Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Dashboards/Azure_Information_Protectio...

461 строка
17 KiB
JSON
Исходник Ответственный История

Этот файл содержит невидимые символы Юникода!

Этот файл содержит невидимые символы Юникода, которые могут быть отображены не так, как показано ниже. Если это намеренно, можете спокойно проигнорировать это предупреждение. Используйте кнопку Экранировать, чтобы показать скрытые символы.

{
"name": "AIPUsageReport-{Workspace_Name}",
"type": "Microsoft.Portal/dashboards",
"location": "{Dashboard_Location}",
"tags": {
"dashboardKey": "AIPUsageReport",
"hidden-title": "Azure Information Protection usage report - {Workspace_Name}",
"version": "1.0",
"workspaceName": "{Workspace_Name}"
},
"properties": {
"lenses": {
"0": {
"order": 0,
"parts": {
"0": {
"position": {
"x": 1,
"y": 0,
"colSpan": 11,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Azure Information Protection - Usage report</div>\n\n",
"title": "",
"subtitle": ""
}
}
}
}
},
"1": {
"position": {
"x": 12,
"y": 0,
"colSpan": 2,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style=\"max-width: 40px\">\n<svg viewBox=\"0 0 212 250\" class=\"\" role=\"presentation\" focusable=\"false\" xmlns:svg=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" id=\"FxSymbol0-03e\" width=\"100%\" height=\"100%\"><g><title></title><path d=\"M129.979.04c33.738 1.193 60.724 28.925 60.724 62.962v36.786h1.806c10.497 0 19.007 8.506 19.007 19.005v112.202c0 10.496-8.501 19.005-19.007 19.005H19.491C8.994 250 .484 241.494.484 230.995V118.793c0-10.496 8.501-19.005 19.007-19.005h1.806V63.002c0-34.036 26.995-61.769 60.725-62.962h47.957zM61.157 99.788h90.932V57.831c0-13.812-11.192-25.008-24.998-25.008H86.155c-13.802 0-24.998 11.197-24.998 25.008v41.957zm22.017 74.71l39.824-15.287c3.695 3.467 8.598 5.579 13.979 5.579 11.495 0 20.813-9.64 20.813-21.531 0-11.891-9.318-21.53-20.813-21.53-10.188 0-18.666 7.573-20.462 17.574l-65.044 24.968a10.445 10.445 0 0 0-6.505 7.7c-1.505 5.166 1.177 10.709 6.294 12.673l65.148 25.008c1.536 10.323 10.16 18.227 20.569 18.227 11.495 0 20.813-9.639 20.813-21.53 0-11.891-9.318-21.531-20.813-21.531-5.154 0-9.871 1.938-13.506 5.149l-40.297-15.469z\" fill=\"#58b4d9\"></path></g></svg></div>",
"title": "",
"subtitle": ""
}
}
}
}
},
"2": {
"position": {
"x": 0,
"y": 1,
"colSpan": 7,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourceGroups/{Resource_Group}/providers/Microsoft.OperationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "let minTime = toscalar(InformationProtectionEvents | where isnotempty(MachineName) | summarize min(Time));\nlet dates = range [\"date\"] from bin(minTime, 1d) to now() step 1d;\nInformationProtectionEvents\n| where isnotempty(MachineName)\n| summarize labels=countif(isnotempty(ItemPath) and Activity in (\"NewLabel\", \"UpgradeLabel\", \"DowngradeLabel\", \"RemoveProtection\", \"NewProtection\", \"ChangeProtection\") and isnotempty(LabelId)), protected=countif(isnotempty(ItemPath) and Activity in (\"NewLabel\", \"UpgradeLabel\", \"DowngradeLabel\", \"RemoveProtection\", \"NewProtection\", \"ChangeProtection\") and IsProtected) by bin(Time, 1d)\n| join kind= rightouter (\n dates\n)\non $left.Time == $right.[\"date\"]\n| project [\"date\"], Labels = coalesce(labels, 0), [\"Protected Labels\"] = coalesce(protected, 0)\n| render timechart\n"
},
{
"name": "TimeRange",
"value": "P7D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "date",
"type": "DateTime"
},
"yAxis": [
{
"name": "Labels",
"type": "Int64"
},
{
"name": "Protected Labels",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/8b4a4a24-6c67-4d3f-ba09-4af23489d450"
},
{
"name": "PartId",
"value": "c8ea89d0-16e7-4361-ba0f-309e9bbbae75"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Label and protect activity",
"PartSubTitle": ""
