Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Dashboards/Juniper.json

1432 строки
50 KiB
JSON
Исходник Ответственный История

Этот файл содержит невидимые символы Юникода!

Этот файл содержит невидимые символы Юникода, которые могут быть отображены не так, как показано ниже. Если это намеренно, можете спокойно проигнорировать это предупреждение. Используйте кнопку Экранировать, чтобы показать скрытые символы.

{
"name": "JuniperDashboard_{Workspace_Name}",
"type": "Microsoft.Portal/dashboards",
"location": "{Dashboard_Location}",
"tags": {
"dashboardKey": "JuniperDashboard",
"hidden-title": "Juniper - {Workspace_Name}",
"version": "1.2",
"workspaceName": "{Workspace_Name}"
},
"properties": {
"lenses": {
"0": {
"order": 0,
"parts": {
"0": {
"position": {
"x": 1,
"y": 0,
"colSpan": 15,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Juniper overview</div> ",
"title": "",
"subtitle": ""
}
}
}
}
},
"1": {
"position": {
"x": 16,
"y": 0,
"colSpan": 8,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<img width='350' height='50' src='https://img1-327a.kxcdn.com/DataImage.ashx/8015773'/>\n\n",
"title": "",
"subtitle": "My subtitle"
}
}
}
}
},
"2": {
"position": {
"x": 0,
"y": 1,
"colSpan": 12,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//total volume\nSyslog\n| where HostName contains 'juniper'\n| summarize LogVolume=count() by TimeGenerated\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "LogVolume",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "dceac968-24a9-4510-947d-09d8bb14db97"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Event count time trend",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"3": {
"position": {
"x": 12,
"y": 1,
"colSpan": 12,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//process trend\nSyslog\n| where HostName contains 'juniper' \n| summarize ProcessCount=count() by ProcessName, TimeGenerated\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "ProcessCount",
"type": "Int64"
}
],
"splitBy": [
{
"name": "ProcessName",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "d8932f94-809b-470c-99ce-cb7c15d8f326"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Process count time trend",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"4": {
"position": {
"x": 0,
"y": 5,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//type trend over all\nSyslog\n| where HostName contains 'juniper'\n| extend SessionType= extract('^(.*?):',1,SyslogMessage)\n| where SessionType !=''\n| summarize SessionTypeCount=count() by SessionType, TimeGenerated\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "SessionTypeCount",
"type": "Int64"
}
],
"splitBy": [
{
"name": "SessionType",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "b55a4e4b-c4ab-4185-b530-0eeab34d0a80"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Session type count time trend",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"5": {
"position": {
"x": 6,
"y": 5,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "Syslog\n| where HostName contains 'juniper'\n| where ProcessName =~ 'RT_FLOW'\n| extend SessionType= extract('^(.*?):',1,SyslogMessage)\n| where SessionType !=''\n| summarize SessionTypeCount=count() by SessionType\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "SessionType",
"type": "String"
},
"yAxis": [
{
"name": "SessionTypeCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "b5292d65-2de8-4e6d-806f-5adbe66ab675"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "RT flow session type summary, by count",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"6": {
"position": {
"x": 12,
"y": 5,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Session Close Reason Summary\nSyslog\n| where HostName contains 'juniper'\n| extend Reason= extract('.*?: session closed (.*?):',1,SyslogMessage)\n| where Reason !=''\n| summarize ReasonCount= count() by Reason\n| top 5 by ReasonCount desc\n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "c950c54a-45eb-4325-aefd-1996a8878f7f"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Session close reason summary, by count",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"7": {
"position": {
"x": 18,
"y": 5,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//process count\nSyslog\n| where HostName contains 'juniper'\n| summarize ProcessCount=count() by ProcessName\n| sort by ProcessCount desc nulls last\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "ProcessName",
"type": "String"
},
"yAxis": [
{
"name": "ProcessCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "bbe48eb0-62c6-4f85-a82f-c69cb27da6fe"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Process summary, by count",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"8": {
"position": {
"x": 0,
"y": 9,
"colSpan": 24,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Top 5 IP Adresses Inbound And Outbound</div> ",
"title": "",
"subtitle": ""
}
}
}
}
},
"9": {
"position": {
"x": 0,
"y": 10,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Outbound Source IP Addresses\nSyslog\n| where HostName contains 'juniper'\n| where SyslogMessage contains 'default-permit trust untrust'\n| extend SourceIP=extract('([0-9.].*?)/[0-9].*?->',1,SyslogMessage)\n| summarize SourceIPCount=count() by SourceIP\n| top 5 by SourceIPCount desc nulls last\n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "4aba904b-9824-43d5-93a9-b3a29671086d"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 outbound source IP addresses",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"10": {
"position": {
"x": 6,
"y": 10,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Outbound Destination IP Addresses\nSyslog\n| where HostName contains 'juniper'\n| where SyslogMessage contains 'default-permit trust untrust'\n| extend DestinationIP=extract('->([0-9.].*?)/[0-9].*?',1,SyslogMessage)\n| summarize DestinationIPCount=count() by DestinationIP\n| top 5 by DestinationIPCount desc nulls last\n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "c053c125-0083-4ec9-b9ab-da234b663ec1"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 outbound destination IP addresses",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"11": {
"position": {
"x": 12,
"y": 10,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Inbound Source IP Addresses\nSyslog\n| where HostName contains 'juniper'\n| where SyslogMessage contains 'server-access untrust trust'\n| extend SourceIP=extract('([0-9.].*?)/[0-9].*?->',1,SyslogMessage)\n| summarize SourceIPCount=count() by SourceIP\n| top 5 by SourceIPCount desc nulls last\n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "ef0bec93-5b9a-41fb-9fdb-e2f01ba3ba77"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 inbound source IP addresses",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"12": {
"position": {
"x": 18,
"y": 10,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Top 5 Inbound Destination IP Addresses\nSyslog\n| where HostName contains 'juniper'\n| where SyslogMessage contains 'server-access untrust trust'\n| extend DestinationIP=extract('->([0-9.].*?)/[0-9].*?',1,SyslogMessage)\n| summarize DestinationIPCount=count() by DestinationIP\n| top 5 by DestinationIPCount desc nulls last\n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "489faf13-e6fe-4a98-bfea-22ad09d393c6"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 inbound destination iP addresses",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"13": {
"position": {
"x": 0,
"y": 14,
"colSpan": 12,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Top 5 Ports</div> \n",
"title": "",
"subtitle": ""
}
}
}
}
},
"14": {
"position": {
"x": 0,
"y": 15,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "// top source port\nSyslog\n| where HostName contains 'juniper'\n| extend DestinationPort=extract('[0-9.].*?/([0-9].*?)->',1,SyslogMessage)\n| summarize DestinationPortCount=count() by DestinationPort\n| top 5 by DestinationPortCount desc nulls last\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "DestinationPort",
"type": "String"
},
"yAxis": [
{
"name": "DestinationPortCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "f43f11ce-45ec-4e31-9287-1bbc62323ccf"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 source ports",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"15": {
"position": {
"x": 6,
"y": 15,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//top destination port\nSyslog\n| where HostName contains 'juniper'\n| extend DestinationPort=extract('->[0-9.].*?/([0-9].*?) ',1,SyslogMessage)\n| summarize DestinationPortCount=count() by DestinationPort\n| top 5 by DestinationPortCount desc nulls last\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "DestinationPort",
"type": "String"
},
"yAxis": [
{
"name": "DestinationPortCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "e4156e69-2680-442e-a481-ebe8c44acf09"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 destination ports",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"16": {
"position": {
"x": 0,
"y": 19,
"colSpan": 18,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Firewall Management</div> ",
"title": "",
"subtitle": ""
}
}
}
}
},
"17": {
"position": {
"x": 0,
"y": 20,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Type count trend mgd\nSyslog\n| where HostName contains 'juniper'\n| where ProcessName =~ 'mgd'\n| extend SessionType= extract('^(.*?):',1,SyslogMessage)\n| where SessionType !=''\n| summarize SessionTypeCount=count() by SessionType, TimeGenerated\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "SessionTypeCount",
"type": "Int64"
}
],
"splitBy": [
{
"name": "SessionType",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "25bbcdf7-b1ce-48ac-864c-682f6604659d"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Device config change count time trend",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"18": {
"position": {
"x": 6,
"y": 20,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "Syslog\n| where HostName contains 'juniper' \n| extend SessionType= extract('^(.*?):',1,SyslogMessage) \n| where SessionType  !contains 'RT_FLOW'\n| where SessionType !=''\n| summarize SessionTypeCount=count() by SessionType \n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "5b30ee47-7f5e-40b0-be6b-0e21ea355b35"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Non flow session summary, by count",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"19": {
"position": {
"x": 12,
"y": 20,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "// user access for management\nSyslog\n| where HostName contains 'juniper'\n| where ProcessName =~ 'mgd'\n| extend UserName=extract('User '(.*?)'',1,SyslogMessage)\n| summarize UserCount=count() by UserName\n| top 5 by UserCount desc nulls last\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "UserName",
"type": "String"
},
"yAxis": [
{
"name": "UserCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/JuniperDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "62c2bafb-ee6e-4a4b-a57c-f50d2e8724d2"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 firewall login, by attempts",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"20": {
"position": {
"x": 0,
"y": 0,
"colSpan": 1,
"rowSpan": 1
},
"metadata": {
"inputs": [
{
"name": "subscriptionId",
"value": "{Subscription_Id}"
},
{
"name": "resourceGroup",
"value": "{Resource_Group}"
},
{
"name": "workspaceName",
"value": "{Workspace_Name}"
},
{
"name": "dashboardName",
"value": "JuniperDashboard"
},
{
"name": "menuItemToOpen",
"value": "Dashboards"
}
],
"type": "Extension/Microsoft_Azure_Security_Insights/PartType/AsiOverviewPart",
"defaultMenuItemId": "0"
}
}
}
}
}
}
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку