1434 строки
52 KiB
JSON
1434 строки
52 KiB
JSON
{
|
||
"name": "IdentityAndAccessDashboard_{Workspace_Name}",
|
||
"type": "Microsoft.Portal/dashboards",
|
||
"location": "{Dashboard_Location}",
|
||
"tags": {
|
||
"dashboardKey": "IdentityAndAccessDashboard",
|
||
"hidden-title": "Identity & Access - {Workspace_Name}",
|
||
"version": "1.2",
|
||
"workspaceName": "{Workspace_Name}"
|
||
},
|
||
"properties": {
|
||
"lenses": {
|
||
"0": {
|
||
"order": 0,
|
||
"parts": {
|
||
"0": {
|
||
"position": {
|
||
"x": 1,
|
||
"y": 0,
|
||
"colSpan": 24,
|
||
"rowSpan": 1
|
||
},
|
||
"metadata": {
|
||
"inputs": [],
|
||
"type": "Extension/HubsExtension/PartType/MarkdownPart",
|
||
"settings": {
|
||
"content": {
|
||
"settings": {
|
||
"content": "<div style='font-size:300%;'>User logons</div>",
|
||
"title": "",
|
||
"subtitle": ""
|
||
}
|
||
}
|
||
}
|
||
}
|
||
},
|
||
"1": {
|
||
"position": {
|
||
"x": 0,
|
||
"y": 1,
|
||
"colSpan": 7,
|
||
"rowSpan": 4
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where EventID in (4624, 4625) and AccountType == 'User'\n| extend EventName = iff(EventID == 4624, 'Success' , 'Fail') \n| summarize NumLogons = count() by bin_at(TimeGenerated, 1h, now()), EventName"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"value": {
|
||
"xAxis": {
|
||
"name": "TimeGenerated",
|
||
"type": "DateTime"
|
||
},
|
||
"yAxis": [
|
||
{
|
||
"name": "NumLogons",
|
||
"type": "Int64"
|
||
}
|
||
],
|
||
"splitBy": [
|
||
{
|
||
"name": "EventName",
|
||
"type": "String"
|
||
}
|
||
],
|
||
"aggregation": "Sum"
|
||
}
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/1c64bb6e-24b5-4e9f-8f7f-8e7c6c51f162"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "3890a09c-f87e-4e67-b4e2-78a71c2450bd"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsChart"
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"value": "Bar"
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "Logons per hour ",
|
||
"PartSubTitle": "Failed and succeeded"
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"2": {
|
||
"position": {
|
||
"x": 7,
|
||
"y": 1,
|
||
"colSpan": 7,
|
||
"rowSpan": 4
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "let top5 = SecurityEvent\n| where EventID == 4625 and AccountType == 'User'\n| extend Account_Name = extract(@'^(.*\\\\)?([^@]*)(@.*)?$', 2, tolower(Account))\n| summarize Attempts = count() by Account_Name\n| where Account_Name != ''\n| top 5 by Attempts \n| summarize makelist(Account_Name);\nSecurityEvent\n| where EventID == 4625 and AccountType == 'User'\n| extend Name = extract(@'^(.*\\\\)?([^@]*)(@.*)?$', 2, tolower(Account))\n| extend Account_Name = iff(Name in (top5), Name, 'Other')\n| where Account_Name != ''\n| summarize Attempts = count() by Account_Name\n"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"value": {
|
||
"xAxis": {
|
||
"name": "Account_Name",
|
||
"type": "String"
|
||
},
|
||
"yAxis": [
|
||
{
|
||
"name": "Attempts",
|
||
"type": "Int64"
|
||
}
|
||
],
|
||
"splitBy": [],
|
||
"aggregation": "Sum"
|
||
}
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "ecfeb0d5-22d2-4635-899a-0a5d45e21e01"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsDonut"
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "Failed account logons",
|
||
"PartSubTitle": "Top 5, by user names"
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"3": {
|
||
"position": {
|
||
"x": 14,
|
||
"y": 1,
|
||
"colSpan": 11,
|
||
"rowSpan": 4
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where EventID in (4625, 4624)\n| where TimeGenerated >= ago(14d)\n| summarize count() by bin_at(TimeGenerated, 1d, now())\n| extend Week = iff(TimeGenerated>=ago(7d), 'This Week', 'Last Week'), TimeGenerated = iff(TimeGenerated>=ago(7d), TimeGenerated, TimeGenerated + 7d)"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"value": {
|
||
"xAxis": {
|
||
"name": "TimeGenerated",
|
||
"type": "DateTime"
|
||
},
|
||
"yAxis": [
|
||
{
|
||
"name": "count_",
|
||
"type": "Int64"
|
||
}
|
||
],
|
||
"splitBy": [
|
||
{
|
||
"name": "Week",
|
||
"type": "String"
|
||
}
|
||
],
|
||
"aggregation": "Sum"
|
||
}
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "1bc21a9a-00fc-4e12-ae96-2686c7fbb7c1"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsChart"
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"value": "Line"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "Logon summary",
|
||
"PartSubTitle": "Per week"
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
},
|
||
"filters": {
|
||
"MsPortalFx_TimeRange": {
|
||
"model": {
|
||
"format": "utc",
|
||
"granularity": "auto",
|
||
"relative": "1d"
|
||
}
|
||
}
|
||
}
|
||
}
|
||
},
|
||
"4": {
|
||
"position": {
|
||
"x": 0,
|
||
"y": 5,
|
||
"colSpan": 7,
|
||
"rowSpan": 6
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where AccountType == 'User'\n| where EventID in (4624, 4625)\n| summarize Unique_Accounts = dcount(Account), Attempts = count(), Succeeded=countif(EventID == 4624), Failed=countif(EventID == 4625) by IpAddress\n| where Failed > 0\n| order by Succeeded>0, todouble(Succeeded)/Attempts asc, Attempts desc\n| project IP = IpAddress, Succeeded, Attempts, Unique_Accounts\n| take 10"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/1c64bb6e-24b5-4e9f-8f7f-8e7c6c51f162"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "00ee3d4f-a38f-4f06-8558-922a74e8ceba"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsGrid"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"isOptional": true
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "Most suspicious failed logons, by IP address",
|
||
"PartSubTitle": "Top 10"
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"5": {
|
||
"position": {
|
||
"x": 7,
|
||
"y": 5,
|
||
"colSpan": 7,
|
||
"rowSpan": 6
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where EventID in (4625, 4624) and AccountType == 'User'\n| extend AccountName = extract(@'^(.*\\\\)?([^@]*)(@.*)?$', 2, tolower(Account))\n| summarize Attempts = count(), Failed = countif(EventID == 4625), Succeeded = countif(EventID == 4624) by AccountName\n| where AccountName != ''\n| top 10 by Attempts\n| project Account_Name = AccountName, Attempts, Failed, Succeeded"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/1c64bb6e-24b5-4e9f-8f7f-8e7c6c51f162"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "54c9620b-b1b8-4bff-9d63-2753956b5488"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsGrid"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"isOptional": true
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "Logon attempts - failed and succeeded",
|
||
"PartSubTitle": " Top 10 per user account name"
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"6": {
|
||
"position": {
|
||
"x": 14,
|
||
"y": 5,
|
||
"colSpan": 6,
|
||
"rowSpan": 4
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where EventID in (4624, 4625)\n| where AccountType == 'User' \n| summarize Amount = count() by LogonTypeName"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "21a79a90-ee2b-4d43-8509-7ebea3df95e4"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsGrid"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"isOptional": true
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "User logons, by type",
|
||
"PartSubTitle": " "
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"7": {
|
||
"position": {
|
||
"x": 20,
|
||
"y": 5,
|
||
"colSpan": 5,
|
||
"rowSpan": 4
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where AccountType == 'User' and EventID == 4625\n| extend Reason = case(\n SubStatus == '0xc000005e', 'No logon servers available to service the logon request',\n SubStatus == '0xc0000062', 'Account name is not properly formatted',\n SubStatus == '0xc0000064', 'Account name does not exist',\n SubStatus == '0xc000006a', 'Incorrect password',\n SubStatus == '0xc000006d', 'Bad user name or password',\n SubStatus == '0xc000006f', 'User logon blocked by account restriction',\n SubStatus == '0xc000006f', 'User logon outside of restricted logon hours',\n SubStatus == '0xc0000070', 'User logon blocked by workstation restriction',\n SubStatus == '0xc0000071', 'Password has expired',\n SubStatus == '0xc0000072', 'Account is disabled',\n SubStatus == '0xc0000133', 'Clocks between DC and other computer too far out of sync',\n SubStatus == '0xc000015b', 'The user has not been granted the requested logon right at this machine',\n SubStatus == '0xc0000193', 'Account has expirated',\n SubStatus == '0xc0000224', 'User is required to change password at next logon',\n SubStatus == '0xc0000234', 'Account is currently locked out', \n strcat('Unknown reason substatus: ', SubStatus))\n| summarize count() by Reason\n"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"value": {
|
||
"xAxis": {
|
||
"name": "Reason",
|
||
"type": "String"
|
||
},
|
||
"yAxis": [
|
||
{
|
||
"name": "count_",
|
||
"type": "Int64"
|
||
}
|
||
],
|
||
"splitBy": [],
|
||
"aggregation": "Sum"
|
||
}
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "fd748a71-fef1-4b96-b7d9-d74a2e47c2c7"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsDonut"
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "Failed user logons, by reason",
|
||
"PartSubTitle": " "
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"8": {
|
||
"position": {
|
||
"x": 14,
|
||
"y": 9,
|
||
"colSpan": 11,
|
||
"rowSpan": 2
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where EventID == 4724 \n| summarize Resets = count() by bin_at(TimeGenerated, 1d, now())\n| render timechart \n"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"value": {
|
||
"xAxis": {
|
||
"name": "TimeGenerated",
|
||
"type": "DateTime"
|
||
},
|
||
"yAxis": [
|
||
{
|
||
"name": "Resets",
|
||
"type": "Int64"
|
||
}
|
||
],
|
||
"splitBy": [],
|
||
"aggregation": "Sum"
|
||
}
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "0f5f336f-15f1-46ef-92dc-33089a2d16c2"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsChart"
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"value": "Line"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "Password reset",
|
||
"PartSubTitle": "Per day over last week"
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"9": {
|
||
"position": {
|
||
"x": 0,
|
||
"y": 11,
|
||
"colSpan": 25,
|
||
"rowSpan": 1
|
||
},
|
||
"metadata": {
|
||
"inputs": [],
|
||
"type": "Extension/HubsExtension/PartType/MarkdownPart",
|
||
"settings": {
|
||
"content": {
|
||
"settings": {
|
||
"content": "<div style='font-size:300%;'>User activities</div>",
|
||
"title": "",
|
||
"subtitle": ""
|
||
}
|
||
}
|
||
}
|
||
}
|
||
},
|
||
"10": {
|
||
"position": {
|
||
"x": 0,
|
||
"y": 12,
|
||
"colSpan": 7,
|
||
"rowSpan": 5
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "//Users Account Management over time\nSecurityEvent\n| where EventID in (4720, 4722, 4725, 4726, 4240, 4767)\n| extend Operation = case( \n EventID == 4720, 'User Created',\n EventID == 4722, 'User Enabled',\n EventID == 4725, 'User Disabled',\n EventID == 4726, 'User Deleted',\n EventID == 4740, 'User Locked Out',\n EventID == 4767, 'User Unlocked', \n 'Unknown')\n| summarize Amount = count() by Operation\n"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"value": {
|
||
"xAxis": {
|
||
"name": "Operation",
|
||
"type": "String"
|
||
},
|
||
"yAxis": [
|
||
{
|
||
"name": "Amount",
|
||
"type": "Int64"
|
||
}
|
||
],
|
||
"splitBy": [],
|
||
"aggregation": "Sum"
|
||
}
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "54361477-319b-4418-987c-f183d70405f3"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsDonut"
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "User account activities, by type",
|
||
"PartSubTitle": "By type"
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"11": {
|
||
"position": {
|
||
"x": 7,
|
||
"y": 12,
|
||
"colSpan": 7,
|
||
"rowSpan": 5
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where EventID in (4720, 4722, 4725, 4726, 4240, 4767)\n| order by TimeGenerated\n| extend EventType = case(\n EventID == 4720, 'User account created',\n EventID == 4722, 'User account enabled',\n EventID == 4725, 'User account disabled',\n EventID == 4726, 'User account deleted',\n EventID == 4767, 'User account unlocked',\n EventID == 4740, 'User account locked out',\n strcat('Unkown Event ID', EventID))\n| project Time_Generated = TimeGenerated, Event_Type = EventType, Computer, Account\n| limit 10\n"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "18102f77-c55f-47eb-8ea2-b50a61bfdd18"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsGrid"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"isOptional": true
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "User activity events",
|
||
"PartSubTitle": "Last 10 - Created, Enabled, Disabled, Deleted, Locked Out, Unlocked"
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"12": {
|
||
"position": {
|
||
"x": 14,
|
||
"y": 12,
|
||
"colSpan": 11,
|
||
"rowSpan": 5
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where EventID in (4720, 4722, 4725, 4726, 4240, 4767)\n| extend EventType = case(\n EventID == 4720, 'User account created',\n EventID == 4722, 'User account enabled',\n EventID == 4725, 'User account disabled',\n EventID == 4726, 'User account deleted',\n EventID == 4767, 'User account unlocked',\n EventID == 4740, 'User account locked out',\n strcat('Unkown Event ID', EventID))\n| project EventType, Computer\n| evaluate pivot(EventType, count(EventType))"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "3f1abe3a-a345-407f-9d05-d7addcfc5e4b"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsGrid"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"isOptional": true
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "User activities per machine",
|
||
"PartSubTitle": "Created, Enabled, Disabled, Deleted, Locked Out, Unlocked"
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"13": {
|
||
"position": {
|
||
"x": 0,
|
||
"y": 17,
|
||
"colSpan": 25,
|
||
"rowSpan": 1
|
||
},
|
||
"metadata": {
|
||
"inputs": [],
|
||
"type": "Extension/HubsExtension/PartType/MarkdownPart",
|
||
"settings": {
|
||
"content": {
|
||
"settings": {
|
||
"content": "<div style='font-size:300%;'>Machine logons</div>",
|
||
"title": "",
|
||
"subtitle": ""
|
||
}
|
||
}
|
||
}
|
||
}
|
||
},
|
||
"14": {
|
||
"position": {
|
||
"x": 0,
|
||
"y": 18,
|
||
"colSpan": 7,
|
||
"rowSpan": 5
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where EventID == 4624\n| where TimeGenerated >= ago(14d)\n| summarize Current_Week = countif(TimeGenerated >= ago(7d)), Previous_Week = countif(TimeGenerated < ago(7d)) by Computer\n| extend Per = iff(Current_Week > Previous_Week, toreal(Current_Week) / Previous_Week, toreal(Previous_Week) / Current_Week)\n| extend sign = iff(Current_Week > Previous_Week, '+', '-')\n| extend Percentage = iff(Current_Week != 0 and Previous_Week != 0 and Previous_Week != Current_Week, strcat(sign, extract(@'(\\d*(\\.\\d{1,2}|$))', 1, tostring((Per -1 )*100)), '%'), 'No Percentage - 0')\n| project Computer, Previous_Week, Current_Week, Percentage"
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "8198fe90-01bf-4f70-b183-28e24ce3a255"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsGrid"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"isOptional": true
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"isOptional": true
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "Number of successful logons per machine",
|
||
"PartSubTitle": "Per week"
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
},
|
||
"filters": {
|
||
"MsPortalFx_TimeRange": {
|
||
"model": {
|
||
"format": "local",
|
||
"granularity": "auto",
|
||
"relative": "1d"
|
||
}
|
||
}
|
||
}
|
||
}
|
||
},
|
||
"15": {
|
||
"position": {
|
||
"x": 7,
|
||
"y": 18,
|
||
"colSpan": 4,
|
||
"rowSpan": 5
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where AccountType == 'Machine' and EventID == 4624\n| summarize AccountsNum = dcount(Account) by Computer\n| sort by AccountsNum \n| take 50\n| project Computer, Accounts = AccountsNum \n"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "875239c9-e943-4734-857a-cbb3fea8079d"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsGrid"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"isOptional": true
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "Number of accounts successfully logged on",
|
||
"PartSubTitle": "Per machine"
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"16": {
|
||
"position": {
|
||
"x": 11,
|
||
"y": 18,
|
||
"colSpan": 3,
|
||
"rowSpan": 5
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where EventID in (4624, 4625)\n| where AccountType == 'Machine'\n| summarize Amount = count() by LogonTypeName\n"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "e409bb01-5776-4be7-ae39-d6acc04d7b3d"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsGrid"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"isOptional": true
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "Machine logons, by type",
|
||
"PartSubTitle": " "
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"17": {
|
||
"position": {
|
||
"x": 14,
|
||
"y": 18,
|
||
"colSpan": 11,
|
||
"rowSpan": 5
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityEvent\n| where EventID == 4625\n| extend Reason = case(\nSubStatus == '0xc0000064', 'User name does not exist', \nSubStatus == '0xc000005e', 'No logon servers available to service the logon request', \nSubStatus == '0xc0000062', 'Account name is not properly formatted', \nSubStatus == '0xc0000064', 'Account name does not exist', \nSubStatus == '0xc000006a', 'Incorrect password', \nSubStatus == '0xc000006d', 'Bad user name or password', \nSubStatus == '0xc000006f', 'User logon blocked by account restriction', \nSubStatus == '0xc000006f', 'User logon outside of restricted logon hours', \nSubStatus == '0xc0000070', 'User logon blocked by workstation restriction', \nSubStatus == '0xc0000071', 'Password has expired', \nSubStatus == '0xc0000072', 'Account is disabled', \nSubStatus == '0xc0000133', 'Clocks between DC and other computer too far out of sync', \nSubStatus == '0xc000015b', 'The user has not been granted the requested logon right at this machine', \nSubStatus == '0xc0000193', 'Account has expirated', \nSubStatus == '0xc0000224', 'User is required to change password at next logon', \nSubStatus == '0xc0000234', 'Account is currently locked out', strcat('Unknown reason substatus: ', SubStatus))\n| summarize count() by Reason, Computer\n| evaluate pivot(Reason, sum(count_))"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "e4278d18-baec-4322-965b-d1b441400011"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Analytics"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": "{Workspace_Name}"
|
||
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsGrid"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"isOptional": true
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {
|
||
"content": {
|
||
"PartTitle": "Number of failed logons, by reasons per machine",
|
||
"PartSubTitle": " "
|
||
}
|
||
},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
},
|
||
"18": {
|
||
"position": {
|
||
"x": 0,
|
||
"y": 0,
|
||
"colSpan": 1,
|
||
"rowSpan": 1
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "subscriptionId",
|
||
"value": "{Subscription_Id}"
|
||
},
|
||
{
|
||
"name": "resourceGroup",
|
||
"value": "{Resource_Group}"
|
||
},
|
||
{
|
||
"name": "workspaceName",
|
||
"value": "{Workspace_Name}"
|
||
}, {
|
||
"name": "dashboardName",
|
||
"value": "IdentityAndAccessDashboard"
|
||
},
|
||
{
|
||
"name": "menuItemToOpen",
|
||
"value": "Dashboards"
|
||
}
|
||
],
|
||
"type": "Extension/Microsoft_Azure_Security_Insights/PartType/AsiOverviewPart",
|
||
"defaultMenuItemId": "0"
|
||
}
|
||
},
|
||
"19": {
|
||
"position": {
|
||
"x": 0,
|
||
"y": 23,
|
||
"colSpan": 14,
|
||
"rowSpan": 5
|
||
},
|
||
"metadata": {
|
||
"inputs": [
|
||
{
|
||
"name": "ComponentId",
|
||
"value": {
|
||
"SubscriptionId": "{Subscription_Id}",
|
||
"ResourceGroup": "{Resource_Group}",
|
||
"Name": "{Workspace_Name}"
|
||
}
|
||
},
|
||
{
|
||
"name": "Query",
|
||
"value": "SecurityAlert\n| mvexpand Entity = parse_json(Entities)\n| where Entity.Type =~ 'account'\n| project TimeGenerated, AlertName = DisplayName, Entity.Name, AlertSeverity \n| summarize RelatedAccounts = makeset(Entity_Name) by tostring(TimeGenerated), AlertName, AlertSeverity \n| sort by TimeGenerated desc\n"
|
||
},
|
||
{
|
||
"name": "TimeRange",
|
||
"value": "P1D"
|
||
},
|
||
{
|
||
"name": "Version",
|
||
"value": "1.0"
|
||
},
|
||
{
|
||
"name": "DashboardId",
|
||
"value": "/subscriptions/{Subscription_Id}/resourceGroups/{Resource_Group}/providers/Microsoft.Portal/dashboards/IdentityAndAccessDashboard_{Workspace_Name}"
|
||
},
|
||
{
|
||
"name": "PartId",
|
||
"value": "6ee0282a-5fb5-43a8-8110-e7e2fe81d904"
|
||
},
|
||
{
|
||
"name": "PartTitle",
|
||
"value": "Security alerts with account entities"
|
||
},
|
||
{
|
||
"name": "PartSubTitle",
|
||
"value": " "
|
||
},
|
||
{
|
||
"name": "resourceTypeMode",
|
||
"value": "workspace"
|
||
},
|
||
{
|
||
"name": "ControlType",
|
||
"value": "AnalyticsGrid"
|
||
},
|
||
{
|
||
"name": "Dimensions",
|
||
"isOptional": true
|
||
},
|
||
{
|
||
"name": "SpecificChart",
|
||
"isOptional": true
|
||
}
|
||
],
|
||
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
||
"settings": {},
|
||
"asset": {
|
||
"idInputName": "ComponentId",
|
||
"type": "ApplicationInsights"
|
||
}
|
||
}
|
||
}
|
||
}
|
||
}
|
||
}
|
||
}
|
||
}
|