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"3": {
"position": {
"x": 7,
"y": 1,
"colSpan": 7,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourceGroups/{Resource_Group}/providers/Microsoft.OperationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "let minTime = toscalar(InformationProtectionEvents | where isnotempty(MachineName) | summarize min(Time));\nlet dates = range [\"date\"] from bin(minTime, 1d) to now() step 1d;\nInformationProtectionEvents\n| where isnotempty(MachineName)\n| summarize users=dcount(User), devices = dcount(MachineName) by bin(Time, 1d)\n| join kind= rightouter\n(\n dates\n)\non $left.Time == $right.[\"date\"]\n| project [\"date\"], users = coalesce(users, 0), devices = coalesce(devices, 0)\n| render timechart\n"
},
{
"name": "TimeRange",
"value": "P7D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "date",
"type": "DateTime"
},
"yAxis": [
{
"name": "users",
"type": "Int64"
},
{
"name": "devices",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/8b4a4a24-6c67-4d3f-ba09-4af23489d450"
},
{
"name": "PartId",
"value": "300f9881-f32a-4582-ade5-1226c70e6dfd"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Users and devices",
"PartSubTitle": ""
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"4": {
"position": {
"x": 0,
"y": 5,
"colSpan": 7,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourceGroups/{Resource_Group}/providers/Microsoft.OperationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "InformationProtectionEvents\n| where isnotempty(LabelId)\n| where isnotempty(ItemPath)\n| where Activity in (\"NewLabel\", \"UpgradeLabel\", \"DowngradeLabel\", \"RemoveProtection\", \"NewProtection\", \"ChangeProtection\")\n| summarize value=count() by LabelName\n| order by value\n| render piechart\n"
},
{
"name": "TimeRange",
"value": "P30D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "LabelName",
"type": "String"
},
"yAxis": [
{
"name": "value",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/8b4a4a24-6c67-4d3f-ba09-4af23489d450"
},
{
"name": "PartId",
"value": "2d159aaf-f02c-42cf-91c2-04566e6dd41d"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Labels",
"PartSubTitle": ""
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"5": {
"position": {
"x": 7,
"y": 5,
"colSpan": 7,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourceGroups/{Resource_Group}/providers/Microsoft.OperationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "InformationProtectionEvents\n| where isnotempty(LabelId)\n| where isnotempty(ItemPath)\n| where Activity in (\"NewLabel\", \"UpgradeLabel\", \"DowngradeLabel\", \"RemoveProtection\", \"NewProtection\", \"ChangeProtection\")\n| summarize value=count() by ApplicationName\n| order by value\n| render piechart\n"
},
{
"name": "TimeRange",
"value": "P30D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "ApplicationName",
"type": "String"
},
"yAxis": [
{
"name": "value",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureInformationPtotectionUsage_{Workspace_Name}"
},
{
"name": "PartId",
"value": "cd7abf90-a2bc-4135-8a43-db8ff92c6a78"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Labels by application",
"PartSubTitle": ""
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"6": {
"position": {
"x": 0,
"y": 0,
"colSpan": 1,
"rowSpan": 1
},
"metadata": {
"inputs": [
{
"name": "subscriptionId",
"value": "{Subscription_Id}"
},
{
"name": "resourceGroup",
"value": "{Resource_Group}"
},
{
"name": "workspaceName",
"value": "{Workspace_Name}"
},
{
"name": "dashboardName",
"value": "AIPUsage"
},
{
"name": "menuItemToOpen",
"value": "Dashboards"
}
],
"type": "Extension/Microsoft_Azure_Security_Insights/PartType/AsiOverviewPart",
"defaultMenuItemId": "0"
}
}
}
}
}
}
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку