571 строка
20 KiB
JSON
571 строка
20 KiB
JSON
{
|
|
"properties": {
|
|
"lenses": {
|
|
"0": {
|
|
"order": 0,
|
|
"parts": {
|
|
"0": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 0,
|
|
"colSpan": 2,
|
|
"rowSpan": 1
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "{Subscription_ID}",
|
|
"ResourceGroup": "{Resource_Group}",
|
|
"Name": "{Workspace_Name}",
|
|
"LinkedApplicationType": 2,
|
|
"ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.operationalinsights/workspaces/thycotic02",
|
|
"ResourceType": "microsoft.operationalinsights/workspaces",
|
|
"IsAzureFirst": false
|
|
}
|
|
},
|
|
{
|
|
"name": "ResourceIds",
|
|
"value": [
|
|
"/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.operationalinsights/workspaces/thycotic02"
|
|
],
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Type",
|
|
"value": "sentinel",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "TimeContext",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "ConfigurationId",
|
|
"value": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.insights/workbooks/27acb77c-c5fb-4b01-9734-6ae39c497028",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "ViewerMode",
|
|
"value": false,
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "GalleryResourceType",
|
|
"value": "Sentinel",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "NotebookParams",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Location",
|
|
"value": "eastus",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/NotebookPinnedPart",
|
|
"viewState": {
|
|
"content": {
|
|
"configurationId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.insights/workbooks/27acb77c-c5fb-4b01-9734-6ae39c497028"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"1": {
|
|
"position": {
|
|
"x": 2,
|
|
"y": 0,
|
|
"colSpan": 19,
|
|
"rowSpan": 1
|
|
},
|
|
"metadata": {
|
|
"inputs": [],
|
|
"type": "Extension/HubsExtension/PartType/MarkdownPart",
|
|
"settings": {
|
|
"content": {
|
|
"settings": {
|
|
"content": "",
|
|
"title": "Thycotic Dashboard",
|
|
"subtitle": "Thycotic Dashboard",
|
|
"markdownSource": 1
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"2": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 1,
|
|
"colSpan": 6,
|
|
"rowSpan": 9
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "80e05ab0-5906-45a8-98ff-c9520c4b418b",
|
|
"ResourceGroup": "thycotic",
|
|
"Name": "thycotic02",
|
|
"ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.operationalinsights/workspaces/thycotic02"
|
|
},
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"value": {
|
|
"xAxis": {
|
|
"name": "Activity",
|
|
"type": "string"
|
|
},
|
|
"yAxis": [
|
|
{
|
|
"name": "countRecord",
|
|
"type": "long"
|
|
}
|
|
],
|
|
"splitBy": [],
|
|
"aggregation": "Sum"
|
|
},
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "CommonSecurityLog\n| where LogSeverity == 2\n| summarize countRecord = count() by Activity\n| order by countRecord\n| take 10\n| project Activity, countRecord\n| render columnchart\n",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "thycotic02",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "72e66bad-16a3-4f42-a50c-a1c8d207833d",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P7D",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsChart",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"value": "Bar",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Recent activity",
|
|
"PartSubTitle": "More used operations",
|
|
"Query": "CommonSecurityLog\n| where LogSeverity == 2\n| summarize countRecord = count() by Activity\n| order by countRecord\n| take 5\n| project Activity, countRecord\n| render columnchart\n",
|
|
"ControlType": "FrameControlChart",
|
|
"SpecificChart": "Bar"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"3": {
|
|
"position": {
|
|
"x": 6,
|
|
"y": 1,
|
|
"colSpan": 11,
|
|
"rowSpan": 5
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "80e05ab0-5906-45a8-98ff-c9520c4b418b",
|
|
"ResourceGroup": "thycotic",
|
|
"Name": "thycotic02",
|
|
"ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.operationalinsights/workspaces/thycotic02"
|
|
},
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "CommonSecurityLog\n| where LogSeverity == 2\n| where FileType == \"Secret\"\n| extend SecretName = FileName\n| summarize countRecord = count(), lastDate = arg_max(TimeGenerated, *) by FileName\n| order by countRecord\n| project SecretName, countRecord, lastDate\n",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "thycotic02",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "684b8773-9d10-4767-810e-3a714b10806c",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Recent secrets",
|
|
"PartSubTitle": "Most used secrets",
|
|
"Query": "CommonSecurityLog\n| where LogSeverity == 2\n| where FileType == \"Secret\"\n| extend SecretName = FileName\n| summarize countRecord = count(), lastDate = arg_max(TimeGenerated, *) by FileName\n| order by countRecord\n| project SecretName, Count = countRecord,LastDate = lastDate\n"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"4": {
|
|
"position": {
|
|
"x": 17,
|
|
"y": 1,
|
|
"colSpan": 4,
|
|
"rowSpan": 9
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "80e05ab0-5906-45a8-98ff-c9520c4b418b",
|
|
"ResourceGroup": "thycotic",
|
|
"Name": "thycotic02",
|
|
"ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourcegroups/thycotic/providers/microsoft.operationalinsights/workspaces/thycotic02"
|
|
},
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "CommonSecurityLog\n| where LogSeverity == 2\n| where TimeGenerated > ago(1d)\n| summarize count() by Activity, FileName\n| where Activity == \"SECRET - EXPIREDTODAY\"\n| project SecretName = FileName\n",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "thycotic02",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "1559840a-5e39-455a-a89d-bf59cf14676d",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Expired secrets today",
|
|
"PartSubTitle": "Expired secrets"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"5": {
|
|
"position": {
|
|
"x": 6,
|
|
"y": 6,
|
|
"colSpan": 11,
|
|
"rowSpan": 4
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "80e05ab0-5906-45a8-98ff-c9520c4b418b",
|
|
"ResourceGroup": "thycotic",
|
|
"Name": "thycotic02",
|
|
"ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourceGroups/thycotic/providers/Microsoft.OperationalInsights/workspaces/thycotic02"
|
|
},
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "CommonSecurityLog\r\n| where TimeGenerated >= ago(10d)\r\n| where DeviceVendor == 'Thycotic Software' \r\n| where Message contains 'Login Failure'\r\n| parse Message with 'Login Failure - ' ErrorDetails\r\n| extend Application = 'Secret Server'\r\n| where DeviceEventClassID == '500'\r\n| summarize Login_Failures=count(), First=min(TimeGenerated), Last=max(TimeGenerated) by Application, ErrorDetails\r\n| sort by Login_Failures desc\r\n| where Login_Failures >= 5\r\n| extend AccountCustomEntity = ErrorDetails\r\n",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "thycotic02",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "11de89b3-92bf-4008-a195-bfb27e2abef3",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {
|
|
"content": {
|
|
"PartTitle": "Login Failure",
|
|
"PartSubTitle": "Login Failure",
|
|
"Query": "CommonSecurityLog\n| where TimeGenerated >= ago(1d)\n| where DeviceVendor == 'Thycotic Software' \n| where Message contains 'Login Failure'\n| parse Message with 'Login Failure - ' ErrorDetails\n| extend Application = 'Secret Server'\n| where DeviceEventClassID == '500'\n| summarize Login_Failures=count(), First=min(TimeGenerated), Last=max(TimeGenerated) by Application, ErrorDetails\n| sort by Login_Failures desc\n| where Login_Failures >= 5\n| extend AccountCustomEntity = ErrorDetails\n"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"6": {
|
|
"position": {
|
|
"x": 0,
|
|
"y": 10,
|
|
"colSpan": 21,
|
|
"rowSpan": 5
|
|
},
|
|
"metadata": {
|
|
"inputs": [
|
|
{
|
|
"name": "ComponentId",
|
|
"value": {
|
|
"SubscriptionId": "80e05ab0-5906-45a8-98ff-c9520c4b418b",
|
|
"ResourceGroup": "thycotic",
|
|
"Name": "thycotic02",
|
|
"ResourceId": "/subscriptions/80e05ab0-5906-45a8-98ff-c9520c4b418b/resourceGroups/thycotic/providers/Microsoft.OperationalInsights/workspaces/thycotic02"
|
|
},
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Dimensions",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Query",
|
|
"value": "CommonSecurityLog\r\n| project TimeGenerated,LogSeverity, Message, SourceIP, Activity, DestinationUserID, FileID,FileType,FileName,SourceUserID,SourceUserName, DeviceCustomString4\n",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartTitle",
|
|
"value": "Analytics",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartSubTitle",
|
|
"value": "thycotic02",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "PartId",
|
|
"value": "1235b776-14b3-46cb-8f81-0f8734fa14c0",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "Version",
|
|
"value": "1.0",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "resourceTypeMode",
|
|
"value": "workspace",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "TimeRange",
|
|
"value": "P1D",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "DashboardId",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "ControlType",
|
|
"value": "AnalyticsGrid",
|
|
"isOptional": true
|
|
},
|
|
{
|
|
"name": "SpecificChart",
|
|
"isOptional": true
|
|
}
|
|
],
|
|
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
|
|
"settings": {}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"metadata": {
|
|
"model": {
|
|
"timeRange": {
|
|
"value": {
|
|
"relative": {
|
|
"duration": 24,
|
|
"timeUnit": 1
|
|
}
|
|
},
|
|
"type": "MsPortalFx.Composition.Configuration.ValueTypes.TimeRange"
|
|
},
|
|
"filterLocale": {
|
|
"value": "en-us"
|
|
},
|
|
"filters": {
|
|
"value": {
|
|
"MsPortalFx_TimeRange": {
|
|
"model": {
|
|
"format": "utc",
|
|
"granularity": "auto",
|
|
"relative": "30d"
|
|
},
|
|
"displayCache": {
|
|
"name": "UTC Time",
|
|
"value": "Past 30 days"
|
|
},
|
|
"filteredPartIds": [
|
|
"StartboardPart-AnalyticsPart-6e2f774f-9aaf-42a8-9a7e-2ef2473bf1c1",
|
|
"StartboardPart-AnalyticsPart-6e2f774f-9aaf-42a8-9a7e-2ef2473bf1c3",
|
|
"StartboardPart-AnalyticsPart-6e2f774f-9aaf-42a8-9a7e-2ef2473bf1c5",
|
|
"StartboardPart-AnalyticsPart-6e2f774f-9aaf-42a8-9a7e-2ef2473bf1c7",
|
|
"StartboardPart-AnalyticsPart-6e2f774f-9aaf-42a8-9a7e-2ef2473bf1c9"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"name": "Thycotic Dashboard",
|
|
"type": "Microsoft.Portal/dashboards",
|
|
"location": "INSERT LOCATION",
|
|
"tags": {
|
|
"hidden-title": "Thycotic Dashboard"
|
|
},
|
|
"apiVersion": "2015-08-01-preview"
|
|
} |