Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Dashboards/Azure_Active_Directory.json

1628 строки
55 KiB
JSON
Исходник Ответственный История

Этот файл содержит невидимые символы Юникода!

Этот файл содержит невидимые символы Юникода, которые могут быть отображены не так, как показано ниже. Если это намеренно, можете спокойно проигнорировать это предупреждение. Используйте кнопку Экранировать, чтобы показать скрытые символы.

{
"name": "AzureActiveDirectoryDashboard_{Workspace_Name}",
"type": "Microsoft.Portal/dashboards",
"location": "{Dashboard_Location}",
"tags": {
"dashboardKey": "AzureActiveDirectoryDashboard",
"hidden-title": "Azure Active Directory - {Workspace_Name}",
"version": "1.2",
"workspaceName": "{Workspace_Name}"
},
"properties": {
"lenses": {
"0": {
"order": 0,
"parts": {
"0": {
"position": {
"x": 1,
"y": 0,
"colSpan": 17,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Overview</div>",
"title": "",
"subtitle": ""
}
}
}
}
},
"1": {
"position": {
"x": 19,
"y": 0,
"colSpan": 7,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>User activity</div>",
"title": "",
"subtitle": ""
}
}
}
}
},
"2": {
"position": {
"x": 0,
"y": 1,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top AzureActiveDirectory operations \nOfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| summarize count() by Operation \n| order by count_ \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "Operation",
"type": "String"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "e5af5953-8c1e-436a-ae56-a76ff225ea07"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Activities, by type",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"3": {
"position": {
"x": 6,
"y": 1,
"colSpan": 12,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//AzureActiveDirectory operations over time\nOfficeActivity\n| where TimeGenerated >= ago(14d)\n| where OfficeWorkload == 'AzureActiveDirectory'\n| summarize Current_Week = countif(TimeGenerated >= ago(7d)), Previous_Week = countif(TimeGenerated < ago(7d)) by Operation\n| extend Per = iff(Current_Week > Previous_Week, toreal(Current_Week) / Previous_Week, toreal(Previous_Week) / Current_Week)\n| extend sign = iff(Current_Week > Previous_Week, '+', '-')\n| extend Percentage = iff(Current_Week != 0 and Previous_Week != 0 and Previous_Week != Current_Week, strcat(sign, extract(@'(\\d*(\\.\\d{1,2}|$))', 1, tostring((Per -1 )*100)), '%'), 'No Percentage - 0')\n| project Operation, Previous_Week, Current_Week, Percentage\n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "4ee3fbd9-18e7-402f-a1df-d7ef71a7b74a"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"isOptional": true
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Activities, by week",
"PartSubTitle": "Per week"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"4": {
"position": {
"x": 19,
"y": 1,
"colSpan": 7,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//AzureActiveDirectory operations over time\nOfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| summarize Events = count() by bin_at(TimeGenerated, 1d, now()) \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "Events",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "3e977483-2bd7-4c13-a17b-ac02b5886bbc"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Activities over time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"5": {
"position": {
"x": 0,
"y": 5,
"colSpan": 18,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Additions, updates, deletions</div>",
"title": "",
"subtitle": ""
}
}
}
}
},
"6": {
"position": {
"x": 19,
"y": 5,
"colSpan": 7,
"rowSpan": 5
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//AzureActiveDirectory operations over time\nOfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| summarize Number = count() by UserId\n| top 10 by Number\n| project User_ID = UserId, Number\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "c6004e80-d6bb-475d-aba9-bd817d97de00"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 10 active users",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"7": {
"position": {
"x": 0,
"y": 6,
"colSpan": 18,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "OfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| summarize additions = countif(Operation contains 'add'), updates = countif(Operation contains 'Update'), deletions = countif(Operation contains 'Delete') by bin_at(TimeGenerated, 1d, now())"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "deletions",
"type": "Int64"
},
{
"name": "additions",
"type": "Int64"
},
{
"name": "updates",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "d95e9c41-ab8b-44e5-931e-3511521bafcd"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Additions, updates, and deletions",
"PartSubTitle": "Over the past week"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"8": {
"position": {
"x": 0,
"y": 10,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| where Operation contains 'add' \n| summarize count() by Operation, bin_at(TimeGenerated, 1h, now()) \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [
{
"name": "Operation",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "412f8581-42fe-4c76-850c-9aec4004d2b4"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "GroupedBar"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Add activities, by type",
"PartSubTitle": "Over time"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"9": {
"position": {
"x": 6,
"y": 10,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| where Operation contains 'update' \n| summarize count() by Operation, bin_at(TimeGenerated, 1h, now()) \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [
{
"name": "Operation",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "02bfb13a-3fa6-4cb0-ae06-80af5dd6ab54"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "GroupedBar"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Update activities, by type",
"PartSubTitle": "Over time"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"10": {
"position": {
"x": 12,
"y": 10,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| where Operation contains 'delete' \n| summarize count() by Operation, bin_at(TimeGenerated, 1h, now()) \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [
{
"name": "Operation",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "4a895dc8-34f0-4c73-b5bc-f9eed7449253"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "GroupedBar"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Delete activities, by type",
"PartSubTitle": "Over time"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"11": {
"position": {
"x": 19,
"y": 10,
"colSpan": 7,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Activity by User type \nOfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| summarize count() by UserType\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "UserType",
"type": "String"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "905469fc-2a41-4637-ba34-84feb358bca7"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Activity, by user type",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"12": {
"position": {
"x": 0,
"y": 14,
"colSpan": 18,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>User, groups</div>",
"title": "",
"subtitle": ""
}
}
}
}
},
"13": {
"position": {
"x": 19,
"y": 14,
"colSpan": 7,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>User logons</div>",
"title": "",
"subtitle": ""
}
}
}
}
},
"14": {
"position": {
"x": 0,
"y": 15,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| where Operation contains 'user' \n| summarize count() by Operation \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "Operation",
"type": "String"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "77d6ebe2-5afc-4f1a-9592-d7bca00a63e7"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "User activities, by type",
"PartSubTitle": " ",
"Query": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation contains 'user' and Operation != 'UserLoggedIn'\n| summarize count() by Operation\n"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"15": {
"position": {
"x": 6,
"y": 15,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "OfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation contains 'user' and Operation != 'UserLoggedIn'\n| top 10 by TimeGenerated desc\n| project Operation, UserId , ResultStatus\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "879f26ca-215c-4624-b50e-ac49916c4b8a"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "User activities",
"PartSubTitle": "Last 10"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"16": {
"position": {
"x": 12,
"y": 15,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation == 'Add user.'\n| project TimeGenerated, User_Name=todynamic(AADTarget)[0].ID\n| summarize by tostring(User_Name), TimeGenerated\n| limit 10\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "bc8f871e-fa66-4fb3-8eb4-b94096c200c6"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "New users",
"PartSubTitle": "Last 10"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"17": {
"position": {
"x": 19,
"y": 15,
"colSpan": 7,
"rowSpan": 3
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "OfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation == 'UserLoggedIn'\n| summarize Logons = count() by ResultStatus, bin_at(TimeGenerated, 1h, now())"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "Logons",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "fc6b0018-e776-429e-91dc-2cff0721eab9"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "User logons",
"PartSubTitle": "Failed and succeeded"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"18": {
"position": {
"x": 19,
"y": 18,
"colSpan": 7,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Failed activities</div>",
"title": "",
"subtitle": ""
}
}
}
}
},
"19": {
"position": {
"x": 0,
"y": 19,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| where Operation contains 'group' \n| summarize count() by Operation"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "Operation",
"type": "String"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "17896e4c-0872-41d4-bbad-f8bc61fb9cb1"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Group activities, by type",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"20": {
"position": {
"x": 6,
"y": 19,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "OfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation contains 'group'\n| top 10 by TimeGenerated desc\n| project Operation, UserId , ResultStatus\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "82bb1da4-fc89-4c3f-b356-05315803f703"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Group activities",
"PartSubTitle": "Last 10"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"21": {
"position": {
"x": 12,
"y": 19,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation == 'Add group.'\n| project Group_Name=todynamic(AADTarget)[0].ID, TimeGenerated\n| sort by TimeGenerated\n| limit 10"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "5b5d670e-188c-40e1-aa17-bbbea21e86e6"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "New groups",
"PartSubTitle": "Last 10"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"22": {
"position": {
"x": 19,
"y": 19,
"colSpan": 7,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Failed operations by operation\nOfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| where ResultStatus == 'Failure'\n| summarize count() by Operation, bin_at(TimeGenerated, 1h, now())\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [
{
"name": "Operation",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "db0b2916-3d18-46eb-8f8b-a9a2139c46e7"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": ""
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Failed activities, by type",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"23": {
"position": {
"x": 0,
"y": 0,
"colSpan": 1,
"rowSpan": 1
},
"metadata": {
"inputs": [
{
"name": "subscriptionId",
"value": "{Subscription_Id}"
},
{
"name": "resourceGroup",
"value": "{Resource_Group}"
},
{
"name": "workspaceName",
"value": "{Workspace_Name}"
},
{
"name": "dashboardName",
"value": "AzureActiveDirectoryDashboard"
},
{
"name": "menuItemToOpen",
"value": "Dashboards"
}
],
"type": "Extension/Microsoft_Azure_Security_Insights/PartType/AsiOverviewPart",
"defaultMenuItemId": "0"
}
}
}
}
}
}
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку