Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Dashboards/Microsoft_WAF.json

1807 строки
63 KiB
JSON
Исходник Ответственный История

{
"name": "AzureWebApplicationFirewallDashboard_{Workspace_Name}",
"type": "Microsoft.Portal/dashboards",
"location": "{Dashboard_Location}",
"tags": {
"dashboardKey": "AzureWebApplicationFirewallDashboard",
"hidden-title": "Azure web application firewal (WAF) - {Workspace_Name}",
"version": "1.1",
"workspaceName": "{Workspace_Name}"
},
"properties": {
"lenses": {
"0": {
"order": 0,
"parts": {
"0": {
"position": {
"x": 1,
"y": 0,
"colSpan": 15,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Azure web application firewall (WAF) overview</div>",
"title": "",
"subtitle": ""
}
}
}
}
},
"1": {
"position": {
"x": 21,
"y": 0,
"colSpan": 18,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Application gateway access events</div>",
"title": "",
"subtitle": ""
}
}
}
}
},
"2": {
"position": {
"x": 0,
"y": 1,
"colSpan": 13,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| summarize count() by Resource, TimeGenerated\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [
{
"name": "Resource",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "607eacd1-328b-453f-92d6-07c784772bce"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Resource events, by time ",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"3": {
"position": {
"x": 13,
"y": 1,
"colSpan": 5,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| summarize number = count() by Resource\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "Resource",
"type": "String"
},
"yAxis": [
{
"name": "number",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "6f928806-4f1c-49af-99bd-8fb64060327c"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Resource use",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"4": {
"position": {
"x": 21,
"y": 1,
"colSpan": 12,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayAccess\"\n| summarize count() by clientIP_s, TimeGenerated\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [
{
"name": "clientIP_s",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "bd633128-8069-405a-a717-20ccad8ea30f"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Area"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Activity, by cIient IP address",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"5": {
"position": {
"x": 33,
"y": 1,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayAccess\" \n| summarize count() by sslEnabled_s \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "sslEnabled_s",
"type": "String"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "8cac62a4-5d5a-4e6b-8fdf-7353123b6dac"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "SSL use",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"6": {
"position": {
"x": 0,
"y": 5,
"colSpan": 13,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\r\n| where ResourceType == \"APPLICATIONGATEWAYS\"\r\n| summarize number = count() by OperationName, TimeGenerated\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "number",
"type": "Int64"
}
],
"splitBy": [
{
"name": "OperationName",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "f6e31189-116d-4584-8013-ad185508e082"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Firewall and access events, by time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"7": {
"position": {
"x": 13,
"y": 5,
"colSpan": 5,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\r\n| where ResourceType == \"APPLICATIONGATEWAYS\"\r\n| summarize number = count() by OperationName\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "OperationName",
"type": "String"
},
"yAxis": [
{
"name": "number",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "4a743d97-9efd-4f43-b4d5-8a47ad379e1d"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Events, by operation",
"PartSubTitle": "contoso77"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"8": {
"position": {
"x": 21,
"y": 5,
"colSpan": 12,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayAccess\" \n| project receivedBytes_d, sentBytes_d, TimeGenerated \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "receivedBytes_d",
"type": "Double"
},
{
"name": "sentBytes_d",
"type": "Double"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "9ddf1926-fcfe-4557-8368-02762d7562bd"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Area"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Received and sent data, by time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"9": {
"position": {
"x": 33,
"y": 5,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayAccess\" \n| summarize number = count() by userAgent_s\n| top 10 by number desc nulls last \n"
},
{
"name": "TimeRange",
"value": "P3D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "userAgent_s",
"type": "String"
},
"yAxis": [
{
"name": "number",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "04432ab3-50d9-4f66-a737-b286c9ad9dc4"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "User agent use",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"10": {
"position": {
"x": 0,
"y": 9,
