Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Dashboards/FortiGate.json

3513 строки
130 KiB
JSON
Исходник Ответственный История

Этот файл содержит невидимые символы Юникода!

Этот файл содержит невидимые символы Юникода, которые могут быть отображены не так, как показано ниже. Если это намеренно, можете спокойно проигнорировать это предупреждение. Используйте кнопку Экранировать, чтобы показать скрытые символы.

{
"name": "FortiGateDashboard_{Workspace_Name}",
"type": "Microsoft.Portal/dashboards",
"location": "{Dashboard_Location}",
"tags": {
"dashboardKey": "FortiGateDashboard",
"hidden-title": "FortiGate - {Workspace_Name}",
"version": "1.2",
"workspaceName": "{Workspace_Name}"
},
"properties": {
"lenses": {
"0": {
"order": 0,
"parts": {
"0": {
"position": {
"x": 1,
"y": 0,
"colSpan": 12,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>FortiGate overview</div> ",
"title": "",
"subtitle": " "
}
}
}
}
},
"1": {
"position": {
"x": 13,
"y": 0,
"colSpan": 11,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<img width='500' height='50' src='http://ccsethiopia.com/images/partners/partner6.png'/> \n \n",
"title": "",
"subtitle": " "
}
}
}
}
},
"2": {
"position": {
"x": 0,
"y": 1,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Count by System Events\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| summarize NumberOfEvent=count() by Activity\n| extend Category= extract('(.*):(.*)$',1,Activity)\n| extend B= extract('(.*):(.*$)',2,Activity)\n| extend SubCategory= extract('([a-zA-Z/-]*).*$',1,B)\n| extend SubType= extract('([a-zA-Z/-]*) (.*)$',2,B)\n| where SubCategory contains 'system' and SubType !in ('','perf-stats')\n| project SubType, NumberOfEvent"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "SubType",
"type": "String"
},
"yAxis": [
{
"name": "NumberOfEvent",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "6a77821f-3972-4e6b-a777-4212807107e5"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Summary of system events",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"3": {
"position": {
"x": 6,
"y": 1,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Logs Received By time \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| summarize LogsCount=count() by TimeGenerated \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "LogsCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "a66bdc20-ceff-41c6-a8ba-ba730cc5240b"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Events, by time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"4": {
"position": {
"x": 12,
"y": 1,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Total Traffic Sent vs Received in Mega Bytes \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| summarize SentDataMB = sum(SentBytes)/1048576 , DataRecievedMB =sum(ReceivedBytes)/1048576 by TimeGenerated\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "SentDataMB",
"type": "Int64"
},
{
"name": "DataRecievedMB",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "2c5452b7-f0c1-4553-8938-13721ab8b894"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Data flow volume, by time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"5": {
"position": {
"x": 18,
"y": 1,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Total Forward Traffic Sent vs Received\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| summarize SentDataMB = sumif(SentBytes,Activity contains 'forward' )/1048576 , DataRecievedMB =sumif(ReceivedBytes, Activity contains 'forward')/1048576 by TimeGenerated\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "SentDataMB",
"type": "Int64"
},
{
"name": "DataRecievedMB",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "91b58974-af45-41b0-a768-63f08fd174f5"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Forward data flow volume, by time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"6": {
"position": {
"x": 0,
"y": 5,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//By severity\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| summarize SeverityCount=count() by LogSeverity , TimeGenerated"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "SeverityCount",
"type": "Int64"
}
],
"splitBy": [
{
"name": "LogSeverity",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "5ae22484-b0f6-4736-9668-7d9a60f2c0ce"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Event severity, by time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"7": {
"position": {
"x": 6,
"y": 5,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//System Add Vs Delete Vs Edit Vs Move\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| where Activity contains 'system'\n| where Activity contains 'add' or Activity contains 'delete' or Activity contains 'move' or Activity contains 'edit'\n| summarize EventCount = count() by Activity\n| extend Category= extract('(.*):(.*)$',1,Activity)\n| extend B= extract('(.*):(.*$)',2,Activity)\n| extend SubCategory= extract('([a-zA-Z/-]*).*$',1,B)\n| extend SubType= extract('([a-zA-Z/-]*) (.*)$',2,B)\n| project SubType , EventCount"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "SubType",
"type": "String"
},
"yAxis": [
{
"name": "EventCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "534c3f7a-fbbc-4068-9fe4-a5ef5e714529"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Summary of system events",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"8": {
"position": {
"x": 12,
"y": 5,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Category By time\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| extend Category=extract('(.*?):(.*?)$',1,Activity )\n| summarize CatgoryCount=count() by Category, TimeGenerated"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "CatgoryCount",
"type": "Int64"
}
],
"splitBy": [
{
"name": "Category",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "3ae780b1-a910-4380-a8c0-83a2d72843ad"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Ativities, by time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"9": {
"position": {
"x": 18,
"y": 5,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Total Local Traffic Sent vs Received\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| summarize SentDataMB = sumif(SentBytes,Activity contains 'local' )/1048576 , DataRecievedMB =sumif(ReceivedBytes, Activity contains 'local')/1048576 by TimeGenerated\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "SentDataMB",
"type": "Int64"
},
{
"name": "DataRecievedMB",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "ae0720cb-92b8-418b-ac44-1387285a92c2"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Local data flow volume, by time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"10": {
"position": {
"x": 0,
"y": 9,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Count by Traffic Forward Events\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| summarize NumberOfEvent=count() by Activity\n| extend Category= extract('(.*):(.*)$',1,Activity)\n| extend B= extract('(.*):(.*$)',2,Activity)\n| extend SubCategory= extract('([a-zA-Z/-]*).*$',1,B)\n| extend SubType= extract('([a-zA-Z/-]*) (.*)$',2,B)\n| where SubCategory contains 'forward' and SubType !in ('start','close')\n| project SubType, NumberOfEvent"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "SubType",
"type": "String"
},
"yAxis": [
{
"name": "NumberOfEvent",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "0f001300-65d2-43d3-a060-d24a8d0051db"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Summary of traffic forward events",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"11": {
"position": {
"x": 6,
"y": 9,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//local vs Forwarded log count\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| summarize NumberOfEvent=count() by Activity\n| extend Category= extract('(.*):(.*)$',1,Activity)\n| extend B= extract('(.*):(.*$)',2,Activity)\n| extend SubCategory= extract('([a-zA-Z/-]*).*$',1,B)\n| extend SubType= extract('([a-zA-Z/-]*) (.*)$',2,B)\n| where Category contains 'traffic'\n| project SubCategory , NumberOfEvent\n| summarize Total= sum(NumberOfEvent) by SubCategory"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "SubCategory",
"type": "String"
},
"yAxis": [
{
"name": "Total",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "745f0d7c-2edd-4612-897a-1d0514cf10f7"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Traffic summary",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"12": {
"position": {
"x": 12,
"y": 9,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Forward Traffic by Allow vs Deny\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| where Activity contains 'traffic:forward accept' or Activity contains 'traffic:forward deny'\n| summarize TrafficCount= count() by Activity, TimeGenerated"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "TrafficCount",
"type": "Int64"
}
],
"splitBy": [
{
"name": "Activity",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "b6c5944c-b585-4770-be72-b54205a90336"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Forward traffic, by time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"13": {
"position": {
"x": 0,
"y": 13,
"colSpan": 24,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Web filter</div> ",
"title": "",
"subtitle": ""
}
}
}
}
},
"14": {
"position": {
"x": 0,
"y": 14,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//data upload by category \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where RequestContext != '' \n| where Activity contains 'passthrough' \n| summarize DataSentMB=sum(SentBytes)/1048576 by RequestContext \n| top 5 by DataSentMB desc \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "RequestContext",
"type": "String"
},
"yAxis": [
{
"name": "DataSentMB",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "90cf63b0-4a7b-4502-b4bf-a0fefd051925"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 activities, by data",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"15": {
"position": {
"x": 6,
"y": 14,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 URL Blocked \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'utm:webfilter' \n| extend Url= extract(';FortinetFortiGatehostname=(.*?);',1,AdditionalExtensions) \n| extend Action= extract(';FortinetFortiGateaction=(.*?);',1,AdditionalExtensions) \n| where Action =='blocked' \n| summarize Count= count() by Url \n| top 5 by Count desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "ae1fcd60-e122-4339-a205-c66b0789d272"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 blocked URLs ",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"16": {
"position": {
"x": 12,
"y": 14,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 URL Data Upload \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'passthrough' \n| extend Url= extract(';FortinetFortiGatehostname=(.*?);',1,AdditionalExtensions) \n| summarize DataSent = sum(SentBytes) by Url \n| top 5 by DataSent desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "8909329a-c0f5-4e71-a675-9046af8d218a"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 URLs, by upload data volume",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"17": {
"position": {
"x": 18,
"y": 14,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Count by webfilter\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| summarize NumberOfEvent=count() by Activity\n| extend Category= extract('(.*):(.*)$',1,Activity)\n| extend B= extract('(.*):(.*$)',2,Activity)\n| extend SubCategory= extract('([a-zA-Z/-]*).*$',1,B)\n| extend SubType= extract('([a-zA-Z/-]*) (.*)$',2,B)\n| where SubCategory contains 'webfilter'\n| project SubType, NumberOfEvent\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "SubType",
"type": "String"
},
"yAxis": [
{
"name": "NumberOfEvent",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "0a464921-7cc5-46d0-b66e-db81bb0fa82b"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Web filter summary",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"18": {
"position": {
"x": 0,
"y": 18,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Web Category Blocked \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'utm:webfilter' \n| extend Url= extract(';FortinetFortiGatehostname=(.*?);',1,AdditionalExtensions) \n| extend Action= extract(';FortinetFortiGateaction=(.*?);',1,AdditionalExtensions) \n| where Action =='blocked' \n| where RequestContext != '' \n| summarize Count= count() by RequestContext \n| top 5 by Count desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "e80b49ea-88ca-451d-823d-cf1d778edc22"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 blocked web activities",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"19": {
"position": {
"x": 6,
"y": 18,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Category Data Download \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'passthrough' \n| where RequestContext != '' \n| summarize DataRecievedMB=sum(ReceivedBytes)/1048576 by RequestContext \n| top 5 by DataRecievedMB desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "726d6f87-8731-49f6-98fb-d6f9f57d5895"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 activities, by download data",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"20": {
"position": {
"x": 0,
"y": 22,
"colSpan": 24,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Top 5 IP addresses by data</div> ",
"title": "",
"subtitle": " "
}
}
}
}
},
"21": {
"position": {
"x": 0,
"y": 23,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Outbound Source IP Data Upload \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'forward' \n| where DeviceInboundInterface == 'port2' \n| summarize DataSentMB= sum(SentBytes)/1048576 by SourceIP \n| top 5 by DataSentMB desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "6fbdb0bc-38b1-4dd7-9b82-4e8c688f9e1e"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 outbound source IP addresses, by upload data",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"22": {
"position": {
"x": 6,
"y": 23,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Outbound Destination by Data Sent \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'forward' \n| where DeviceInboundInterface == 'port2' \n| summarize DataSentMB= sum(SentBytes)/1048576 by DestinationIP \n| top 5 by DataSentMB desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "c5069a1a-2470-434a-827d-ba62c2724a6d"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 outbound destination IP addresses, by sent data",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"23": {
"position": {
"x": 12,
"y": 23,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Destination Inbound IP Address Data Received \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'forward' \n| where DestinationTranslatedAddress != '' \n| where DeviceInboundInterface == 'port1' \n| summarize DataReceivedMB= sum(ReceivedBytes)/1048576 by DestinationTranslatedAddress \n| project-rename InboundDestination= DestinationTranslatedAddress \n| top 5 by DataReceivedMB desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "e7a198fe-9956-4cf4-a811-86c2d055efed"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 inbound destination IP addresses, by received data",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"24": {
"position": {
"x": 18,
"y": 23,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Inbound Source Data Received \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'forward' \n| where DeviceInboundInterface == 'port1' \n| summarize DataSent= sum(ReceivedBytes) by SourceIP \n| top 5 by DataSent desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "e7b529ad-83c1-46aa-8cac-7439a9f30929"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 inbound source IP addresses, by received data",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"25": {
"position": {
"x": 0,
"y": 27,
"colSpan": 24,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Top 5 ports</div>  \n \n",
"title": "",
"subtitle": ""
}
}
}
}
},
"26": {
"position": {
"x": 0,
"y": 28,
"colSpan": 12,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Destination ports for outbound Traffic\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| where Activity contains 'forward'\n| where DeviceInboundInterface == 'port2'\n| where DestinationPort > 0\n| extend DestinationPorts= tostring(DestinationPort)\n| summarize TopDestinationPortsCount= count() by DestinationPorts\n| top 5 by TopDestinationPortsCount desc"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "DestinationPorts",
"type": "String"
},
"yAxis": [
{
"name": "TopDestinationPortsCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "3b06bf0b-f848-4880-9ee1-78bb49d33432"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 outbound destination ports",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"27": {
"position": {
"x": 12,
"y": 28,
"colSpan": 12,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Destination ports for Inbound Traffic\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| where Activity contains 'forward'\n| where DeviceInboundInterface == 'port1'\n| where DestinationPort > 0\n| extend DestinationPorts= tostring(DestinationPort)\n| summarize TopDestinationPortsCount= count() by DestinationPorts\n| top 5 by TopDestinationPortsCount desc"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "DestinationPorts",
"type": "String"
},
"yAxis": [
{
"name": "TopDestinationPortsCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "190403c1-f56b-42d3-9696-374155e4490a"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 inbound destination ports",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"28": {
"position": {
"x": 0,
"y": 32,
"colSpan": 24,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Top 5 IP addresses</div> ",
"title": "",
"subtitle": " "
}
}
}
}
},
"29": {
"position": {
"x": 0,
"y": 33,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Inbound Source IP \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'forward' \n| where DeviceInboundInterface == 'port2' \n| summarize InBoundCount= count() by SourceIP \n| top 5 by InBoundCount desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "59d813f3-c722-4807-bacf-a5d18221ebf5"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 inbound source IP addresses",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"30": {
"position": {
"x": 6,
"y": 33,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Outbound Source IP \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'forward' \n| where DeviceInboundInterface == 'port1' \n| summarize OutBoundCount= count() by SourceIP \n| top 5 by OutBoundCount desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "33a934e1-def5-48ea-8aa9-b94fd24cdb21"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 outbound source IP addresses",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"31": {
"position": {
"x": 12,
"y": 33,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Inbound Destination IP \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'forward' \n| where DeviceInboundInterface == 'port1' \n| where DestinationTranslatedAddress contains '.' \n| summarize InBoundCount= count() by DestinationTranslatedAddress \n| project-rename DestinationIP= DestinationTranslatedAddress \n| top 5 by InBoundCount desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "fc703510-4c1d-4468-85e1-e6488298a7af"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 inbound destination IP addresses",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"32": {
"position": {
"x": 18,
"y": 33,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Outbound Destination IP \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'forward' \n| where DeviceInboundInterface == 'port2' \n| summarize OutBoundCount= count() by DestinationIP \n| top 5 by OutBoundCount desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "27ef8765-d021-43fa-b048-25aa4bb28d69"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 outbound destination IP addresses",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"33": {
"position": {
"x": 0,
"y": 37,
"colSpan": 24,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Firewall management</div> ",
"title": "",
"subtitle": " "
}
}
}
}
},
"34": {
"position": {
"x": 0,
"y": 38,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//top 5 successful logins\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| where DestinationUserName != ''\n| where Activity == 'event:system login success'\n| summarize Attempts=count() by DestinationUserName\n| project-rename UserName= DestinationUserName\n| top 5 by Attempts desc\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "UserName",
"type": "String"
},
"yAxis": [
{
"name": "Attempts",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "96a90ac9-60b6-4081-bb91-bbae42401ee3"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 successful logins",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"35": {
"position": {
"x": 6,
"y": 38,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//top 5 Failed logins\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| where DestinationUserName != ''\n| where Activity == 'event:system login failed'\n| summarize Attempts=count() by DestinationUserName\n| project-rename UserName= DestinationUserName\n| top 5 by Attempts desc\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "UserName",
"type": "String"
},
"yAxis": [
{
"name": "Attempts",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "361e45ed-a19b-4176-b437-6cb135b09e87"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 failed logins",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"36": {
"position": {
"x": 12,
"y": 38,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//FortiGate Update Summary \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'system' \n| where Activity contains 'update' \n| extend EventResult= extract(';FortinetFortiGatelogdesc=(.*?);',1, AdditionalExtensions) \n| summarize Count= count() by EventResult \n| top 5 by Count desc nulls last"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "2f732fd5-edca-43e6-97de-609a8e861f49"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Summary of FortiGate updates",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"37": {
"position": {
"x": 18,
"y": 38,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Firewall Config Edit Summary \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'system' \n| where Activity contains 'edit' \n| extend EditType= extract(';FortinetFortiGatecfgpath=(.*?);',1, AdditionalExtensions) \n| summarize EditCount= count() by EditType \n| top 5 by EditCount desc nulls last"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "66f17b6c-d1da-4bd4-9394-9aa1c9d5db9f"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Summary of firewall configuration changes",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"38": {
"position": {
"x": 0,
"y": 42,
"colSpan": 18,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Avg Concurrent Conn\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| where Activity contains 'system'\n| where Activity contains 'perf'\n| extend ConcurrentSession= extract(';FortinetFortiGatetotalsession=(.*?);',1,AdditionalExtensions )\n| summarize Sessions=avg(toint(ConcurrentSession)) by TimeGenerated"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "Sessions",
"type": "Double"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "224780ee-ebd3-4ab3-b21f-4fee344e72f9"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Average concurrent sessions, by time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"39": {
"position": {
"x": 18,
"y": 42,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Count by Traffic Local Events\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| summarize NumberOfEvent=count() by Activity\n| extend Category= extract('(.*):(.*)$',1,Activity)\n| extend B= extract('(.*):(.*$)',2,Activity)\n| extend SubCategory= extract('([a-zA-Z/-]*).*$',1,B)\n| extend SubType= extract('([a-zA-Z/-]*) (.*)$',2,B)\n| where SubCategory contains 'local' and SubType !in ('start','close')\n| project SubType, NumberOfEvent"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "SubType",
"type": "String"
},
"yAxis": [
{
"name": "NumberOfEvent",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "929b5a0b-b613-422b-92d1-4a76f7f5b9d4"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Summary of local traffic events",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"40": {
"position": {
"x": 0,
"y": 46,
"colSpan": 24,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>UTM</div>  \n \n",
"title": "",
"subtitle": ""
}
}
}
}
},
"41": {
"position": {
"x": 0,
"y": 47,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//UTM distribution\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| summarize NumberOfEvent=count() by Activity\n| extend Category= extract('(.*):(.*)$',1,Activity)\n| extend B= extract('(.*):(.*$)',2,Activity)\n| extend SubCategory= extract('([a-zA-Z/-]*).*$',1,B)\n| extend SubType= extract('([a-zA-Z/-]*) (.*)$',2,B)\n| where Category contains 'utm'\n| project SubCategory , NumberOfEvent\n| summarize Total= sum(NumberOfEvent) by SubCategory"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "SubCategory",
"type": "String"
},
"yAxis": [
{
"name": "Total",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "e8d403fa-e25f-4607-aaf3-8108ad3a5b12"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Summary UTM distribution",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"42": {
"position": {
"x": 6,
"y": 47,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top Traffic Trend \nCommonSecurityLog \n| where DeviceVendor =~ 'Fortinet' \n| where DeviceProduct =~ 'Fortigate' \n| where Activity contains 'traffic' \n| summarize ActivityCount=count() by Activity \n| extend ActivtyType=extract('traffic:(.*)$',1,Activity) \n| project ActivtyType , ActivityCount \n| top 5 by ActivityCount desc"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "772518ba-08d3-4b87-a9c3-8517ee93c1a8"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": " Top traffic trends",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"43": {
"position": {
"x": 12,
"y": 47,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Count by app-ctrl events\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| summarize NumberOfEvent=count() by Activity\n| extend Category= extract('(.*):(.*)$',1,Activity)\n| extend B= extract('(.*):(.*$)',2,Activity)\n| extend SubCategory= extract('([a-zA-Z/-]*).*$',1,B)\n| extend SubType= extract('([a-zA-Z/-]*) (.*)$',2,B)\n| where SubCategory contains 'app-ctrl'\n| project SubType, NumberOfEvent"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "SubType",
"type": "String"
},
"yAxis": [
{
"name": "NumberOfEvent",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "6c44a1a0-b8fa-42a2-ab45-7b32da4ecd9b"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "App-Ctrl events",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"44": {
"position": {
"x": 18,
"y": 47,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top protocol accepted\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| where ApplicationProtocol != ''\n| where Activity contains 'accept'\n| summarize ProtocolCount = count() by ApplicationProtocol\n|top 5 by ProtocolCount desc nulls last"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "94c06651-d041-4a3e-a361-6f8c9c6f4c86"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 accepted protocols",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"45": {
"position": {
"x": 0,
"y": 51,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//top protocol denied\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| where ApplicationProtocol != ''\n| where Activity contains 'deny'\n| summarize ProtocolCount = count() by ApplicationProtocol\n|top 5 by ProtocolCount desc nulls last\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "ApplicationProtocol",
"type": "String"
},
"yAxis": [
{
"name": "ProtocolCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "0651fcf2-8921-43b7-897f-de77846d1370"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 blocked protocols",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"46": {
"position": {
"x": 6,
"y": 51,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "// Top category of data\nCommonSecurityLog\n| where DeviceVendor =~ 'Fortinet'\n| where DeviceProduct =~ 'Fortigate'\n| summarize count() by Activity\n| extend Category=extract('(.*?):(.*?)$',1,Activity )\n| summarize CategoryCount=sum(count_) by Category"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "Category",
"type": "String"
},
"yAxis": [
{
"name": "CategoryCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/FortiGateDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "2e683e01-188e-43df-a564-54879a2c5901"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top traffic, by activity",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"47": {
"position": {
"x": 0,
"y": 0,
"colSpan": 1,
"rowSpan": 1
},
"metadata": {
"inputs": [
{
"name": "subscriptionId",
"value": "{Subscription_Id}"
},
{
"name": "resourceGroup",
"value": "{Resource_Group}"
},
{
"name": "workspaceName",
"value": "{Workspace_Name}"
},
{
"name": "dashboardName",
"value": "FortiGateDashboard"
},
{
"name": "menuItemToOpen",
"value": "Dashboards"
}
],
"type": "Extension/Microsoft_Azure_Security_Insights/PartType/AsiOverviewPart",
"defaultMenuItemId": "0"
}
}
}
}
}
}
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку