189 строки
7.0 KiB
JSON
189 строки
7.0 KiB
JSON
{
|
|
"version": "Notebook/1.0",
|
|
"items": [
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "## GitHub - Security\n"
|
|
},
|
|
"name": "text - 2"
|
|
},
|
|
{
|
|
"type": 9,
|
|
"content": {
|
|
"version": "KqlParameterItem/1.0",
|
|
"parameters": [
|
|
{
|
|
"id": "a9923eb9-9a02-4a48-bb72-e9be338eeb3b",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "TimeRange",
|
|
"type": 4,
|
|
"value": {
|
|
"durationMs": 1209600000
|
|
},
|
|
"typeSettings": {
|
|
"selectableValues": [
|
|
{
|
|
"durationMs": 300000
|
|
},
|
|
{
|
|
"durationMs": 900000
|
|
},
|
|
{
|
|
"durationMs": 1800000
|
|
},
|
|
{
|
|
"durationMs": 3600000
|
|
},
|
|
{
|
|
"durationMs": 14400000
|
|
},
|
|
{
|
|
"durationMs": 43200000
|
|
},
|
|
{
|
|
"durationMs": 86400000
|
|
},
|
|
{
|
|
"durationMs": 172800000
|
|
},
|
|
{
|
|
"durationMs": 259200000
|
|
},
|
|
{
|
|
"durationMs": 604800000
|
|
},
|
|
{
|
|
"durationMs": 1209600000
|
|
},
|
|
{
|
|
"durationMs": 2419200000
|
|
},
|
|
{
|
|
"durationMs": 2592000000
|
|
},
|
|
{
|
|
"durationMs": 5184000000
|
|
},
|
|
{
|
|
"durationMs": 7776000000
|
|
}
|
|
]
|
|
},
|
|
"resourceType": "microsoft.insights/components"
|
|
}
|
|
],
|
|
"style": "pills",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"name": "parameters - 2"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "GitHub_CL\n| extend TimeGenerated = node_createdAt_t\n| where node_action_s == \"org.add_member\" or node_action_s == \"org.remove_member\"\n| extend MemberName = node_userLogin_s\n| extend Action = iif(node_action_s==\"org.add_member\", \"Added\", \"Removed\")\n| extend Organization = node_organizationName_s\n| extend Permission = node_permission_s\n| sort by TimeGenerated desc\n| project MemberName, Action, Organization, Permission\n",
|
|
"size": 1,
|
|
"title": "Members Added or Removed",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "membersaddedorremoved"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "GitHub_CL\r\n| extend TimeGenerated = node_createdAt_t\r\n| where node_action_s == \"repo.create\"\r\n| extend RepoName = node_repositoryName_s\r\n| extend Actor = node_actorLogin_s\r\n| extend Private = node_visibility_s\r\n| sort by TimeGenerated desc\r\n| project RepoName, Actor, Private\r\n",
|
|
"size": 0,
|
|
"title": "Repositories Created",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "repositoriescreated"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "GitHub_CL\r\n| extend TimeGenerated = node_createdAt_t\r\n| where node_action_s == \"team.add_repository\" or node_action_s == \"team.remove_repository\"\r\n| extend Organization = node_organizationName_s\r\n| extend RepoName = node_repositoryName_s\r\n| extend TeamName = node_teamName_s\r\n| extend Action = iif(node_action_s==\"team.add_repository\", \"Added\", \"Removed\")\r\n| sort by TimeGenerated desc\r\n| project Organization, RepoName, TeamName, Action\r\n",
|
|
"size": 0,
|
|
"title": "Teams Added/Removed Repository",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "teamsaddedremovedtorepository"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "GitHub_CL\r\n| extend TimeGenerated = node_createdAt_t\r\n| where node_action_s == \"repo.access\" and node_operationType_s == \"MODIFY\" and node_visibility_s == \"PUBLIC\"\r\n| extend Organiation = node_organizationName_s\r\n| extend Repo = node_repositoryName_s\r\n| extend Actor = node_actorLogin_s\r\n| sort by TimeGenerated desc\r\n| project Organiation, Repo, Actor\r\n",
|
|
"size": 0,
|
|
"title": "Private Repos made Public",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "privatereposmadepublic"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "GitHubRepoLogs_CL\r\n| extend TimeGenerated = created_at_t\r\n| where LogType_s == \"Forks\"\r\n| summarize count() by bin(TimeGenerated, 1d), name_s",
|
|
"size": 0,
|
|
"title": "Fork Count by Repoistory over Time",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "barchart"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 6"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "GitHubRepoLogs_CL\r\n| where LogType_s == \"Clones\"\r\n| extend TimeGenerated = timestamp_t\r\n| summarize count() by bin(TimeGenerated, 1d), Repository_s",
|
|
"size": 0,
|
|
"title": "Clone count by Repository Over Time",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "TimeRange",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "barchart"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 7"
|
|
}
|
|
],
|
|
"fromTemplateId": "sentinel-GitHubSecurity",
|
|
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
|
|
} |