"colSpan": 18,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "let acessURL = AzureDiagnostics| where ResourceType == \"APPLICATIONGATEWAYS\"| where OperationName == \"ApplicationGatewayAccess\";\nAzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayFirewall\"\n| where action_s == \"Blocked\"\n| join (acessURL) on $left.clientIp_s == $right.clientIP_s\n| where TimeGenerated < TimeGenerated1 + 1m or TimeGenerated > TimeGenerated1 - 1m\n| project clientIp_s , clientIP_s1, requestUri_s, Message, userAgent_s1, TimeGenerated, TimeGenerated1\n| summarize count() by clientIp_s , requestUri_s, Message, userAgent_s1, bin(TimeGenerated, 1m)\n| order by count_ desc \n| top 20 by count_ \n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "8559c644-dc81-4102-9f85-67d3ab230706"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"isOptional": true
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Detected and blocked flows",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"11": {
"position": {
"x": 21,
"y": 9,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayAccess\"\n| summarize number= count() by requestUri_s, clientIP_s\n| order by number desc \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "07e796b0-ce59-4817-aeca-2cdd1fb1a2a3"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "URL address use, by client IP address",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"12": {
"position": {
"x": 27,
"y": 9,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\r\n| where ResourceType == \"APPLICATIONGATEWAYS\"\r\n| where OperationName == \"ApplicationGatewayAccess\" \r\n| summarize number = count() by httpMethod_s\r\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "httpMethod_s",
"type": "String"
},
"yAxis": [
{
"name": "number",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "d0145475-ca97-4980-ac81-6ce994f3b94b"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "HTTP methods",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"13": {
"position": {
"x": 33,
"y": 9,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayAccess\"\n| summarize count() by requestQuery_s\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "requestQuery_s",
"type": "String"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "0bd2c2fc-ea04-48f9-b173-e428efc9b930"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Request queries",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"14": {
"position": {
"x": 0,
"y": 13,
"colSpan": 18,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Application gateway firewall events</div>\n",
"title": "",
"subtitle": ""
}
}
}
}
},
"15": {
"position": {
"x": 0,
"y": 14,
"colSpan": 8,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where Resource == \"WAFGW\"\n| summarize number = count() by instanceId_s, TimeGenerated\n| where instanceId_s contains \"role\"\n| extend roulenumber = extract(\"ApplicationGateway([a-zA-Z_a-zA-Z_0-9]*)\", 1, instanceId_s) \n| project roulenumber , number , TimeGenerated \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "number",
"type": "Int64"
}
],
"splitBy": [
{
"name": "roulenumber",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "8c1bdc0c-804b-4177-8a18-30bab500be6f"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Role use, by time",
"PartSubTitle": " ",
"Query": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayFirewall\" \n| summarize number = count() by instanceId_s, TimeGenerated\n| where instanceId_s contains \"role\"\n| extend roulenumber = extract(\"ApplicationGateway([a-zA-Z_a-zA-Z_0-9]*)\", 1, instanceId_s) \n| project roulenumber , number , TimeGenerated \n"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"16": {
"position": {
"x": 8,
"y": 14,
"colSpan": 5,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayFirewall\"\n| where action_s == \"Blocked\"\n| summarize count() by requestUri_s\n| top 10 by count_ desc \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "requestUri_s",
"type": "String"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "e66a5268-94cb-46be-9c14-4f336da5b0be"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Blocked URL addresses",
"PartSubTitle": " ",
"Query": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayFirewall\"\n| where action_s == \"Blocked\" or action_s == \"Detected\" \n| summarize count() by requestUri_s \n| top 10 by count_ desc \n"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"17": {
"position": {
"x": 13,
"y": 14,
"colSpan": 5,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "\nAzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayFirewall\"\n| summarize number = count() by action_s"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "action_s",
"type": "String"
},
"yAxis": [
{
"name": "number",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "5455ff1c-1e5e-4df3-9eff-8071031e3647"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "WAF actions",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"18": {
"position": {
"x": 0,
"y": 18,
"colSpan": 12,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\r\n| where ResourceType == \"APPLICATIONGATEWAYS\"\r\n| where OperationName == \"ApplicationGatewayFirewall\"\r\n| summarize count() by Message, TimeGenerated\n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [
{
"name": "Message",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "f3811e44-400b-4ea7-bb9f-2fe3f625ea1a"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Messages, by time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"19": {
"position": {
"x": 12,
"y": 18,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\r\n| where ResourceType == \"APPLICATIONGATEWAYS\"\r\n| where OperationName == \"ApplicationGatewayFirewall\"\r\n| summarize count() by Message\r\n| top 10 by count_ \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "Message",
"type": "String"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "05364e41-0039-4eb7-8445-b23dce0a24c1"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Event trigger",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"20": {
"position": {
"x": 0,
"y": 22,
"colSpan": 12,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where ResourceType == \"APPLICATIONGATEWAYS\"\n| where OperationName == \"ApplicationGatewayFirewall\"\n| where Message contains \"attack\"\n| summarize count() by Message, TimeGenerated\n"
},
{
"name": "TimeRange",
"value": "2019-01-01T11:17:50.000Z/2019-01-29T11:17:50.425Z"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "count_",
"type": "Int64"
}
],
"splitBy": [
{
"name": "Message",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "3760832b-bb2b-48f3-a070-15b5bef7be45"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Attack events, by time",
"PartSubTitle": "contoso77"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"21": {
"position": {
"x": 12,
"y": 22,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}"
}
},
{
"name": "Query",
"value": "AzureDiagnostics\n| where Resource == \"WAFGW\"\n| where Message contains \"SQL Injection\" \n| summarize count() by hostname_s\n| order by count_ desc \n"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/MicrosoftWebApplicationFirewallDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "8934188b-9aa6-4e94-bc6e-1347cdea7418"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "SQL injection, by host name",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"22": {
"position": {
"x": 0,
"y": 0,
"colSpan": 1,
"rowSpan": 1
},
"metadata": {
"inputs": [
{
"name": "subscriptionId",
"value": "{Subscription_Id}"
},
{
"name": "resourceGroup",
"value": "{Resource_Group}"
},
{
"name": "workspaceName",
"value": "{Workspace_Name}"
},
{
"name": "dashboardName",
"value": "AzureWebApplicationFirewallDashboard"
},
{
"name": "menuItemToOpen",
"value": "Dashboards"
}
],
"type": "Extension/Microsoft_Azure_Security_Insights/PartType/AsiOverviewPart",
"defaultMenuItemId": "0"
}
},
"23": {
"position": {
"x": 16,
"y": 0,
"colSpan": 2,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style=\"max-width: 50px\">\n<svg viewBox=\"0 0 50 50\" class=\"fxs-portal-svg\" role=\"presentation\" focusable=\"false\" xmlns:svg=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" aria-hidden=\"true\"><g><path d=\"M25 50c-1.2 0-2.4-.5-3.3-1.4L1.4 28.3C.5 27.4 0 26.2 0 25s.5-2.4 1.4-3.3L21.7 1.4C22.6.5 23.8 0 25 0s2.4.5 3.3 1.4l20.4 20.4c.9.9 1.4 2 1.4 3.3 0 1.2-.5 2.4-1.4 3.3L28.3 48.6c-.9.9-2.1 1.4-3.3 1.4\" class=\"msportalfx-svg-c14\"></path><path d=\"M29.738 18.584a7.68 7.68 0 0 1-4.68 1.589 7.7 7.7 0 0 1-6.131-3.025 7.706 7.706 0 0 1 1.437-10.811 7.643 7.643 0 0 1 4.679-1.588 7.697 7.697 0 0 1 6.131 3.026 7.708 7.708 0 0 1-1.436 10.809\" class=\"msportalfx-svg-c01\"></path><path opacity=\".15\" d=\"M28.3 1.4C27.4.5 26.2 0 25 0s-2.4.5-3.3 1.4L1.4 21.7C.5 22.6 0 23.8 0 25s.5 2.4 1.4 3.3l11.5 11.5L34.6 7.7l-6.3-6.3z\" class=\"msportalfx-svg-c01\"></path><path d=\"M25 45.6l6.6-6.6h-4.7V19.149H23V39h-4.6z\" class=\"msportalfx-svg-c01\"></path><path d=\"M39.33 33.48v-9.334l-3.253 3.253-8.444-8.444-2.828 2.828 8.444 8.444-3.253 3.253z\" class=\"msportalfx-svg-c01\"></path><path d=\"M10.685 33.515h9.333l-3.252-3.252 8.681-8.681-2.829-2.829-8.681 8.681-3.252-3.252z\" class=\"msportalfx-svg-c01\"></path><path d=\"M29.115 17.771a6.66 6.66 0 0 1-4.058 1.378 6.673 6.673 0 0 1-5.316-2.623 6.682 6.682 0 0 1 1.246-9.375 6.629 6.629 0 0 1 4.057-1.377 6.67 6.67 0 0 1 5.316 2.624 6.682 6.682 0 0 1-1.245 9.373\" class=\"msportalfx-svg-c15\"></path><path d=\"M27.886 13.635a1.441 1.441 0 0 0 2.018.269c.033-.025.058-.056.088-.083.645.454 1.092.754 1.344.925.075-.193.126-.379.179-.573a35.537 35.537 0 0 1-1.148-.898 1.437 1.437 0 0 0-.195-1.384 1.434 1.434 0 0 0-1.856-.368 60.051 60.051 0 0 1-2.219-2.096c2.452-1.319 4.194-1.126 4.194-1.126a6.698 6.698 0 0 0-.965-.989c-1.034-.16-2.64-.142-4.476.834l-.001-.001a53.625 53.625 0 0 1-1.868-2.063c-.303.097-.6.217-.886.36.468.766 1.098 1.538 1.807 2.292l.005.005a12.44 12.44 0 0 0-1.858 1.609 10.12 10.12 0 0 0-.225.249 2.023 2.023 0 0 0-1.102.075c-.606-1.307-.557-2.357-.461-2.898a7.005 7.005 0 0 0-.72.874c-.158.646-.203 1.578.264 2.701a2.016 2.016 0 0 0 .149 2.622 10.156 10.156 0 0 0-.391 2.344c.063.086.063.156.126.24.321.411.724.758 1.113 1.072a7.376 7.376 0 0 1 .459-3.043c.314.024.633-.026.932-.151a11.093 11.093 0 0 0 2.491 1.7 1.33 1.33 0 0 0 .259.941 1.337 1.337 0 0 0 1.868.246c.121-.093.217-.205.296-.325 1.041.232 1.95.273 2.624.273.103 0 .582-.652.857-1.056-.41.086-1.628.253-3.291-.225a1.329 1.329 0 0 0-.24-.53 1.323 1.323 0 0 0-1.771-.303 12.61 12.61 0 0 1-2.172-1.5 2.027 2.027 0 0 0 .085-2.02c.077-.077.152-.153.233-.229a14.63 14.63 0 0 1 1.744-1.411c-.022-.02-.042-.042-.063-.062l.064.061h-.001c.835.772 1.72 1.504 2.559 2.158a1.433 1.433 0 0 0 .151 1.484z\" class=\"msportalfx-svg-c01\"></path></g></svg></div>",
"title": "",
"subtitle": ""
}
}
}
}
}
}
}
}
}
}
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку