186 строки
7.6 KiB
JSON
186 строки
7.6 KiB
JSON
{
|
|
"version": "Notebook/1.0",
|
|
"items": [
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "## Cyberpion Action Items"
|
|
},
|
|
"name": "text - 2"
|
|
},
|
|
{
|
|
"type": 12,
|
|
"content": {
|
|
"version": "NotebookGroup/1.0",
|
|
"groupType": "editable",
|
|
"title": "Current Open Action Items",
|
|
"expandable": true,
|
|
"expanded": true,
|
|
"items": [
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let lookbackTime = 14d;\nlet bucketTimeSpan = 1h;\nlet maxTimeGeneratedBucket = toscalar(CyberpionActionItems_CL | where TimeGenerated > ago(lookbackTime)| summarize max(bin(TimeGenerated, bucketTimeSpan)));\nCyberpionActionItems_CL\n | where TimeGenerated > ago(lookbackTime) and is_open_b == true\n | extend TimeGeneratedBucket = bin(TimeGenerated, bucketTimeSpan)\n | where TimeGeneratedBucket == maxTimeGeneratedBucket\n | summarize count() by Category\n | render barchart\n\n",
|
|
"size": 0,
|
|
"title": "Action Items by Category",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"name": "action-items-by-category"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let lookbackTime = 14d;\nlet bucketTimeSpan = 1h;\nlet maxTimeGeneratedBucket = toscalar(CyberpionActionItems_CL | where TimeGenerated > ago(lookbackTime)| summarize max(bin(TimeGenerated, bucketTimeSpan)));\nCyberpionActionItems_CL\n | where TimeGenerated > ago(lookbackTime) and is_open_b == true\n | extend TimeGeneratedBucket = bin(TimeGenerated, bucketTimeSpan)\n | where TimeGeneratedBucket == maxTimeGeneratedBucket\n | summarize count() by solution_s\n | render piechart",
|
|
"size": 0,
|
|
"title": "Most Common Solutions",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "most-common-solution"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let lookbackTime = 14d;\nlet bucketTimeSpan = 1h;\nlet maxTimeGeneratedBucket = toscalar(CyberpionActionItems_CL | where TimeGenerated > ago(lookbackTime)| summarize max(bin(TimeGenerated, bucketTimeSpan)));\nCyberpionActionItems_CL\n | where TimeGenerated > ago(lookbackTime) and is_open_b == true\n | extend TimeGeneratedBucket = bin(TimeGenerated, bucketTimeSpan)\n | where TimeGeneratedBucket == maxTimeGeneratedBucket\n | extend Urgency = bin(urgency_d, 1)\n | summarize count() by Urgency\n | join kind=rightouter (range Urgency from 1.0 to 10.0 step 1) on Urgency\n | project Urgency = Urgency1, Count = iff(isnotempty(count_), count_, 0)\n | sort by Urgency asc\n | extend Urgency = tostring(Urgency)\n | render barchart\n\n",
|
|
"size": 0,
|
|
"title": "Action Items Count by Urgency",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "categoricalbar",
|
|
"chartSettings": {
|
|
"group": null,
|
|
"createOtherGroup": 0,
|
|
"xSettings": {
|
|
"numberFormatSettings": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true
|
|
}
|
|
}
|
|
},
|
|
"ySettings": {
|
|
"numberFormatSettings": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"customWidth": "50",
|
|
"name": "open-ai-urgency-bars"
|
|
}
|
|
]
|
|
},
|
|
"name": "current-ais"
|
|
},
|
|
{
|
|
"type": 12,
|
|
"content": {
|
|
"version": "NotebookGroup/1.0",
|
|
"groupType": "editable",
|
|
"title": "Historical Info",
|
|
"expandable": true,
|
|
"expanded": true,
|
|
"items": [
|
|
{
|
|
"type": 9,
|
|
"content": {
|
|
"version": "KqlParameterItem/1.0",
|
|
"parameters": [
|
|
{
|
|
"id": "e8bb48b6-6706-48bd-b8a1-94de288bcb4c",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "TimeRange",
|
|
"type": 4,
|
|
"isRequired": true,
|
|
"value": {
|
|
"durationMs": 604800000
|
|
},
|
|
"typeSettings": {
|
|
"selectableValues": [
|
|
{
|
|
"durationMs": 1800000
|
|
},
|
|
{
|
|
"durationMs": 3600000
|
|
},
|
|
{
|
|
"durationMs": 14400000
|
|
},
|
|
{
|
|
"durationMs": 43200000
|
|
},
|
|
{
|
|
"durationMs": 86400000
|
|
},
|
|
{
|
|
"durationMs": 172800000
|
|
},
|
|
{
|
|
"durationMs": 259200000
|
|
},
|
|
{
|
|
"durationMs": 604800000
|
|
},
|
|
{
|
|
"durationMs": 1209600000
|
|
},
|
|
{
|
|
"durationMs": 2419200000
|
|
},
|
|
{
|
|
"durationMs": 2592000000
|
|
},
|
|
{
|
|
"durationMs": 5184000000
|
|
},
|
|
{
|
|
"durationMs": 7776000000
|
|
}
|
|
],
|
|
"allowCustom": true
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
}
|
|
}
|
|
],
|
|
"style": "pills",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"name": "parameters - 1"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let lookbackTime = now(-{TimeRange:seconds}s);\nlet bucketTimeSpan = 1h;\nCyberpionActionItems_CL\n | where TimeGenerated > lookbackTime and is_open_b == true\n | project id_s, TimeGenerated\n | make-series count() default=long(null) on TimeGenerated from bin(lookbackTime, bucketTimeSpan) to now() step bucketTimeSpan\n | extend open_action_items=series_fill_forward(count_, long(null))\n | project TimeGenerated, open_action_items\n | mv-expand TimeGenerated to typeof(datetime), open_action_items to typeof(int)\n | where isnotnull(open_action_items)\n | render timechart",
|
|
"size": 0,
|
|
"aggregation": 5,
|
|
"title": "Open Action Items over time",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"sortBy": []
|
|
},
|
|
"name": "action-items-over-time"
|
|
}
|
|
]
|
|
},
|
|
"name": "historical-data"
|
|
}
|
|
],
|
|
"fallbackResourceIds": [],
|
|
"fromTemplateId": "sentinel-CyberpionOverviewWorkbook",
|
|
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
|
|
}
|