Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Workbooks/ZimperiumWorkbooks.json

178 строки
4.8 KiB
JSON
Исходник Ответственный История

Этот файл содержит невидимые символы Юникода!

Этот файл содержит невидимые символы Юникода, которые могут быть отображены не так, как показано ниже. Если это намеренно, можете спокойно проигнорировать это предупреждение. Используйте кнопку Экранировать, чтобы показать скрытые символы.

{
"version": "Notebook/1.0",
"items": [
{
"type": 1,
"content": {
"json": "### Threats by Platform (last 30 days)\n"
},
"name": "text - 2"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "union withsource=ZimperiumThreatLog_CL *\n| where TimeGenerated >= startofweek(ago(30d)) and device_os_s != \"\" and tolower(device_os_s) != \"\"\n| summarize Count=count() by  tolower(device_os_s)\n| render piechart\n",
"size": 0,
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "piechart",
"graphSettings": {
"type": 0,
"topContent": {
"columnMatch": "Column1",
"formatter": 1
},
"centerContent": {
"columnMatch": "Count",
"formatter": 1,
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
},
"chartSettings": {
"seriesLabelSettings": [
{
"seriesName": "",
"color": "blue"
},
{
"seriesName": "ios",
"label": "iOS",
"color": "orange"
},
{
"seriesName": "android",
"label": "Android",
"color": "blue"
},
{
"color": "lightBlue"
}
]
}
},
"name": "Threats by Platform"
},
{
"type": 1,
"content": {
"json": "### Threats by Attack Vector (last 30 days)"
},
"name": "text - 4"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "union withsource=ZimperiumThreatLog_CL *\n| project threat_vector_s , TimeGenerated\n| where TimeGenerated >= startofweek(ago(30d)) and tolower(threat_vector_s) != \"\"\n| summarize Count=count() by tolower(threat_vector_s)\n| render piechart",
"size": 0,
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"chartSettings": {
"seriesLabelSettings": [
{
"seriesName": "device",
"label": "Device",
"color": "green"
},
{
"seriesName": "network",
"label": "Network",
"color": "yellow"
},
{
"seriesName": "malware",
"label": "Apps",
"color": "magenta"
}
]
}
},
"name": "Threats by Attack Vector"
},
{
"type": 1,
"content": {
"json": "### Top 10 Threat Types (last 30 days)"
},
"name": "text - 5"
},
{
"type": 3,
"content": {
"version": "KqlItem/1.0",
"query": "ZimperiumThreatLog_CL \n| summarize threat_count = count() by threat_name_s \n| sort by threat_count desc\n| limit 10\n",
"size": 0,
"aggregation": 2,
"timeContext": {
"durationMs": 2592000000
},
"queryType": 0,
"resourceType": "microsoft.operationalinsights/workspaces",
"visualization": "categoricalbar",
"gridSettings": {
"formatters": [
{
"columnMatch": "threat_count",
"formatter": 0,
"formatOptions": {
"showIcon": true,
"aggregation": "Count"
}
},
{
"columnMatch": "threat_name_s",
"formatter": 0,
"formatOptions": {
"showIcon": true
}
},
{
"columnMatch": "-- Group By --",
"formatter": 0,
"formatOptions": {
"showIcon": true
}
}
]
},
"graphSettings": {
"type": 0,
"topContent": {
"columnMatch": "threat_name_s",
"formatter": 1
},
"centerContent": {
"columnMatch": "count_",
"formatter": 1,
"numberFormat": {
"unit": 17,
"options": {
"maximumSignificantDigits": 3,
"maximumFractionDigits": 2
}
}
}
}
},
"name": "Top 10 Threats "
}
],
"styleSettings": {
"progressStyle": "loader",
"paddingStyle": "none",
"spacingStyle": "none"
},
"fromTemplateId": "sentinel-Zimperium",
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку