1572 строки
55 KiB
JSON
1572 строки
55 KiB
JSON
{
|
|
"name": "VMInsightsDashboard_{Workspace_Name}",
|
|
"type": "Microsoft.Portal/dashboards",
|
|
"location": "{Dashboard_Location}",
|
|
"tags": {
|
|
"dashboardKey": "VMInsightsDashboard",
|
|
"hidden-title": "VMInsightsDashboard - {Workspace_Name}",
|
|
"version": "1.1",
|
|
"workspaceName": "{Workspace_Name}"
|
|
},
|
|
"properties": {
|
|
"lenses": {
|
|
"0": {
|
|
"order": 0,
|
|
"parts": {
|
|
"0": {
|
|
"position": {
|
|
"x": 1,
|
|
"y": 0,
|
|
"colSpan": 24,
|
|
"rowSpan": 1
|
|
},
|
|
"metadata": {
|
|
"inputs": [],
|
|
"type": "Extension/HubsExtension/PartType/MarkdownPart",
|
|
"settings": {
|
|
"content": {
|
|
"settings": {
|
|
"content": "<div style=\"font-size:300%;\">Infrastructure insights</div>",
|
|
"title": "",
|
|
"subtitle": ""
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"1": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 1,
|
|
"colSpan": 12,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| summarize TotalBytesSent = sum(BytesSent) by Computer, TimeGenerated\r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "TotalBytesSent",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "Computer",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "bca439b5-1241-4ec8-b507-945f1b891713"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Bytes sent, by computer",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"2": {
|
|
"position": {
|
|
"x": 12,
|
|
"y": 1,
|
|
"colSpan": 6,
|
|
"rowSpan": 8
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| summarize Total_Traffic = sum(BytesSent) + sum(BytesReceived), TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by Computer | sort by Total_Traffic desc | project-away Total_Traffic \r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "1c263215-31f9-4f6c-b165-d04ad1f0cfd5"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Top communicating computers",
|
|
"PartSubTitle": " ",
|
|
"GridColumnsWidth": {
|
|
"Computer": "184px",
|
|
"TotalBytesSent": "125px",
|
|
"TotalBytesReceived": "183px"
|
|
}
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"3": {
|
|
"position": {
|
|
"x": 18,
|
|
"y": 1,
|
|
"colSpan": 7,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "ServiceMapComputer_CL\r\n| summarize by Computer, Region = iff(HostingProvider_s == \"azure\", AzureLocation_s, \"non-azure\")\r\n| project Region \r\n| summarize count() by Region\r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "Region",
|
|
"type": "String"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "0390dcac-6452-4a01-9de8-503dcc51bb32"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsDonut"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Computers, by region",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"4": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 5,
|
|
"colSpan": 12,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| summarize TotalBytesReceived = sum(BytesReceived) by Computer, TimeGenerated\r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "TimeGenerated",
|
|
"type": "DateTime"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "TotalBytesReceived",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [
|
|
{
|
|
"name": "Computer",
|
|
"type": "String"
|
|
}
|
|
],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "37e714db-ff06-42bf-920f-e8b8064ab9e7"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Line"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Bytes received, by computer",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"5": {
|
|
"position": {
|
|
"x": 18,
|
|
"y": 5,
|
|
"colSpan": 7,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "ServiceMapComputer_CL\r\n| where HostingProvider_s == \"azure\"\r\n| summarize by AzureResourceID = AzureResourceId_s\r\n| project Subscription = split(AzureResourceID, \"/\")[2]\r\n| summarize count() by tostring(Subscription)\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "Subscription",
|
|
"type": "String"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "count_",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "19c9a3f5-0c8c-475e-afc2-3e8136a33e41"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsDonut"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Computers, by subscription",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"6": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 9,
|
|
"colSpan": 18,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "ServiceMapComputer_CL\r\n| where HostingProvider_s == \"azure\"\r\n| summarize by Computer, Region = AzureLocation_s, IPv4Addresses = Ipv4Addresses_s, IPv6Addresses = Ipv6Addresses_s, AzureResourceID = AzureResourceId_s\r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "aca4fd76-0098-4529-a699-33b0af35064f"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Azure computers",
|
|
"PartSubTitle": " ",
|
|
"GridColumnsWidth": {
|
|
"Computer": "313px",
|
|
"Region": "198px",
|
|
"IPv4Addresses": "271px",
|
|
"IPv6Addresses": "317px",
|
|
"AzureResourceID": "423px"
|
|
}
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"7": {
|
|
"position": {
|
|
"x": 18,
|
|
"y": 9,
|
|
"colSpan": 7,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "ServiceMapComputer_CL\r\n| where HostingProvider_s != \"azure\"\r\n| summarize by Computer, IPv4Addresses = Ipv4Addresses_s, IPv6Addresses = Ipv6Addresses_s\r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "dcbc07cd-edca-4690-b148-5b984e58b3f1"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Non-Azure computers",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"8": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 13,
|
|
"colSpan": 25,
|
|
"rowSpan": 1
|
|
},
|
|
"metadata": {
|
|
"inputs": [],
|
|
"type": "Extension/HubsExtension/PartType/MarkdownPart",
|
|
"settings": {
|
|
"content": {
|
|
"settings": {
|
|
"content": "<div style=\"font-size:300%;\">Malicious actors</div>",
|
|
"title": "",
|
|
"subtitle": ""
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"9": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 14,
|
|
"colSpan": 9,
|
|
"rowSpan": 5
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesCommunicated = sum(BytesSent) + sum(BytesReceived), TotalSent = sum(BytesSent), TotalReceived = sum(BytesReceived) by MaliciousIP = strcat(MaliciousIp, ' (', RemoteCountry, ')') | sort by TotalBytesCommunicated desc\r\n| where TotalBytesCommunicated > 0 \r\n| project-away TotalBytesCommunicated\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "MaliciousIP",
|
|
"type": "String"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "TotalSent",
|
|
"type": "Int64"
|
|
},
|
|
{
|
|
"name": "TotalReceived",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "ce20f3cb-22aa-49e2-bd99-076df71b0ef4"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Bar"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"10": {
|
|
"position": {
|
|
"x": 9,
|
|
"y": 14,
|
|
"colSpan": 5,
|
|
"rowSpan": 5
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalTraffic = sum(BytesSent) + sum(BytesReceived) by Country = RemoteCountry | sort by TotalTraffic desc\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "Country",
|
|
"type": "String"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "TotalTraffic",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "fb1f7b11-e884-4ed6-8934-b0c93b1ceb64"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsDonut"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Malicious traffic, by country",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"11": {
|
|
"position": {
|
|
"x": 14,
|
|
"y": 14,
|
|
"colSpan": 5,
|
|
"rowSpan": 5
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalTraffic = sum(BytesSent) + sum(BytesReceived) by IndicatorThreatType | sort by TotalTraffic desc \r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "IndicatorThreatType",
|
|
"type": "String"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "TotalTraffic",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "bd6654cd-7dc0-494c-ae41-6ab279d8859a"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsDonut"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Malicious traffic, by threat types",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"12": {
|
|
"position": {
|
|
"x": 19,
|
|
"y": 14,
|
|
"colSpan": 6,
|
|
"rowSpan": 5
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by MaliciousIP = strcat(MaliciousIp, ' (', RemoteCountry, ')') | sort by TotalBytesReceived desc \r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "d5081c5b-fcf9-4840-868d-ccea7a6bcd54"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Malicious IP addresses",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"13": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 19,
|
|
"colSpan": 25,
|
|
"rowSpan": 1
|
|
},
|
|
"metadata": {
|
|
"inputs": [],
|
|
"type": "Extension/HubsExtension/PartType/MarkdownPart",
|
|
"settings": {
|
|
"content": {
|
|
"settings": {
|
|
"content": "<div style=\"font-size:300%;\">Attacked resources</div>",
|
|
"title": "",
|
|
"subtitle": ""
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"14": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 20,
|
|
"colSpan": 10,
|
|
"rowSpan": 5
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by Computer | sort by TotalBytesReceived desc \r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "Computer",
|
|
"type": "String"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "TotalBytesSent",
|
|
"type": "Int64"
|
|
},
|
|
{
|
|
"name": "TotalBytesReceived",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "5eeda570-c912-40f9-a5fc-9d642f9983a4"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Bar"
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Most attacked computers",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"15": {
|
|
"position": {
|
|
"x": 10,
|
|
"y": 20,
|
|
"colSpan": 6,
|
|
"rowSpan": 5
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by Computer | sort by TotalBytesReceived desc \r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "2059ad02-ed77-46e8-8cc0-0019e188285d"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Most attacked computers",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"16": {
|
|
"position": {
|
|
"x": 16,
|
|
"y": 20,
|
|
"colSpan": 9,
|
|
"rowSpan": 5
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by ProcessName, DestinationPort, Protocol | sort by TotalBytesReceived desc \r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "6b5cd20e-6bb6-4bc0-b423-3813197f8c9a"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Most attacked processes",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"17": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 25,
|
|
"colSpan": 6,
|
|
"rowSpan": 6
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalTraffic = sum(BytesSent) + sum(BytesReceived) by Target = strcat (Computer, '/', ProcessName, '/', DestinationIp, '/', DestinationPort) | sort by TotalTraffic desc \r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "Target",
|
|
"type": "String"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "TotalTraffic",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "95103663-2a3e-45bc-817b-260364eb998e"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsDonut"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Attack targets, by computer, process, IP address, and port",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"18": {
|
|
"position": {
|
|
"x": 6,
|
|
"y": 25,
|
|
"colSpan": 5,
|
|
"rowSpan": 6
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by Process = strcat (ProcessName, ' (', DestinationPort, ',', Protocol, ')') | sort by TotalBytesReceived desc \r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "Process",
|
|
"type": "String"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "TotalBytesSent",
|
|
"type": "Int64"
|
|
}
|
|
],
|
|
"splitBy": [],
|
|
"aggregation": "Sum"
|
|
}
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "e8544b5c-7c62-4d05-b013-a7a7cecac428"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsDonut"
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Most attacked processes",
|
|
"PartSubTitle": " "
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"19": {
|
|
"position": {
|
|
"x": 11,
|
|
"y": 25,
|
|
"colSpan": 14,
|
|
"rowSpan": 6
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_Id}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalinsights/workspaces/{Workspace_Name}"
|
|
}
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "VMConnection \r\n| where Type == \"VMConnection\"\r\n| where isnotempty(MaliciousIp)\r\n| where Direction == \"inbound\"\r\n| summarize TotalBytesSent = sum(BytesSent), TotalBytesReceived = sum(BytesReceived) by Computer, ProcessName, DestinationIp, DestinationPort | sort by TotalBytesReceived desc \r\n"
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D"
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0"
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/VMInsightsDashboard_{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "b062ea69-11df-496b-a5bd-bd752b73e3e5"
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics"
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace"
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid"
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Attack targets",
|
|
"PartSubTitle": " ",
|
|
"GridColumnsWidth": {
|
|
"Computer": "224px",
|
|
"ProcessName": "169px",
|
|
"DestinationIp": "202px",
|
|
"DestinationPort": "202px",
|
|
"TotalBytesSent": "202px",
|
|
"TotalBytesReceived": "202px"
|
|
}
|
|
}
|
|
},
|
|
"asset": {
|
|
"idInputName": "ComponentId",
|
|
"type": "ApplicationInsights"
|
|
}
|
|
}
|
|
},
|
|
"20": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 0,
|
|
"colSpan": 1,
|
|
"rowSpan": 1
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "subscriptionId",
|
|
"value": "{Subscription_Id}"
|
|
},
|
|
{
|
|
"name": "resourceGroup",
|
|
"value": "{Resource_Group}"
|
|
},
|
|
{
|
|
"name": "workspaceName",
|
|
"value": "{Workspace_Name}"
|
|
},
|
|
{
|
|
"name": "dashboardName",
|
|
"value": "VMInsightsDashboard"
|
|
},
|
|
{
|
|
"name": "menuItemToOpen",
|
|
"value": "Dashboards"
|
|
}
|
|
],
|
|
"type": "Extension/Microsoft_Azure_Security_Insights/PartType/AsiOverviewPart",
|
|
"defaultMenuItemId": "0"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} |