Azure-Sentinel/Workbooks/WizFindings.json

{
  "version": "Notebook/1.0",
  "items": [
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizIssues_CL \n| summarize count() by TimeGenerated ",
        "title" : "Issues over time",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "linechart"
      },
      "name": "Issues over time"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizVulnerabilities_CL \n| summarize count() by TimeGenerated ",
        "title" : "Vulnerabilities over time",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "linechart"
      },
      "name": "Vulnerabilities over time"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizAuditLogs_CL \n| summarize count() by TimeGenerated ",
        "title" : "Audit Logs over time",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "linechart"
      },
      "name": "Audit Logs over time"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizIssues_CL \n| summarize arg_max(TimeGenerated, *) by id_g\n| summarize count() by severity_s \n",
        "title" : "Issues by severity",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Issues by severity"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizIssues_CL \n| summarize arg_max(TimeGenerated, *) by id_g\n| summarize count() by status_s \n",
        "title" : "Issues by status",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Issues by status"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizIssues_CL \n| summarize arg_max(TimeGenerated, *) by id_g\n| summarize count() by entitySnapshot_cloudPlatform_s \n",
        "title" : "Issues by cloud platform",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Issues by cloud platform"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizIssues_CL \n| summarize arg_max(TimeGenerated, *) by id_g\n| summarize count() by entitySnapshot_type_s \n",
        "title" : "Issues by entity type",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Issues by entity type"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizAuditLogs_CL \n| summarize arg_max(TimeGenerated, *) by id_g\n| summarize count() by status_s \n",
        "title" : "Audit Logs by status",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Audit Logs by status"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizAuditLogs_CL \n| summarize arg_max(TimeGenerated, *) by id_g\n| summarize count() by action_s \n",
        "title" : "Audit Logs by actions",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Audit Logs by actions"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizVulnerabilities_CL \n| summarize arg_max(TimeGenerated, *) by id_g\n| summarize count() by vulnerableAsset_type_s \n",
        "title" : "Vulnerabilities by Asset Type",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Vulnerabilities by Asset Type"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizVulnerabilities_CL \n| summarize arg_max(TimeGenerated, *) by id_g\n| summarize count() by vendorSeverity_s \n",
        "title" : "Vulnerabilities by Vendor Severity",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Vulnerabilities by Vendor Severity"
    },
    {
      "type": 3,
      "content": {
        "version": "KqlItem/1.0",
        "query": "WizVulnerabilities_CL \n| summarize arg_max(TimeGenerated, *) by id_g\n| summarize count() by detectionMethod_s \n",
        "title" : "Vulnerabilities by Detection Method",
        "size": 3,
        "queryType": 0,
        "resourceType": "microsoft.operationalinsights/workspaces",
        "visualization": "piechart"
      },
      "customWidth": "33",
      "name": "Vulnerabilities by Detection Method"
    }
  ],
  "fromTemplateId": "sentinel-Alerts overview",
  "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
}