2199 строки
74 KiB
JSON
2199 строки
74 KiB
JSON
{
|
|
"name": "AmazonWebServicesNetworkActivities-{Workspace_Name}",
|
|
"type": "Microsoft.Portal/dashboards",
|
|
"location": "{Dashboard_Location}",
|
|
"tags": {
|
|
"dashboardKey": "AmazonWebServicesNetworkActivities",
|
|
"hidden-title": "Amazon Web Services Network Activities - {Workspace_Name}",
|
|
"version": "1.1",
|
|
"workspaceName": "{Workspace_Name}"
|
|
},
|
|
"properties": {
|
|
"lenses": {
|
|
"0": {
|
|
"order": 0,
|
|
"parts": {
|
|
"0": {
|
|
"position": {
|
|
"x": 1,
|
|
"y": 0,
|
|
"colSpan": 24,
|
|
"rowSpan": 1
|
|
},
|
|
"metadata": {
|
|
"inputs": [],
|
|
"type": "Extension/HubsExtension/PartType/MarkdownPart",
|
|
"settings": {
|
|
"content": {
|
|
"settings": {
|
|
"content": "<div style=\"font-size:300%;\">AWS network activities</div>",
|
|
"title": "",
|
|
"subtitle": ""
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"1": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 1,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\r\n| summarize count() by AWSRegion, TimeGenerated\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "AWSRegion",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AmazonWebServicesNetworkActivities_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "03d63029-7b60-4fc0-9069-fa4fffdeb54c"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Activities, by region",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"2": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 1,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\r\n| extend internalEvent = iff(isempty(VpcEndpointId), \"External\", \"Internal\")\r\n| summarize count() by internalEvent, TimeGenerated\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "internalEvent",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AmazonWebServicesNetworkActivities_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "a4790bb3-7034-4549-afda-c48fffc24c09"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Bar"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Internal, and external events",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"3": {
|
|
"position": {
|
|
"x": 20,
|
|
"y": 1,
|
|
"colSpan": 5,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\r\n| summarize NumberOfEvents = count() by UserIdentityAccountId\r\n| where UserIdentityAccountId != \"\"\r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AmazonWebServicesNetworkActivities_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "429389b1-1258-4d39-aae3-8c470bc9fa9c"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Active account IDs",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"4": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 5,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName contains \"securitygroup\"\n| summarize count() by EventName, TimeGenerated\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "EventName",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/47b51dbc-d870-45fc-bec7-0a93dd24b47e"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "a1cf52b0-de06-4bcc-9506-c88ec42c9741"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Security group activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"5": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 5,
|
|
"colSpan": 15,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName in (\"ApplySecurityGroupsToClientVpnTargetNetwork\",\n\"AuthorizeSecurityGroupEgress\",\n\"AuthorizeSecurityGroupIngress\",\n\"CreateSecurityGroup\",\n\"DeleteSecurityGroup\",\n\"RevokeSecurityGroupEgress\",\n\"RevokeSecurityGroupIngress\",\n\"UpdateSecurityGroupRuleDescriptionsEgress\",\n\"UpdateSecurityGroupRuleDescriptionsIngress\")\n| project TimeGenerated, EventName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SourceIpAddress, AWSRegion\n| sort by TimeGenerated desc nulls last "
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/47b51dbc-d870-45fc-bec7-0a93dd24b47e"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "bdb92b67-27a8-41a9-99cb-aa6e07b147fc"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Security group activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"6": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 9,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName contains \"networkacl\"\n| summarize count() by EventName, TimeGenerated\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "EventName",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/47b51dbc-d870-45fc-bec7-0a93dd24b47e"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "f3583ea8-3383-4dce-bbef-19f5c4ab8871"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Network ACL activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"7": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 9,
|
|
"colSpan": 15,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| project TimeGenerated, EventName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SessionMfaAuthenticated, SourceIpAddress, AWSRegion\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/47b51dbc-d870-45fc-bec7-0a93dd24b47e"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "e2b6419f-5d1d-485a-a245-35d2658f81ac"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Network ACL activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"8": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 13,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName contains \"loadbalancer\"\n| summarize count() by EventName, TimeGenerated\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "EventName",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/47b51dbc-d870-45fc-bec7-0a93dd24b47e"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "b92f4ebd-77f8-4798-bfc4-a0ae37c20a9e"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Elastic load balancer activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"9": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 13,
|
|
"colSpan": 15,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName == \"AuthorizeSecurityGroupEgress\"\n or EventName == \"AuthorizeSecurityGroupIngress\"\n or EventName == \"RevokeSecurityGroupEgress\"\n or EventName == \"RevokeSecurityGroupIngress\"\n| project TimeGenerated, EventName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SourceIpAddress, AWSRegion\n| sort by TimeGenerated desc nulls last \n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/47b51dbc-d870-45fc-bec7-0a93dd24b47e"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "86daf77e-0c13-4f45-91f5-3a0a1b35fd1b"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Elastic load balancer activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"10": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 17,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName contains \"gateway\"\n| summarize count() by EventName, TimeGenerated\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "EventName",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/47b51dbc-d870-45fc-bec7-0a93dd24b47e"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "4899b9e1-42c4-4eb0-99c4-80872b9b9b86"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Gateway activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"11": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 17,
|
|
"colSpan": 15,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| take 10\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/326f7ab8-68d9-4b43-bda3-25006a34d0d2"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "ca43ce61-d448-4ce0-9768-81dd77cd7380"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Gateway activities",
|
|
"PartSubTitle": " ",
|
|
"Query": "AWSCloudTrail\n| where EventName in (\"AcceptTransitGatewayVpcAttachment\",\n\"AssociateTransitGatewayRouteTable\",\n\"AttachInternetGateway\",\n\"AttachVpnGateway\",\n\"CreateCustomerGateway\",\n\"CreateEgressOnlyInternetGateway\",\n\"CreateInternetGateway\",\n\"CreateNatGateway\",\n\"CreateTransitGateway\",\n\"CreateTransitGatewayRoute\",\n\"CreateTransitGatewayRouteTable\",\n\"CreateTransitGatewayVpcAttachment\",\n\"CreateVpnGateway\",\n\"DeleteCustomerGateway\",\n\"DeleteEgressOnlyInternetGateway\",\n\"DeleteInternetGateway\",\n\"DeleteNatGateway\",\n\"DeleteTransitGateway\",\n\"DeleteTransitGatewayRoute\",\n\"DeleteTransitGatewayRouteTable\",\n\"DeleteTransitGatewayVpcAttachment\",\n\"DeleteVpnGateway\",\n\"DetachInternetGateway\",\n\"DetachVpnGateway\",\n\"DisableTransitGatewayRouteTablePropagation\",\n\"DisassociateTransitGatewayRouteTable\",\n\"EnableTransitGatewayRouteTablePropagation\",\n\"ExportTransitGatewayRoutes\",\n\"GetTransitGatewayAttachmentPropagations\",\n\"GetTransitGatewayRouteTableAssociations\",\n\"GetTransitGatewayRouteTablePropagations\",\n\"ModifyTransitGatewayVpcAttachment\",\n\"RejectTransitGatewayVpcAttachment\",\n\"ReplaceTransitGatewayRoute\",\n\"SearchTransitGatewayRoutes\")\n| project TimeGenerated, EventName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SourceIpAddress, AWSRegion\n| sort by TimeGenerated desc nulls last"
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"12": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 21,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| take 100\n| summarize count() by EventName, TimeGenerated \n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "EventName",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/326f7ab8-68d9-4b43-bda3-25006a34d0d2"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "fb59bbc5-9930-44b1-b559-84c1a09ea27f"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Route activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"13": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 21,
|
|
"colSpan": 15,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName in (\"AssociateRouteTable\",\n\"AssociateTransitGatewayRouteTable\",\n\"CreateClientVpnRoute\",\n\"CreateRoute\",\n\"CreateRouteTable\",\n\"CreateTransitGatewayRoute\",\n\"CreateTransitGatewayRouteTable\",\n\"CreateVpnConnectionRoute\",\n\"DeleteClientVpnRoute\",\n\"DeleteRoute\",\n\"DeleteRouteTable\",\n\"DeleteTransitGatewayRoute\",\n\"DeleteTransitGatewayRouteTable\",\n\"DeleteVpnConnectionRoute\",\n\"DisableTransitGatewayRouteTablePropagation\",\n\"DisableVgwRoutePropagation\",\n\"DisassociateRouteTable\",\n\"DisassociateTransitGatewayRouteTable\",\n\"EnableTransitGatewayRouteTablePropagation\",\n\"EnableVgwRoutePropagation\",\n\"ExportTransitGatewayRoutes\",\n\"GetTransitGatewayRouteTableAssociations\",\n\"GetTransitGatewayRouteTablePropagations\",\n\"ReplaceRoute\",\n\"ReplaceRouteTableAssociation\",\n\"ReplaceTransitGatewayRoute\",\n\"SearchTransitGatewayRoutes\")\n| project TimeGenerated, EventName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SourceIpAddress, AWSRegion\n| sort by TimeGenerated desc nulls last"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/326f7ab8-68d9-4b43-bda3-25006a34d0d2"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "cb1ac9d7-0576-47fd-a7ab-6b00c559482b"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Route activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"14": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 25,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| take 100\n| summarize count() by EventName, TimeGenerated \n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "EventName",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/326f7ab8-68d9-4b43-bda3-25006a34d0d2"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "00a58d4c-c374-405b-948f-17aee21b6719"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "VPC activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"15": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 25,
|
|
"colSpan": 15,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName in (\"AcceptTransitGatewayVpcAttachment\",\n\"AcceptVpcEndpointConnections\",\n\"AcceptVpcPeeringConnection\",\n\"AssociateVpcCidrBlock\",\n\"AttachClassicLinkVpc\",\n\"CreateDefaultVpc\",\n\"CreateTransitGatewayVpcAttachment\",\n\"CreateVpc\",\n\"CreateVpcEndpoint\",\n\"CreateVpcEndpointConnectionNotification\",\n\"CreateVpcEndpointServiceConfiguration\",\n\"CreateVpcPeeringConnection\",\n\"DeleteTransitGatewayVpcAttachment\",\n\"DeleteVpc\",\n\"DeleteVpcEndpointConnectionNotifications\",\n\"DeleteVpcEndpoints\",\n\"DeleteVpcEndpointServiceConfigurations\",\n\"DeleteVpcPeeringConnection\",\n\"DetachClassicLinkVpc\",\n\"DisableVpcClassicLink\",\n\"DisableVpcClassicLinkDnsSupport\",\n\"DisassociateVpcCidrBlock\",\n\"EnableVpcClassicLink\",\n\"EnableVpcClassicLinkDnsSupport\",\n\"ModifyTransitGatewayVpcAttachment\",\n\"ModifyVpcAttribute\",\n\"ModifyVpcEndpoint\",\n\"ModifyVpcEndpointConnectionNotification\",\n\"ModifyVpcEndpointServiceConfiguration\",\n\"ModifyVpcEndpointServicePermissions\",\n\"ModifyVpcPeeringConnectionOptions\",\n\"ModifyVpcTenancy\",\n\"MoveAddressToVpc\",\n\"RejectTransitGatewayVpcAttachment\",\n\"RejectVpcEndpointConnections\",\n\"RejectVpcPeeringConnection\")\n| project TimeGenerated, EventName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SourceIpAddress, AWSRegion\n| sort by TimeGenerated desc nulls last"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/326f7ab8-68d9-4b43-bda3-25006a34d0d2"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "281b6a04-9106-4c41-b2e7-80959f56dfaa"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "VPC activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"16": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 29,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName contains \"subnet\"\n| summarize count() by EventName, TimeGenerated\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "EventName",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/47b51dbc-d870-45fc-bec7-0a93dd24b47e"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "be7b5348-49a5-479e-8e63-403169ba1ac7"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Subnet activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"17": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 29,
|
|
"colSpan": 15,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| project TimeGenerated, EventName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SourceIpAddress, AWSRegion\n| sort by TimeGenerated desc nulls last\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/326f7ab8-68d9-4b43-bda3-25006a34d0d2"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "a9edfb81-a957-4783-898b-fad74326463d"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Subnet activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"18": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 33,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName contains \"network\"\n| summarize count() by EventName, TimeGenerated\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "EventName",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/47b51dbc-d870-45fc-bec7-0a93dd24b47e"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "4d0423a4-f2d3-4e51-9df5-52d856aec09c"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Network interface activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"19": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 33,
|
|
"colSpan": 15,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| project TimeGenerated, EventName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SourceIpAddress, AWSRegion\n| sort by TimeGenerated desc nulls last\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/326f7ab8-68d9-4b43-bda3-25006a34d0d2"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "6ec7e4cf-fe7e-422a-910f-74f75fb93db0"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Network interface activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"20": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 37,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| take 100\n| summarize count() by EventName, TimeGenerated \n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "EventName",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/326f7ab8-68d9-4b43-bda3-25006a34d0d2"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "23ad2978-9823-4996-9f9f-6aedf6ca891e"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Connection activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"21": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 37,
|
|
"colSpan": 15,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| project TimeGenerated, EventName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SourceIpAddress, AWSRegion\n| sort by TimeGenerated desc nulls last\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/326f7ab8-68d9-4b43-bda3-25006a34d0d2"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "a5e64a57-e436-41e7-a885-0bb4bd49bb58"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Connection activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"22": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 41,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName contains \"dns\" or EventName contains \"domainname\"\n| summarize count() by EventName, TimeGenerated\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "EventName",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/47b51dbc-d870-45fc-bec7-0a93dd24b47e"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "393de054-c228-4284-9a27-c0e7b85ad9e5"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "DNS activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"23": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 41,
|
|
"colSpan": 15,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| project TimeGenerated, EventName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SourceIpAddress, AWSRegion\n| sort by TimeGenerated desc nulls last\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/326f7ab8-68d9-4b43-bda3-25006a34d0d2"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "c99821ae-13b8-4da0-a37f-6fbb63e5a2e3"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "DNS activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"24": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 45,
|
|
"colSpan": 10,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| where EventName contains \"flowlog\"\n| summarize count() by EventName, TimeGenerated\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "EventName",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/47b51dbc-d870-45fc-bec7-0a93dd24b47e"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "273e6850-886d-4439-8615-5fc445a44f9e"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Flowlog activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"25": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 45,
|
|
"colSpan": 15,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}"
|
|
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "AWSCloudTrail\n| project TimeGenerated, EventName, UserIdentityAccountId, UserIdentityPrincipalid, UserAgent, UserIdentityUserName, SourceIpAddress, AWSRegion\n| sort by TimeGenerated desc nulls last\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/rg-tccc-prod-ops-mgmt/providers/Microsoft.Portal/dashboards/326f7ab8-68d9-4b43-bda3-25006a34d0d2"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "8e7cbb96-dbbd-4369-a24d-a9c91fb2008c"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": " "
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "ws-tccc-use2-0001"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Flowlog activities",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"26": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 0,
|
|
"colSpan": 1,
|
|
"rowSpan": 1
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "subscriptionId",
|
|
"value": "{Subscription_Id}"
|
|
},
|
|
{
|
|
"name": "resourceGroup",
|
|
"value": "{Resource_Group}"
|
|
},
|
|
{
|
|
"name": "workspaceName",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "dashboardName",
|
|
"value": "AmazonWebServicesNetworkActivities"
|
|
},
|
|
{
|
|
"name": "menuItemToOpen",
|
|
"value": "Dashboards"
|
|
}
|
|
],
|
|
"type": "Extension/Microsoft_Azure_Security_Insights/PartType/AsiOverviewPart",
|
|
"defaultMenuItemId": "0"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|