Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Workbooks/VisualizationDemo.json

528 строки
17 KiB
JSON
Исходник Ответственный История

{
"version": "Notebook/1.0",
"items": [
{
"type": 11,
"content": {
"version": "LinkItem/1.0",
"style": "tabs",
"links": [
{
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Text, Grids, Tiles",
"subTarget": "Text",
"preText": "",
"style": "link"
},
{
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Charts and Graphs",
"subTarget": "Charts",
"style": "link"
},
{
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Time Brushing",
"subTarget": "TB",
"style": "link"
},
{
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Dynamic Content",
"subTarget": "DC",
"style": "link"
},
{
"cellValue": "Tab",
"linkTarget": "parameter",
"linkLabel": "Personalization",
"subTarget": "Personalization",
"style": "link"
}
]
},
"name": "links - 1"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 1,
"content": {
"json": "This is an example of text being put in a workbook. This workbook shows different types of visualizations that can be achieved in Sentinel workbooks."
},
"name": "text - 0"
},
{
"type": 9,
"content": {
"version": "KqlParameterItem/1.0",
"parameters": [
{
"id": "a39e8bae-dd20-4c06-85ca-83cea33a1fa2",
"version": "KqlParameterItem/1.0",
"name": "TimeParameter",
"label": "Time Parameter",
"type": 4,
"isRequired": true,
"value": {
"durationMs": 86400000
},
"typeSettings": {
"selectableValues": [
{
"durationMs": 300000
},
{
"durationMs": 900000
},
{
"durationMs": 1800000
},
{
"durationMs": 3600000
},
{
"durationMs": 14400000
},
{
"durationMs": 43200000
},
{
"durationMs": 86400000
},
{
"durationMs": 172800000
},
{
"durationMs": 259200000
},
{
"durationMs": 604800000
},
{
"durationMs": 1209600000
},
{
"durationMs": 2419200000
},
{
"durationMs": 2592000000
},
{
"durationMs": 5184000000
},
{
"durationMs": 7776000000
}
]
},
"resourceType": "microsoft.insights/components"
}
],
"style": "pills",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"name": "parameters - 1"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityAlert\r\n| take 20",
"size": 0,
"timeContext": {
"durationMs": 0
},
"timeContextFromParameter": "TimeParameter",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"name": "query - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "Usage\r\n| summarize count() by DataType\r\n| sort by count_ desc",
"size": 0,
"timeContext": {
"durationMs": 0
},
"timeContextFromParameter": "TimeParameter",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "tiles",
"tileSettings": {
"showBorder": false,
"titleContent": {
"columnMatch": "DataType",
"formatter": 1
},
"leftContent": {
"columnMatch": "count_",
"formatter": 12,
"formatOptions": {
"palette": "auto"
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
}
},
"name": "query - 3"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "Text"
},
"name": "TGT"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityAlert\r\n| where TimeGenerated >= ago(90d)\r\n| summarize count() by ProductName, bin(TimeGenerated,1d)",
"size": 0,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "categoricalbar"
},
"name": "query - 0"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityAlert\r\n| where TimeGenerated >= ago(90d)\r\n| summarize count() by ProductName, bin(TimeGenerated,1d)",
"size": 0,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart"
},
"customWidth": "33",
"name": "query - 4"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityAlert\r\n| where TimeGenerated >= ago(90d)\r\n| summarize count() by ProductName, bin(TimeGenerated,1d)",
"size": 0,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "linechart"
},
"customWidth": "66",
"name": "query - 5"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityAlert\r\n| where TimeGenerated >= ago(90d)\r\n| summarize count() by ProductName",
"size": 0,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "graph",
"graphSettings": {
"type": 2,
"topContent": {
"columnMatch": "ProductName",
"formatter": 1,
"formatOptions": {
"showIcon": true
}
},
"centerContent": {
"columnMatch": "count_",
"formatter": 1,
"formatOptions": {
"showIcon": true
},
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
},
"hivesContent": {
"columnMatch": "ProductName",
"formatter": 1,
"formatOptions": {
"showIcon": true
}
},
"nodeIdField": "ProductName",
"nodeSize": null,
"staticNodeSize": 100,
"colorSettings": {
"nodeColorField": "ProductName",
"type": 1,
"colorPalette": "pastel"
},
"groupByField": "ProductName",
"hivesMargin": 5
}
},
"name": "query - 3"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "Charts"
},
"name": "Charts"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityAlert\r\n| where TimeGenerated >= ago(90d)\r\n| summarize count() by ProductName, bin(TimeGenerated,1d)",
"size": 0,
"title": "Time Brushing Example",
"timeBrushParameterName": "TimeBrush",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "timechart"
},
"name": "query - 0"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityAlert\r\n",
"size": 0,
"timeContext": {
"durationMs": 0
},
"timeContextFromParameter": "TimeBrush",
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"name": "query - 1"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "TB"
},
"name": "TB"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityAlert\r\n| extend Resource = ResourceId\r\n| summarize count() by Resource\r\n| sort by count_ desc\r\n",
"size": 0,
"title": "Machines with Alerts",
"timeContext": {
"durationMs": 2592000000
},
"exportMultipleValues": true,
"exportedParameters": [
{
"fieldName": "Resource",
"parameterName": "Resource"
}
],
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"gridSettings": {
"filter": true
}
},
"customWidth": "25",
"name": "query - 0"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "let Resource_ = dynamic({Resource});\r\nSecurityAlert\r\n| where ResourceId contains tostring(Resource_)\r\n| project TimeGenerated, Resource_, AlertName, AlertSeverity, ProductName\r\n",
"size": 0,
"title": "Alerts per Resource",
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"customWidth": "75",
"conditionalVisibility": {
"parameterName": "Resource",
"comparison": "isNotEqualTo"
},
"name": "query - 6"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "DC"
},
"name": "DC"
},
{
"type": 12,
"content": {
"version": "NotebookGroup/1.0",
"groupType": "editable",
"items": [
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityRecommendation\r\n| where RecommendationState contains 'unhealthy'\r\n| extend Link = strcat('http://', RecommendationLink)\r\n| project AssessedResourceId, RecommendationName, RecommendationState, RecommendationSeverity, Link",
"size": 0,
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces"
},
"name": "query - 1"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "SecurityRecommendation\r\n| where RecommendationState contains 'unhealthy'\r\n| extend Link = strcat('http://', RecommendationLink)\r\n| project AssessedResourceId, RecommendationName, RecommendationState, RecommendationSeverity, Link",
"size": 0,
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"gridSettings": {
"formatters": [
{
"columnMatch": "RecommendationSeverity",
"formatter": 18,
"formatOptions": {
"thresholdsOptions": "colors",
"thresholdsGrid": [
{
"operator": "==",
"thresholdValue": "High",
"representation": "redBright",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Medium",
"representation": "yellow",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Low",
"representation": "blue",
"text": "{0}{1}"
},
{
"operator": "==",
"thresholdValue": "Informational",
"representation": "gray",
"text": "{0}{1}"
},
{
"operator": "Default",
"thresholdValue": null,
"representation": "blue",
"text": "{0}{1}"
}
]
}
},
{
"columnMatch": "Link",
"formatter": 7,
"formatOptions": {
"linkTarget": "GenericDetails",
"linkIsContextBlade": true
}
}
],
"labelSettings": [
{
"columnId": "AssessedResourceId",
"label": "Resource"
},
{
"columnId": "RecommendationName",
"label": "Recommendation"
},
{
"columnId": "RecommendationState",
"label": "Status"
},
{
"columnId": "RecommendationSeverity",
"label": "Severity"
},
{
"columnId": "Link"
}
]
}
},
"name": "query - 5"
}
]
},
"conditionalVisibility": {
"parameterName": "Tab",
"comparison": "isEqualTo",
"value": "Personalization"
},
"name": "Personalization"
}
],
"styleSettings": {},
"fromTemplateId": "sentinel-VisualizationDemo",
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку