193 строки
5.6 KiB
JSON
193 строки
5.6 KiB
JSON
{
|
||
"version": "Notebook/1.0",
|
||
"items": [
|
||
{
|
||
"type": 3,
|
||
"content": {
|
||
"version": "KqlItem/1.0",
|
||
"query": "CommonSecurityLog\n| where DeviceVendor == \"Barracuda\"\n| sort by TimeGenerated | summarize count() by DeviceAction ",
|
||
"size": 3,
|
||
"exportToExcelOptions": "visible",
|
||
"title": "Action Summary",
|
||
"queryType": 0,
|
||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||
"visualization": "piechart",
|
||
"chartSettings": {}
|
||
},
|
||
"customWidth": "33",
|
||
"name": "DeviceAction",
|
||
"styleSettings": {
|
||
"margin": "10",
|
||
"showBorder": true
|
||
}
|
||
},
|
||
{
|
||
"type": 3,
|
||
"content": {
|
||
"version": "KqlItem/1.0",
|
||
"query": "CGFWFirewallActivity \n| extend Rule = coalesce(FirewallRule, \"None\")\n| summarize count() by Rule\n| take 10",
|
||
"size": 3,
|
||
"exportToExcelOptions": "visible",
|
||
"title": "Rule Summary",
|
||
"queryType": 0,
|
||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||
"visualization": "piechart",
|
||
"chartSettings": {
|
||
"seriesLabelSettings": [
|
||
{
|
||
"seriesName": "None",
|
||
"color": "green"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"customWidth": "33",
|
||
"name": "RuleSummary",
|
||
"styleSettings": {
|
||
"margin": "10",
|
||
"showBorder": true
|
||
}
|
||
},
|
||
{
|
||
"type": 3,
|
||
"content": {
|
||
"version": "KqlItem/1.0",
|
||
"query": "CGFWFirewallActivity \n| extend rule = coalesce(Info, \"None\")\n| summarize count() by rule\n| take 10\n",
|
||
"size": 3,
|
||
"exportToExcelOptions": "visible",
|
||
"title": "Drop Summary",
|
||
"queryType": 0,
|
||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||
"visualization": "piechart",
|
||
"chartSettings": {}
|
||
},
|
||
"customWidth": "33",
|
||
"name": "DropSummary",
|
||
"styleSettings": {
|
||
"margin": "10",
|
||
"showBorder": true
|
||
}
|
||
},
|
||
{
|
||
"type": 1,
|
||
"content": {
|
||
"json": "---"
|
||
},
|
||
"name": "---"
|
||
},
|
||
{
|
||
"type": 3,
|
||
"content": {
|
||
"version": "KqlItem/1.0",
|
||
"query": "union Perf | where InstanceName == \"BNGF\" | where ObjectName == \"Connections_New\"",
|
||
"size": 0,
|
||
"exportToExcelOptions": "visible",
|
||
"title": "New Connections",
|
||
"timeContext": {
|
||
"durationMs": 1800000
|
||
},
|
||
"queryType": 0,
|
||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||
"visualization": "timechart",
|
||
"chartSettings": {
|
||
"seriesLabelSettings": [
|
||
{
|
||
"seriesName": "CounterValue",
|
||
"label": "Connections"
|
||
}
|
||
]
|
||
}
|
||
},
|
||
"customWidth": "45",
|
||
"name": "NewConnections",
|
||
"styleSettings": {
|
||
"margin": "10",
|
||
"showBorder": true
|
||
}
|
||
},
|
||
{
|
||
"type": 3,
|
||
"content": {
|
||
"version": "KqlItem/1.0",
|
||
"query": "CGFWFirewallActivity \n| where isnotempty(Application)\n| summarize count() by Application\n| take 10",
|
||
"size": 0,
|
||
"exportToExcelOptions": "visible",
|
||
"title": "Top 10 Applications",
|
||
"queryType": 0,
|
||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||
"visualization": "barchart",
|
||
"tileSettings": {
|
||
"showBorder": false,
|
||
"titleContent": {
|
||
"columnMatch": "Application",
|
||
"formatter": 1
|
||
},
|
||
"leftContent": {
|
||
"columnMatch": "count_",
|
||
"formatter": 12,
|
||
"formatOptions": {
|
||
"palette": "auto"
|
||
},
|
||
"numberFormat": {
|
||
"unit": 17,
|
||
"options": {
|
||
"maximumSignificantDigits": 3,
|
||
"maximumFractionDigits": 2
|
||
}
|
||
}
|
||
}
|
||
},
|
||
"chartSettings": {}
|
||
},
|
||
"customWidth": "50",
|
||
"name": "TopApplications",
|
||
"styleSettings": {
|
||
"margin": "10",
|
||
"showBorder": true
|
||
}
|
||
},
|
||
{
|
||
"type": 3,
|
||
"content": {
|
||
"version": "KqlItem/1.0",
|
||
"query": "CGFWFirewallActivity\n| extend User = coalesce(User, \"Unauthenticated\") \n| summarize count() by User\n| take 10",
|
||
"size": 3,
|
||
"exportToExcelOptions": "visible",
|
||
"title": "Top 10 Users",
|
||
"queryType": 0,
|
||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||
"visualization": "piechart",
|
||
"chartSettings": {}
|
||
},
|
||
"customWidth": "33",
|
||
"name": "TopUsers",
|
||
"styleSettings": {
|
||
"margin": "10",
|
||
"showBorder": true
|
||
}
|
||
},
|
||
{
|
||
"type": 3,
|
||
"content": {
|
||
"version": "KqlItem/1.0",
|
||
"query": "CGFWFirewallActivity\n| extend Protocol = coalesce(L4Protocol, \"Other\") \n| summarize count() by L4Protocol",
|
||
"size": 3,
|
||
"exportToExcelOptions": "visible",
|
||
"title": "Layer 4 Protocol Summary",
|
||
"queryType": 0,
|
||
"resourceType": "microsoft.operationalinsights/workspaces",
|
||
"visualization": "piechart",
|
||
"chartSettings": {}
|
||
},
|
||
"customWidth": "33",
|
||
"name": "L4Summary",
|
||
"styleSettings": {
|
||
"margin": "10",
|
||
"showBorder": true
|
||
}
|
||
}
|
||
],
|
||
"styleSettings": {},
|
||
"fromTemplateId": "sentinel-Barracuda",
|
||
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
|
||
} |