDeepSecurityOverviewBlack1.png", "TrendMicroDeepSecurityOverviewWhite2.png", "TrendMicroDeepSecurityOverviewBlack2.png" ],
"version": "1.0",
"title": "Trend Micro Deep Security Events",
"templateRelativePath": "TrendMicroDeepSecurityOverview.json",
"subtitle": "",
"provider": "Trend Micro"
},
{
"workbookKey": "ExtraHopDetectionSummaryWorkbook",
"logoFileName": "extrahop_logo.svg",
"description": "Gain insights into ExtraHop Reveal(x) detections by analyzing traffic and activities.\nThis workbook provides an overview of security detections in your organization's network, including high-risk detections and top participants.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "ExtraHopNetworks" ],
"previewImagesFileNames": [ "ExtrahopWhite.png", "ExtrahopBlack.png" ],
"version": "1.0",
"title": "ExtraHop",
"templateRelativePath": "ExtraHopDetectionSummary.json",
"subtitle": "",
"provider": "ExtraHop Networks"
},
{
"workbookKey": "BarracudaCloudFirewallWorkbook",
"logoFileName": "barracuda_logo.svg",
"description": "Gain insights into your Barracuda CloudGen Firewall by analyzing firewall operations and events.\nThis workbook provides insights into rule enforcement, network activities, including number of connections, top users, and helps you identify applications that are popular on your network.",
"dataTypesDependencies": [ "CommonSecurityLog", "Syslog" ],
"dataConnectorsDependencies": [ "BarracudaCloudFirewall" ],
"previewImagesFileNames": [ "BarracudaWhite1.png", "BarracudaBlack1.png", "BarracudaWhite2.png", "BarracudaBlack2.png" ],
"version": "1.0",
"title": "Barracuda CloudGen FW",
"templateRelativePath": "Barracuda.json",
"subtitle": "",
"provider": "Barracuda"
},
{
"workbookKey": "CitrixWorkbook",
"logoFileName": "citrix_logo.svg",
"description": "Citrix Analytics Workbook is one that visualizes the user behavior analysis performed by Citrix Analytics.\nAn admin can troubleshoot and monitor user activities in an enterprise.",
"dataTypesDependencies": [ "CitrixAnalytics_SAlerts_CL", "CitrixAnalytics_SActions_CL", "CitrixAnalytics_SWatchList_CL" ],
"dataConnectorsDependencies": [ "Citrix" ],
"previewImagesFileNames": [ "CitrixWhite.png", "CitrixBlack.png" ],
"version": "2.0",
"title": "Citrix",
"templateRelativePath": "Citrix.json",
"subtitle": "",
"provider": "Citrix Systems Inc."
},
{
"workbookKey": "OneIdentityWorkbook",
"logoFileName": "oneIdentity_logo.svg",
"description": "This simple workbook gives an overview of sessions going through your SafeGuard for Privileged Sessions device.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "OneIdentity" ],
"previewImagesFileNames": [ "OneIdentityWhite.png", "OneIdentityBlack.png" ],
"version": "1.0",
"title": "One Identity",
"templateRelativePath": "OneIdentity.json",
"subtitle": "",
"provider": "One Identity LLC."
},
{
"workbookKey": "SecurityStatusWorkbook",
"logoFileName": "",
"description": "This workbook gives an overview of Security Settings for VMs and Azure Arc.",
"dataTypesDependencies": [ "CommonSecurityLog", "SecurityEvent", "Syslog" ],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "AzureSentinelSecurityStatusBlack.png", "AzureSentinelSecurityStatusWhite.png" ],
"version": "1.3",
"title": "Security Status",
"templateRelativePath": "SecurityStatus.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "AzureSentinelSecurityAlertsWorkbook",
"logoFileName": "Azure_Sentinel.svg",
"description": "Security Alerts dashboard for alerts in your Azure Sentinel environment.",
"dataTypesDependencies": [ "SecurityAlert" ],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "AzureSentinelSecurityAlertsWhite.png", "AzureSentinelSecurityAlertsBlack.png" ],
"version": "1.1",
"title": "Security Alerts",
"templateRelativePath": "AzureSentinelSecurityAlerts.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "SquadraTechnologiesSecRMMWorkbook",
"logoFileName": "SquadraTechnologiesLogo.svg",
"description": "This workbook gives an overview of security data for removable storage activity such as USB thumb drives and USB connected mobile devices.",
"dataTypesDependencies": [ "secRMM_CL" ],
"dataConnectorsDependencies": [ "SquadraTechnologiesSecRmm" ],
"previewImagesFileNames": [ "SquadraTechnologiesSecRMMWhite.PNG", "SquadraTechnologiesSecRMMBlack.PNG" ],
"version": "1.0",
"title": "Squadra Technologies SecRMM - USB removable storage security",
"templateRelativePath": "SquadraTechnologiesSecRMM.json",
"subtitle": "",
"provider": "Squadra Technologies"
},
{
"workbookKey": "IoT-Alerts",
"logoFileName": "IoTIcon.svg",
"description": "Gain insights into your IoT data workloads from Azure IoT Hub managed deployments, monitor alerts across all your IoT Hub deployments, detect devices at risk and act upon potential threats.",
"dataTypesDependencies": [ "SecurityAlert" ],
"dataConnectorsDependencies": [ "IoT" ],
"previewImagesFileNames": [ "IOTBlack1.png", "IOTWhite1.png" ],
"version": "1.2",
"title": "Azure Defender for IoT Alerts",
"templateRelativePath": "IOT_Alerts.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "ForcepointCASBWorkbook",
"logoFileName": "FP_Green_Emblem_RGB-01.svg",
"description": "Get insights on user risk with the Forcepoint CASB (Cloud Access Security Broker) workbook.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "ForcepointCasb" ],
"previewImagesFileNames": [ "ForcepointCASBWhite.png", "ForcepointCASBBlack.png" ],
"version": "1.0",
"title": "Forcepoint Cloud Access Security Broker (CASB)",
"templateRelativePath": "ForcepointCASB.json",
"subtitle": "",
"provider": "Forcepoint"
},
{
"workbookKey": "ForcepointNGFWWorkbook",
"logoFileName": "FP_Green_Emblem_RGB-01.svg",
"description": "Get insights on firewall activities with the Forcepoint NGFW (Next Generation Firewall) workbook.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "ForcepointNgfw" ],
"previewImagesFileNames": [ "ForcepointNGFWWhite.png", "ForcepointNGFWBlack.png" ],
"version": "1.0",
"title": "Forcepoint Next Generation Firewall (NGFW)",
"templateRelativePath": "ForcepointNGFW.json",
"subtitle": "",
"provider": "Forcepoint"
},
{
"workbookKey": "ForcepointDLPWorkbook",
"logoFileName": "FP_Green_Emblem_RGB-01.svg",
"description": "Get insights on DLP incidents with the Forcepoint DLP (Data Loss Prevention) workbook.",
"dataTypesDependencies": [ "ForcepointDLPEvents_CL" ],
"dataConnectorsDependencies": [ "ForcepointDlp" ],
"previewImagesFileNames": [ "ForcepointDLPWhite.png", "ForcepointDLPBlack.png" ],
"version": "1.0",
"title": "Forcepoint Data Loss Prevention (DLP)",
"templateRelativePath": "ForcepointDLP.json",
"subtitle": "",
"provider": "Forcepoint"
},
{
"workbookKey": "ZimperiumMTDWorkbook",
"logoFileName": "ZIMPERIUM-logo_square2.svg",
"description": "This workbook provides insights on Zimperium Mobile Threat Defense (MTD) threats and mitigations.",
"dataTypesDependencies": [ "ZimperiumThreatLog_CL", "ZimperiumMitigationLog_CL" ],
"dataConnectorsDependencies": [ "ZimperiumMtdAlerts" ],
"previewImagesFileNames": [ "ZimperiumWhite.png", "ZimperiumBlack.png" ],
"version": "1.0",
"title": "Zimperium Mobile Threat Defense (MTD)",
"templateRelativePath": "ZimperiumWorkbooks.json",
"subtitle": "",
"provider": "Zimperium"
},
{
"workbookKey": "AzureAuditActivityAndSigninWorkbook",
"logoFileName": "azureactivedirectory_logo.svg",
"description": "Gain insights into Azure Active Directory Audit, Activity and Signins with one workbook. This workbook can be used by Security and Azure administrators.",
"dataTypesDependencies": [ "AzureActivity","AuditLogs","SigninLogs" ],
"dataConnectorsDependencies": [ "AzureActiveDirectory" ],
"previewImagesFileNames": ["AzureAuditActivityAndSigninWhite1.png","AzureAuditActivityAndSigninWhite2.png","AzureAuditActivityAndSigninBlack1.png","AzureAuditActivityAndSigninBlack2.png"],
"version": "1.0",
"title": "Azure AD Audit, Activity and Sign-in logs",
"templateRelativePath": "AzureAuditActivityAndSignin.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "WindowsFirewall",
"logoFileName": "Microsoft_logo.svg",
"description": "Gain insights into Windows Firewall logs in combination with security and Azure signin logs",
"dataTypesDependencies": [ "WindowsFirewall","SecurityEvent","SigninLogs" ],
"dataConnectorsDependencies": [ "SecurityEvents", "WindowsFirewall" ],
"previewImagesFileNames": ["WindowsFirewallWhite1.png","WindowsFirewallWhite2.png","WindowsFirewallBlack1.png","WindowsFirewallBlack2.png"],
"version": "1.0",
"title": "Windows Firewall",
"templateRelativePath": "WindowsFirewall.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "EventAnalyzerwWorkbook",
"logoFileName": "",
"description": "The Event Analyzer workbook allows to explore, audit and speed up analysis of Windows Event Logs, including all event details and attributes, such as security, application, system, setup, directory service, DNS and others.",
"dataTypesDependencies": [ "SecurityEvent" ],
"dataConnectorsDependencies": [ "SecurityEvents" ],
"previewImagesFileNames": ["EventAnalyzer-Workbook-White.png", "EventAnalyzer-Workbook-Black.png"],
"version": "1.0",
"title": "Event Analyzer",
"templateRelativePath": "EventAnalyzer.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "ASC-ComplianceandProtection",
"logoFileName": "",
"description": "Gain insight into regulatory compliance, alert trends, security posture, and more with this workbook based on Azure Security Center data.",
"dataTypesDependencies": [ "SecurityAlert", "ProtectionStatus", "SecurityRecommendation", "SecurityBaseline", "SecurityBaselineSummary", "Update", "ConfigurationChange" ],
"dataConnectorsDependencies": [ "AzureSecurityCenter" ],
"previewImagesFileNames": [ "ASCCaPBlack.png", "ASCCaPWhite.png" ],
"version": "1.2",
"title": "ASC Compliance and Protection",
"templateRelativePath": "ASC-ComplianceandProtection.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "AIVectraDetectWorkbook",
"logoFileName": "AIVectraDetect.svg",
"description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.",
"dataTypesDependencies": ["CommonSecurityLog"],
"dataConnectorsDependencies": ["AIVectraDetect"],
"previewImagesFileNames": ["AIVectraDetectWhite1.png", "AIVectraDetectBlack1.png"],
"version": "1.0",
"title": "AI Vectra Detect",
"templateRelativePath": "AIVectraDetectWorkbook.json",
"subtitle": "",
"provider": "Vectra AI"
},
{
"workbookKey": "Perimeter81OverviewWorkbook",
"logoFileName": "Perimeter81_Logo.svg",
"description": "Gain insights and comprehensive monitoring into your Perimeter 81 account by analyzing activities.",
"dataTypesDependencies": [ "Perimeter81_CL" ],
"dataConnectorsDependencies": [ "Perimeter81ActivityLogs" ],
"previewImagesFileNames": [ "Perimeter81OverviewWhite1.png", "Perimeter81OverviewBlack1.png", "Perimeter81OverviewWhite2.png", "Perimeter81OverviewBlack2.png" ],
"version": "1.0",
"title": "Perimeter 81 Overview",
"templateRelativePath": "Perimeter81OverviewWorkbook.json",
"subtitle": "",
"provider": "Perimeter 81"
},
{
"workbookKey": "SymantecProxySGWorkbook",
"logoFileName": "symantec_logo.svg",
"description": "Gain insight into Symantec ProxySG by analyzing, collecting and correlating proxy data.\nThis workbook provides visibility into ProxySG Access logs",
"dataTypesDependencies": ["Syslog"],
"dataConnectorsDependencies": [ "SymantecProxySG" ],
"previewImagesFileNames": [ "SymantecProxySGWhite.png", "SymantecProxySGBlack.png" ],
"version": "1.0",
"title": "Symantec ProxySG",
"templateRelativePath": "SymantecProxySG.json",
"subtitle": "",
"provider": "Symantec"
},
{
"workbookKey": "IllusiveASMWorkbook",
"logoFileName": "illusive_logo_workbook.svg",
"description": "Gain insights into your organization's Cyber Hygiene and Attack Surface risk.\nIllusive ASM automates discovery and clean-up of credential violations, allows drill-down inspection of pathways to critical assets, and provides risk insights that inform intelligent decision-making to reduce attacker mobility.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "illusiveAttackManagementSystem" ],
"previewImagesFileNames": [ "IllusiveASMWhite.png", "IllusiveASMBlack.png"],
"version": "1.0",
"title": "Illusive ASM Dashboard",
"templateRelativePath": "IllusiveASM.json",
"subtitle": "",
"provider": "Illusive",
"featureFlag": "IllusiveConnector"
},
{
"workbookKey": "IllusiveADSWorkbook",
"logoFileName": "illusive_logo_workbook.svg",
"description": "Gain insights into unauthorized lateral movement in your organization's network.\nIllusive ADS is designed to paralyzes attackers and eradicates in-network threats by creating a hostile environment for the attackers across all the layers of the attack surface.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "illusiveAttackManagementSystem" ],
"previewImagesFileNames": [ "IllusiveADSWhite.png", "IllusiveADSBlack.png"],
"version": "1.0",
"title": "Illusive ADS Dashboard",
"templateRelativePath": "IllusiveADS.json",
"subtitle": "",
"provider": "Illusive",
"featureFlag": "IllusiveConnector"
},
{
"workbookKey": "PulseConnectSecureWorkbook",
"logoFileName": "",
"description": "Gain insight into Pulse Secure VPN by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into user VPN activities",
"dataTypesDependencies": ["Syslog"],
"dataConnectorsDependencies": [ "PulseConnectSecure" ],
"previewImagesFileNames": [ "PulseConnectSecureWhite.png", "PulseConnectSecureBlack.png" ],
"version": "1.0",
"title": "Pulse Connect Secure",
"templateRelativePath": "PulseConnectSecure.json",
"subtitle": "",
"provider": "Pulse Secure",
"featureFlag": "PulseConnectSecureConnector"
},
{
"workbookKey": "InfobloxNIOSWorkbook",
"logoFileName": "infoblox_logo.svg",
"description": "Gain insight into Infoblox NIOS by analyzing, collecting and correlating DHCP and DNS data.\nThis workbook provides visibility into DHCP and DNS traffic",
"dataTypesDependencies": ["Syslog"],
"dataConnectorsDependencies": [ "InfobloxNIOS" ],
"previewImagesFileNames": [ "InfobloxNIOSWhite.png", "InfobloxNIOSBlack.png" ],
"version": "1.1",
"title": "Infoblox NIOS",
"templateRelativePath": "InfobloxNIOS.json",
"subtitle": "",
"provider": "Infoblox",
"featureFlag": "InfobloxNIOSConnector"
},
{
"workbookKey": "SymantecVIPWorkbook",
"logoFileName": "symantec_logo.svg",
"description": "Gain insight into Symantec VIP by analyzing, collecting and correlating strong authentication data.\nThis workbook provides visibility into user authentications",
"dataTypesDependencies": ["Syslog"],
"dataConnectorsDependencies": [ "SymantecVIP" ],
"previewImagesFileNames": [ "SymantecVIPWhite.png", "SymantecVIPBlack.png" ],
"version": "1.0",
"title": "Symantec VIP",
"templateRelativePath": "SymantecVIP.json",
"subtitle": "",
"provider": "Symantec",
"featureFlag": "SymantecVIPConnector"
},
{
"workbookKey": "VMwareCarbonBlackWorkbook",
"logoFileName": "vmwarecarbonblack_logo.svg",
"description": "Gain extensive insight into VMware Carbon Black Cloud - Endpoint Standard by analyzing, collecting and correlating Event logs.\nThis workbook provides visibility into Carbon Black managed endpoints and identified threat event",
"dataTypesDependencies": [ "CarbonBlackEvents_CL","CarbonBlackNotifications_CL","CarbonBlackAuditLogs_CL" ],
"dataConnectorsDependencies": [ "VMwareCarbonBlack" ],
"previewImagesFileNames": [ "VMwareCarbonWhite.png", "VMwareCarbonBlack.png" ],
"version": "1.0",
"title": "VMware Carbon Black",
"templateRelativePath": "VMwareCarbonBlack.json",
"subtitle": "",
"provider": "VMware",
"featureFlag": "VMwareCarbonBlackConnector"
},
{
"workbookKey": "ProofPointTAPWorkbook",
"logoFileName": "proofpointlogo.svg",
"description": "Gain extensive insight into Proofpoint Targeted Attack Protection (TAP) by analyzing, collecting and correlating TAP log events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked",
"dataTypesDependencies": [ "ProofPointTAPMessagesBlocked_CL", "ProofPointTAPMessagesDelivered_CL", "ProofPointTAPClicksPermitted_CL", "ProofPointTAPClicksBlocked_CL" ],
"dataConnectorsDependencies": [ "ProofpointTAP" ],
"previewImagesFileNames": [ "ProofpointTAPWhite.png", "ProofpointTAPBlack.png" ],
"version": "1.0",
"title": "Proofpoint TAP",
"templateRelativePath": "ProofpointTAP.json",
"subtitle": "",
"provider": "Proofpoint",
"featureFlag": "ProofpointTAPConnector"
},
{
"workbookKey": "QualysVMWorkbook",
"logoFileName": "qualys_logo.svg",
"description": "Gain insight into Qualys Vulnerability Management by analyzing, collecting and correlating vulnerability data.\nThis workbook provides visibility into vulnerabilities detected from vulnerability scans",
"dataTypesDependencies": ["QualysHostDetection_CL"],
"dataConnectorsDependencies": [ "QualysVulnerabilityManagement" ],
"previewImagesFileNames": [ "QualysVMWhite.png", "QualysVMBlack.png" ],
"version": "1.0",
"title": "Qualys Vulnerability Management",
"templateRelativePath": "QualysVM.json",
"subtitle": "",
"provider": "Qualys",
"featureFlag": "QualysVulnerabilityManagementConnector"
},
{
"workbookKey": "GitHubSecurityWorkbook",
"logoFileName": "GitHub.svg",
"description": "Gain insights to GitHub activities that may be interesting for security.",
"dataTypesDependencies": [ "Github_CL", "GitHubRepoLogs_CL" ],
"dataConnectorsDependencies": [ ],
"previewImagesFileNames": [ "GitHubSecurityWhite.png", "GitHubSecurityBlack.png"],
"version": "1.0",
"title": "GitHub Security",
"templateRelativePath": "GitHubSecurityWorkbook.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "VisualizationDemo",
"logoFileName": "",
"description": "Learn and explore the many ways of displaying information within Azure Sentinel workbooks",
"dataTypesDependencies": [ "SecurityAlert" ],
"dataConnectorsDependencies": [ ],
"previewImagesFileNames": [ "VisualizationDemoBlack.png","VisualizationDemoWhite.png" ],
"version": "1.0",
"title": "Visualizations Demo",
"templateRelativePath": "VisualizationDemo.json",
"subtitle": "",
"provider": "Azure Sentinel Community"
},
{
"workbookKey": "SophosXGFirewallWorkbook",
"logoFileName": "sophos_logo.svg",
"description": "Gain insight into Sophos XG Firewall by analyzing, collecting and correlating firewall data.\nThis workbook provides visibility into network traffic",
"dataTypesDependencies": ["Syslog"],
"dataConnectorsDependencies": [ "SophosXGFirewall" ],
"previewImagesFileNames": [ "SophosXGFirewallWhite.png", "SophosXGFirewallBlack.png" ],
"version": "1.0",
"title": "Sophos XG Firewall",
"templateRelativePath": "SophosXGFirewall.json",
"subtitle": "",
"provider": "Sophos",
"featureFlag": "SophosXGFirewallConnector"
},
{
"workbookKey": "OktaSingleSignOnWorkbook",
"logoFileName": "okta_logo.svg",
"description": "Gain extensive insight into Okta Single Sign-On (SSO) by analyzing, collecting and correlating Audit and Event events.\nThis workbook provides visibility into message and click events that were permitted, delivered, or blocked",
"dataTypesDependencies": [ "Okta_CL" ],
"dataConnectorsDependencies": [ "OktaSSO" ],
"previewImagesFileNames": [ "OktaSingleSignOnWhite.png", "OktaSingleSignOnBlack.png" ],
"version": "1.0",
"title": "Okta Single Sign-On",
"templateRelativePath": "OktaSingleSignOn.json",
"subtitle": "",
"provider": "Okta"
},
{
"workbookKey": "SysmonThreatHuntingWorkbook",
"logoFileName": "",
"description": "Simplify your threat hunts using Sysmon data mapped to MITRE ATT&CK data. This workbook gives you the ability to drilldown into system activity based on known ATT&CK techniques as well as other threat hunting entry points such as user activity, network connections or virtual machine Sysmon events.\nPlease note that for this workbook to work you must have deployed Sysmon on your virtual machines in line with the instructions at https://github.com/BlueTeamLabs/sentinel-attack/wiki/Onboarding-sysmon-data-to-Azure-Sentinel",
"dataTypesDependencies": ["Event"],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "SysmonThreatHuntingWhite1.png", "SysmonThreatHuntingBlack1.png"],
"version": "1.4",
"title": "Sysmon Threat Hunting",
"templateRelativePath": "SysmonThreatHunting.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "WebApplicationFirewallWAFTypeEventsWorkbook",
"logoFileName": "webapplicationfirewall(WAF)_logo.svg",
"description": "Gain insights into your organization's Azure web application firewall (WAF) across various services such as Azure Front Door Service and Application Gateway. You can view event triggers, full messages, attacks over time, among other data. Several aspects of the workbook are interactable to allow users to further understand their data",
"dataTypesDependencies": [ "AzureDiagnostics" ],
"dataConnectorsDependencies": [ "WAF" ],
"previewImagesFileNames": [ "WAFFirewallWAFTypeEventsBlack1.PNG", "WAFFirewallWAFTypeEventsBlack2.PNG", "WAFFirewallWAFTypeEventsBlack3.PNG", "WAFFirewallWAFTypeEventsBlack4.PNG", "WAFFirewallWAFTypeEventsWhite1.png", "WAFFirewallWAFTypeEventsWhite2.PNG", "WAFFirewallWAFTypeEventsWhite3.PNG", "WAFFirewallWAFTypeEventsWhite4.PNG"],
"version": "1.0",
"title": "Microsoft Web Application Firewall (WAF) - Azure WAF",
"templateRelativePath": "WebApplicationFirewallWAFTypeEvents.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "OrcaAlertsOverviewWorkbook",
"logoFileName": "Orca_logo.svg",
"description": "A visualized overview of Orca security alerts.\nExplore, analize and learn about your security posture using Orca alerts Overview",
"dataTypesDependencies": [ "OrcaAlerts_CL" ],
"dataConnectorsDependencies": [ "OrcaSecurityAlerts" ],
"previewImagesFileNames": [ "OrcaAlertsWhite.png", "OrcaAlertsBlack.png" ],
"version": "1.1",
"title": "Orca alerts overview",
"templateRelativePath": "OrcaAlerts.json",
"subtitle": "",
"provider": "Orca Security"
},
{
"workbookKey": "CyberArkWorkbook",
"logoFileName": "CyberArk_Logo.svg",
"description": "The CyberArk Syslog connector allows you to easily connect all your CyberArk security solution logs with your Azure Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between CyberArk and Azure Sentinel makes use of the CEF Data Connector to properly parse and display CyberArk Syslog messages.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "CyberArk" ],
"previewImagesFileNames": [ "CyberArkActivitiesWhite.PNG", "CyberArkActivitiesBlack.PNG" ],
"version": "1.1",
"title": "CyberArk EPV Events",
"templateRelativePath": "CyberArkEPV.json",
"subtitle": "",
"provider": "CyberArk"
},
{
"workbookKey": "UserEntityBehaviorAnalyticsWorkbook",
"logoFileName": "Azure_Sentinel.svg",
"description": "Identify compromised users and insider threats using User and Entity Behavior Analytics. Gain insights into anomalous user behavior from baselines learned from behavior patterns",
"dataTypesDependencies": [ "BehaviorAnalytics" ],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "UserEntityBehaviorAnalyticsBlack1.png", "UserEntityBehaviorAnalyticsWhite1.png" ],
"version": "1.1",
"title": "User And Entity Behavior Analytics",
"templateRelativePath": "UserEntityBehaviorAnalytics.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "CitrixWAF",
"logoFileName": "citrix_logo.svg",
"description": "Gain insight into the Citrix WAF logs",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "CitrixWAF" ],
"previewImagesFileNames": [ "CitrixWAFBlack.png", "CitrixWAFWhite.png" ],
"version": "1.0",
"title": "Citrix WAF (Web App Firewall)",
"templateRelativePath": "CitrixWAF.json",
"subtitle": "",
"provider": "Citrix Systems Inc."
},
{
"workbookKey": "NormalizedNetworkEventsWorkbook",
"logoFileName": "Azure_Sentinel.svg",
"description": "See insights on multiple networking appliances and other network sessions, that have been parsed or mapped to the normalized networking sessions table. Note this requires enabling parsers for the different products - to learn more, visit https://aka.ms/sentinelnormalizationdocs",
"dataTypesDependencies": [],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "NormalizedNetworkEventsWhite.png", "NormalizedNetworkEventsBlack.png" ],
"version": "1.0",
"title": "Normalized network events",
"templateRelativePath": "NormalizedNetworkEvents.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "WorkspaceAuditingWorkbook",
"logoFileName": "Azure_Sentinel.svg",
"description": "Workspace auditing report\r\nUse this report to understand query runs across your workspace.",
"dataTypesDependencies": [ "LAQueryLogs" ],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "WorkspaceAuditingWhite.png", "WorkspaceAuditingBlack.png" ],
"version": "1.0",
"title": "Workspace audit",
"templateRelativePath": "WorkspaceAuditing.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "MITREATTACKWorkbook",
"logoFileName": "Azure_Sentinel.svg",
"description": "Workbook to showcase MITRE ATT&CK Coverage for Azure Sentinel",
"dataTypesDependencies": [],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "MITREATTACKWhite1.PNG", "MITREATTACKWhite2.PNG", "MITREATTACKBlack1.PNG", "MITREATTACKBlack2.PNG" ],
"version": "1.0",
"title": "MITRE ATT&CK Workbook",
"templateRelativePath": "MITREAttack.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "BETTERMTDWorkbook",
"logoFileName": "BETTER_MTD_logo.svg",
"description": "Workbook using the BETTER Mobile Threat Defense (MTD) connector, to give insights into your mobile devices, installed application and overall device security posture.",
"dataTypesDependencies": [ "BetterMTDDeviceLog_CL", "BetterMTDAppLog_CL", "BetterMTDIncidentLog_CL", "BetterMTDNetflowLog_CL"],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "BetterMTDWorkbookPreviewWhite1.png", "BetterMTDWorkbookPreviewWhite2.png", "BetterMTDWorkbookPreviewWhite3.png", "BetterMTDWorkbookPreviewBlack1.png", "BetterMTDWorkbookPreviewBlack2.png", "BetterMTDWorkbookPreviewBlack3.png" ],
"version": "1.0",
"title": "BETTER Mobile Threat Defense (MTD)",
"templateRelativePath": "BETTER_MTD_Workbook.json",
"subtitle": "",
"provider": "BETTER Mobile"
},
{
"workbookKey": "AlsidIoEWorkbook",
"logoFileName": "Alsid.svg",
"description": "Workbook showcasing the state and evolution of your Alsid for AD Indicators of Exposures alerts.",
"dataTypesDependencies": [ "AlsidForADLog_CL" ],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "AlsidIoEBlack1.png", "AlsidIoEBlack2.png", "AlsidIoEBlack3.png", "AlsidIoEWhite1.png", "AlsidIoEWhite2.png", "AlsidIoEWhite3.png" ],
"version": "1.0",
"title": "Alsid for AD | Indicators of Exposure",
"templateRelativePath": "AlsidIoE.json",
"subtitle": "",
"provider": "Alsid"
},
{
"workbookKey": "InvestigationInsightsWorkbook",
"logoFileName": "Microsoft_logo.svg",
"description": "Help analysts gain insight into incident, bookmark and entity data through the Investigation Insights Workbook. This workbook provides common queries and detailed visualizations to help an analyst investigate suspicious activities quickly with an easy to use interface. Analysts can start their investigation from a Sentinel incident, bookmark, or by simply entering the entity data into the workbook manually.",
"dataTypesDependencies": [ "AuditLogs", "AzureActivity", "CommonSecurityLog", "OfficeActivity", "SecurityEvent", "SigninLogs", "ThreatIntelligenceIndicator" ],
"dataConnectorsDependencies": [ "AzureActivity", "SecurityEvents", "Office365", "AzureActiveDirectory", "ThreatIntelligence", "ThreatIntelligenceTaxii" ],
"previewImagesFileNames": [ "InvestigationInsightsWhite1.png", "InvestigationInsightsBlack1.png", "InvestigationInsightsWhite2.png", "InvestigationInsightsBlack2.png" ],
"version": "1.3",
"title": "Investigation Insights",
"templateRelativePath": "InvestigationInsights.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "AksSecurityWorkbook",
"logoFileName": "Kubernetes_services.svg",
"description": "See insights about the security of your AKS clusters. The workbook helps to identify sensitive operations in the clusters and get insights based on Azure Defender alerts.",
"dataTypesDependencies": [ "SecurityAlert", "AzureDiagnostics" ],
"dataConnectorsDependencies": [ "AzureSecurityCenter","AzureKubernetes"],
"previewImagesFileNames": [ "AksSecurityWhite.png", "AksSecurityBlack.png" ],
"version": "1.2",
"title": "Azure Kubernetes Service (AKS) Security",
"templateRelativePath": "AksSecurity.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "AzureKeyVaultWorkbook",
"logoFileName": "KeyVault.svg",
"description": "See insights about the security of your Azure key vaults. The workbook helps to identify sensitive operations in the key vaults and get insights based on Azure Defender alerts.",
"dataTypesDependencies": [ "SecurityAlert", "AzureDiagnostics" ],
"dataConnectorsDependencies": [ "AzureSecurityCenter", "AzureKeyVault"],
"previewImagesFileNames": [ "AkvSecurityWhite.png", "AkvSecurityBlack.png" ],
"version": "1.1",
"title": "Azure Key Vault Security",
"templateRelativePath": "AzureKeyVaultWorkbook.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "IncidentOverview",
"logoFileName": "Azure_Sentinel.svg",
"description": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n",
"dataTypesDependencies": ["SecurityAlert", "SecurityIncident"],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "IncidentOverviewBlack1.png", "IncidentOverviewWhite1.png", "IncidentOverviewBlack2.png", "IncidentOverviewWhite2.png" ],
"version": "1.4",
"title": "Incident overview",
"templateRelativePath": "IncidentOverview.json",
"subtitle": "",
"provider": "Microsoft",
"featureFlag": "IncidentsMetrics"
},
{
"workbookKey": "SecurityOperationsEfficiency",
"logoFileName": "Azure_Sentinel.svg",
"description": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency.",
"dataTypesDependencies": ["SecurityAlert", "SecurityIncident"],
"dataConnectorsDependencies": [],
"previewImagesFileNames": ["SecurityEfficiencyWhite1.png", "SecurityEfficiencyWhite2.png", "SecurityEfficiencyBlack1.png", "SecurityEfficiencyBlack2.png"],
"version": "1.5",
"title": "Security Operations Efficiency",
"templateRelativePath": "SecurityOperationsEfficiency.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "DataCollectionHealthMonitoring",
"logoFileName": "Azure_Sentinel.svg",
"description": "Gain insights into your workspace's data ingestion status. In this workbook, you can view additional monitors and detect anomalies that will help you determine your workspaces data collection health.",
"dataTypesDependencies": [],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "HealthMonitoringWhite1.png", "HealthMonitoringWhite2.png", "HealthMonitoringWhite3.png", "HealthMonitoringBlack1.png", "HealthMonitoringBlack2.png", "HealthMonitoringBlack3.png" ],
"version": "1.0",
"title": "Data collection health monitoring",
"templateRelativePath": "DataCollectionHealthMonitoring.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "OnapsisAlarmsWorkbook",
"logoFileName": "onapsis_logo.svg",
"description": "Gain insights into what is going on in your SAP Systems with this overview of the alarms triggered in the Onapsis Platform. Incidents are enriched with context and next steps to help your Security team respond effectively.",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "OnapsisPlatform" ],
"previewImagesFileNames": [ "OnapsisWhite1.PNG", "OnapsisBlack1.PNG", "OnapsisWhite2.PNG", "OnapsisBlack2.PNG" ],
"version": "1.0",
"title": "Onapsis Alarms Overview",
"templateRelativePath": "OnapsisAlarmsOverview.json",
"subtitle": "",
"provider": "Onapsis"
},
{
"workbookKey": "ThycoticWorkbook",
"logoFileName": "ThycoticLogo.svg",
"description": "The Thycotic Secret Server Syslog connector",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "ThycoticSecretServer_CEF" ],
"previewImagesFileNames": ["ThycoticWorkbookWhite.PNG", "ThycoticWorkbookBlack.PNG"],
"version": "1.0",
"title": "Thycotic Secret Server Workbook",
"templateRelativePath": "ThycoticWorkbook.json",
"subtitle": "",
"provider": "Thycotic"
},
{
"workbookKey": "ForcepointCloudSecurityGatewayWorkbook",
"logoFileName": "Forcepoint_new_logo.svg",
"description": "Use this report to understand query runs across your workspace.",
"dataTypesDependencies": ["CommonSecurityLog"],
"dataConnectorsDependencies": ["ForcepointCSG"],
"previewImagesFileNames": ["ForcepointCloudSecurityGatewayWhite.png","ForcepointCloudSecurityGatewayBlack.png"],
"version": "1.0",
"title": "Forcepoint Cloud Security Gateway Workbook",
"templateRelativePath": "ForcepointCloudSecuirtyGatewayworkbook.json",
"subtitle": "",
"provider": "Forcepoint"
},
{
"workbookKey": "IntsightsIOCWorkbook",
"logoFileName": "IntSights_logo.svg",
"description": "",
"dataTypesDependencies": [ "ThreatIntelligenceIndicator", "SecurityAlert" ],
"dataConnectorsDependencies": [ "ThreatIntelligenceTaxii" ],
"previewImagesFileNames": [ "IntsightsIOCWhite.png", "IntsightsMatchedWhite.png", "IntsightsMatchedBlack.png", "IntsightsIOCBlack.png"],
"version": "2.0",
"title": "IntSights IOC Workbook",
"templateRelativePath": "IntsightsIOCWorkbook.json",
"subtitle": "",
"provider": "IntSights Cyber Intelligence"
},
{
"workbookKey": "DarktraceSummaryWorkbook",
"logoFileName": "Darktrace.svg",
"description": "A workbook containing relevant KQL queries to help you visualise the data in model breaches from the Darktrace Connector",
"dataTypesDependencies": [ "CommonSecurityLog" ],
"dataConnectorsDependencies": [ "DarktraceDarktrace" ],
"previewImagesFileNames": [ "AIA-DarktraceSummaryWhite.png", "AIA-DarktraceSummaryBlack.png" ],
"version": "1.1",
"title": "AI Analyst Darktrace Model Breach Summary",
"templateRelativePath": "AIA-Darktrace.json",
"subtitle": "",
"provider": "Darktrace"
},
{
"workbookKey": "TrendMicroXDR",
"logoFileName": "trendmicro_logo.svg",
"description": "Gain insights from Trend Micro XDR with this overview of the Alerts triggered.",
"dataTypesDependencies": [ "TrendMicro_XDR_CL" ],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "TrendMicroXDROverviewWhite.png", "TrendMicroXDROverviewBlack.png" ],
"version": "1.0",
"title": "Trend Micro XDR Alert Overview",
"templateRelativePath": "TrendMicroXDROverview.json",
"subtitle": "",
"provider": "Trend Micro"
},
{
"workbookKey": "CyberpionOverviewWorkbook",
"logoFileName": "cyberpion_logo.svg",
"description": "Use Cyberpion's Security Logs and this workbook, to get an overview of your online assets, gain insights into their current state, and find ways to better secure your ecosystem.",
"dataTypesDependencies": [ "CyberpionActionItems_CL" ],
"dataConnectorsDependencies": [ "CyberpionSecurityLogs" ],
"previewImagesFileNames": [ "CyberpionActionItemsBlack.png", "CyberpionActionItemsWhite.png" ],
"version": "1.0",
"title": "Cyberpion Overview",
"templateRelativePath": "CyberpionOverviewWorkbook.json",
"subtitle": "",
"provider": "Cyberpion"
},
{
"workbookKey": "SolarWindsPostCompromiseHuntingWorkbook",
"logoFileName": "MSTIC-Logo.svg",
"description": "This hunting workbook is intended to help identify activity related to the Solorigate compromise and subsequent attacks discovered in December 2020",
"dataTypesDependencies": [ "CommonSecurityLog", "SigninLogs", "AuditLogs", "AADServicePrincipalSignInLogs", "OfficeActivity", "BehaviorAnalytics", "SecurityEvent", "DeviceProcessEvents", "SecurityAlert", "DnsEvents"],
"dataConnectorsDependencies": [ "AzureActiveDirectory", "SecurityEvents", "Office365", "MicrosoftThreatProtection", "DNS"],
"previewImagesFileNames": [ "SolarWindsPostCompromiseHuntingWhite.png", "SolarWindsPostCompromiseHuntingBlack.png" ],
"version": "1.5",
"title": "SolarWinds Post Compromise Hunting",
"templateRelativePath": "SolarWindsPostCompromiseHunting.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "ProofpointPODWorkbook",
"logoFileName": "proofpointlogo.svg",
"description": "Gain insights into your Proofpoint on Demand Email Security activities, including maillog and messages data. The Workbook provides users with an executive dashboard showing the reporting capabilities, message traceability and monitoring.",
"dataTypesDependencies": [ "ProofpointPOD_maillog_CL", "ProofpointPOD_message_CL" ],
"dataConnectorsDependencies": [ "ProofpointPOD" ],
"previewImagesFileNames": [ "ProofpointPODMainBlack1.png", "ProofpointPODMainBlack2.png", "ProofpointPODMainWhite1.png", "ProofpointPODMainWhite2.png", "ProofpointPODMessageSummaryBlack.png", "ProofpointPODMessageSummaryWhite.png", "ProofpointPODTLSBlack.png", "ProofpointPODTLSWhite.png" ],
"version": "1.0",
"title": "Proofpoint On-Demand Email Security",
"templateRelativePath": "ProofpointPOD.json",
"subtitle": "",
"provider": "Proofpoint"
},
{
"workbookKey": "CiscoUmbrellaWorkbook",
"logoFileName": "cisco_logo.svg",
"description": "Gain insights into Cisco Umbrella activities, including the DNS, Proxy and Cloud Firewall data. Workbook shows general information along with threat landscape including categories, blocked destinations and URLs.",
"dataTypesDependencies": [ "Cisco_Umbrella_dns_CL", "Cisco_Umbrella_proxy_CL", "Cisco_Umbrella_ip_CL", "Cisco_Umbrella_cloudfirewall_CL" ],
"dataConnectorsDependencies": [ "CiscoUbrella" ],
"previewImagesFileNames": [ "CiscoUmbrellaDNSBlack1.png", "CiscoUmbrellaDNSBlack2.png", "CiscoUmbrellaDNSWhite1.png", "CiscoUmbrellaDNSWhite2.png", "CiscoUmbrellaFirewallBlack.png", "CiscoUmbrellaFirewallWhite.png", "CiscoUmbrellaMainBlack1.png", "CiscoUmbrellaMainBlack2.png", "CiscoUmbrellaMainWhite1.png", "CiscoUmbrellaMainWhite2.png", "CiscoUmbrellaProxyBlack1.png", "CiscoUmbrellaProxyBlack2.png", "CiscoUmbrellaProxyWhite1.png", "CiscoUmbrellaProxyWhite2.png" ],
"version": "1.0",
"title": "Cisco Umbrella",
"templateRelativePath": "CiscoUmbrella.json",
"subtitle": "",
"provider": "Cisco"
},
{
"workbookKey": "CybersecurityMaturityModelCertification(CMMC)Workbook",
"logoFileName": "Azure_Sentinel.svg",
"description": "The Azure Sentinel CMMC Workbook provides a mechanism for viewing log queries aligned to CMMC controls across the Microsoft portfolio including Microsoft security offerings, Office 365, Teams, Intune, Windows Virtual Desktop and many more. This workbook enables Security Architects, Engineers, SecOps Analysts, Managers, and IT Pros to gain situational awareness visibility for the security posture of cloud workloads. There are also recommendations for selecting, designing, deploying, and configuring Microsoft offerings for alignment with respective CMMC requirements and practices.",
"dataTypesDependencies": [ "AuditLogs", "AzureActivity", "AzureDiagnostics", "AzureNetworkAnalytics_CL", "BehaviorAnalytics", "Event", "InformationProtectionLogs_CL", "LAQueryLogs", "OfficeActivity", "ProtectionStatus", "SecureScoreControls", "SecurityAlert", "SecurityBaseline", "SecurityBaselineSummary", "SecurityEvent", "SecurityIncident", "SecurityRecommendation", "SigninLogs", "ThreatIntelligenceIndicator", "Usage", "UserAccessAnalytics" ],
"dataConnectorsDependencies": [ "AzureActiveDirectory", "AzureActivity", "DDoS", "AzureFirewall", "AzureInformationProtection", "AzureSecurityCenter", "DNS", "MicrosoftCloudAppSecurity", "MicrosoftThreatProtection", "Office365", "SecurityEvents", "Syslog", "ThreatIntelligence", "ThreatIntelligenceTaxii", "WindowsFirewall", "WAF" ],
"previewImagesFileNames": [ "CybersecurityMaturityModelCertification(CMMC)Black1.PNG", "CybersecurityMaturityModelCertification(CMMC)White1.PNG" ],
"version": "1.1",
"title": "Cybersecurity Maturity Model Certification (CMMC)",
"templateRelativePath": "CybersecurityMaturityModelCertification(CMMC).json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "AnalyticsEfficiencyWorkbook",
"logoFileName": "Azure_Sentinel.svg",
"description": "Gain insights into the efficacy of your analytics rules. In this workbook you can analyze and monitor the analytics rules found in your workspace to achieve better performance by your SOC.",
"dataTypesDependencies": ["SecurityAlert", "SecurityIncident"],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "AnalyticsEfficiencyBlack.png", "AnalyticsEfficiencyWhite.png" ],
"version": "1.1",
"title": "Analytics Efficiency",
"templateRelativePath": "AnalyticsEfficiency.json",
"subtitle": "",
"provider": "Microsoft"
},
{
"workbookKey": "WorkspaceUsage",
"logoFileName": "Azure_Sentinel.svg",
"description": "Gain insights into your workspace's usage. In this workbook, you can view your workspaces data consumption, latency, recommended tasks and Cost and Usage statistics.",
"dataTypesDependencies": [],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "WorkspaceUsageBlack.png", "WorkspaceUsageWhite.png"],
"version": "1.0",
"title": "Workspace Usage Report",
"templateRelativePath": "WorkspaceUsage.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "SentinelCentral",
"logoFileName": "Azure_Sentinel.svg",
"description": "Use this report to view Incident (and Alert data) across many workspaces, this works with Azure Lighthouse and across any subscription you have access to.",
"dataTypesDependencies": [],
"dataConnectorsDependencies": [],
"previewImagesFileNames": [ "SentinelCentralBlack.png", "SentinelCentralWhite.png"],
"version": "1.0",
"title": "Sentinel Central",
"templateRelativePath": "SentinelCentral.json",
"subtitle": "",
"provider": "Azure Sentinel community"
},
{
"workbookKey": "CognniIncidentsWorkbook",
"logoFileName": "cognni-logo.svg",
"description": "Gain intelligent insights into the risks to your important financial, legal, HR, and governance information. This workbook lets you monitor your at-risk information to determine when and why incidents occurred, as well as who was involved. These incidents are broken into high, medium, and low risk incidents for each information category.",
"dataTypesDependencies": ["CognniIncidents_CL"],
"dataConnectorsDependencies": ["CognniSentinelDataConnector"],
"previewImagesFileNames": [ "CognniBlack.PNG", "CognniWhite.PNG"],
"version": "1.0",
"title": "Cognni Important Information Incidents",
"templateRelativePath": "CognniIncidentsWorkbook.json",
"subtitle": "",
"provider": "Cognni"
},
{
"workbookKey": "pfsense",
"logoFileName": "pfsense_logo.svg",
"description": "Gain insights into pfsense logs from both filterlog and nginx.",
"dataTypesDependencies": ["CommonSecurityLog"],
"dataConnectorsDependencies": ["pfsense"],
"previewImagesFileNames": [ "pfsenseBlack.png", "pfsenseWhite.png"],
"version": "1.0",
"title": "pfsense",
"templateRelativePath": "pfsense.json",
"subtitle": "",
"provider": "Azure Sentinel community"
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку