1503 строки
58 KiB
JSON
1503 строки
58 KiB
JSON
{
|
|
"version": "Notebook/1.0",
|
|
"items": [
|
|
{
|
|
"type": 9,
|
|
"content": {
|
|
"version": "KqlParameterItem/1.0",
|
|
"parameters": [
|
|
{
|
|
"id": "96f40e28-0b8a-4121-8dda-d32d8a37feb8",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "Time",
|
|
"type": 4,
|
|
"isRequired": true,
|
|
"value": {
|
|
"durationMs": 2592000000
|
|
},
|
|
"typeSettings": {
|
|
"selectableValues": [
|
|
{
|
|
"durationMs": 86400000
|
|
},
|
|
{
|
|
"durationMs": 604800000
|
|
},
|
|
{
|
|
"durationMs": 2592000000
|
|
}
|
|
]
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 86400000
|
|
}
|
|
},
|
|
{
|
|
"id": "a5b9cb0c-6219-4782-a10d-1370a8a6edb4",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "PurviewAccount",
|
|
"label": "Purview Account",
|
|
"type": 2,
|
|
"isRequired": true,
|
|
"multiSelect": true,
|
|
"quote": "'",
|
|
"delimiter": ",",
|
|
"query": "PurviewDataSensitivityLogs\r\n|distinct PurviewAccountName",
|
|
"typeSettings": {
|
|
"additionalResourceOptions": [
|
|
"value::all"
|
|
],
|
|
"selectAllValue": "All",
|
|
"showDefault": false
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 2592000000
|
|
},
|
|
"defaultValue": "value::all",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"value": [
|
|
"value::all"
|
|
]
|
|
},
|
|
{
|
|
"id": "ea62a59c-3799-400d-a7af-f0ad14cc46c7",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "Collection",
|
|
"label": "Source Collection",
|
|
"type": 2,
|
|
"isRequired": true,
|
|
"isGlobal": true,
|
|
"multiSelect": true,
|
|
"quote": "'",
|
|
"delimiter": ",",
|
|
"query": "PurviewDataSensitivityLogs\r\n| where ActivityType == \"Classification\"\r\n| distinct SourceCollectionName \r\n| extend Collection = iff(SourceCollectionName == \"\",\"No Collection\", SourceCollectionName)\r\n| project Collection",
|
|
"value": [
|
|
"value::all"
|
|
],
|
|
"typeSettings": {
|
|
"additionalResourceOptions": [
|
|
"value::all"
|
|
],
|
|
"showDefault": false
|
|
},
|
|
"defaultValue": "value::all",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
{
|
|
"id": "817265c3-f308-44e0-a24c-33dac7ee2c91",
|
|
"version": "KqlParameterItem/1.0",
|
|
"name": "DataSource",
|
|
"label": "Resource Type",
|
|
"type": 2,
|
|
"isRequired": true,
|
|
"multiSelect": true,
|
|
"quote": "",
|
|
"delimiter": ",",
|
|
"query": "PurviewDataSensitivityLogs\r\n| where ActivityType == \"Classification\"\r\n| distinct SourceType ",
|
|
"value": [
|
|
"value::all"
|
|
],
|
|
"typeSettings": {
|
|
"additionalResourceOptions": [
|
|
"value::all"
|
|
],
|
|
"showDefault": false
|
|
},
|
|
"timeContext": {
|
|
"durationMs": 2592000000
|
|
},
|
|
"defaultValue": "value::all",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
}
|
|
],
|
|
"style": "pills",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces"
|
|
},
|
|
"name": "parameters - 0"
|
|
},
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "## Microsoft Purview"
|
|
},
|
|
"name": "text - 16"
|
|
},
|
|
{
|
|
"type": 11,
|
|
"content": {
|
|
"version": "LinkItem/1.0",
|
|
"style": "tabs",
|
|
"links": [
|
|
{
|
|
"id": "07aa10e3-7f8e-47d4-8193-4f09f0f2e51d",
|
|
"cellValue": "Tab",
|
|
"linkTarget": "parameter",
|
|
"linkLabel": "Overview",
|
|
"subTarget": "Resources",
|
|
"style": "link",
|
|
"linkIsContextBlade": true
|
|
},
|
|
{
|
|
"id": "4161ebed-a013-48be-a6f9-662d5214ad42",
|
|
"cellValue": "Tab",
|
|
"linkTarget": "parameter",
|
|
"linkLabel": "Classifications",
|
|
"subTarget": "Classification",
|
|
"preText": "Classifications",
|
|
"style": "link"
|
|
},
|
|
{
|
|
"id": "011fdcda-16fd-4e8f-9547-63b13486a8c3",
|
|
"cellValue": "Tab",
|
|
"linkTarget": "parameter",
|
|
"linkLabel": "Sensitivity Labels",
|
|
"subTarget": "Labels",
|
|
"style": "link"
|
|
}
|
|
]
|
|
},
|
|
"name": "links - 9"
|
|
},
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "__Azure Purview__\r\n\r\nAzure Purview is a unified data governance service that helps you manage and govern your on-prem, multicloud, and software-as-a-service (SaaS) data. It creates a holistic, up-to-date map of your data landscape with automated data discovery, sensitive data classification, and end-to-end data lineage that empowers you to find valuable and trustworthy data. <a href='https://azure.microsoft.com/services/purview/' target='_blank'>Learn More</a> \r\n\r\n",
|
|
"style": "info"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Resources"
|
|
},
|
|
"name": "text - 10 - Copy"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let NumberofSourcesByRegion = PurviewDataSensitivityLogs\r\n| where ActivityType == \"Classification\" \r\n| where SourceType contains \"Azure\"\r\n| where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n| where \"{DataSource:label}\" == \"All\" or SourceType in~ (split(\"{DataSource:label}\", \", \"))\r\n| extend CollectionName = iff(SourceCollectionName == \"\",\"No Collection\",SourceCollectionName)\r\n| where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n| distinct SourcePath, SourceRegion\r\n| summarize AssetCount = count() by SourceRegion;\r\nNumberofSourcesByRegion",
|
|
"size": 0,
|
|
"title": "Number of Azure Sources by Region",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "map",
|
|
"mapSettings": {
|
|
"locInfo": "AzureLoc",
|
|
"locInfoColumn": "SourceRegion",
|
|
"sizeSettings": "AssetCount",
|
|
"sizeAggregation": "Sum",
|
|
"legendMetric": "AssetCount",
|
|
"legendAggregation": "Sum",
|
|
"itemColorSettings": {
|
|
"nodeColorField": "AssetCount",
|
|
"colorAggregation": "Sum",
|
|
"type": "heatmap",
|
|
"heatmapPalette": "greenRed"
|
|
}
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Resources"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 2"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where ActivityType == \"Classification\" \r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\r\nlet AllAssets = MostRecentScanLogs\r\n | summarize AssetCount = count() by SourceType;\r\nlet ClassifiedAssets = MostRecentScanLogs\r\n | where Classification != \"[]\"\r\n | summarize AssetClassifiedCount = count() by SourceType;\r\nlet ClassifiedAssetsByResourceType = AllAssets\r\n | join kind= leftouter ClassifiedAssets on SourceType\r\n | extend AssetCount = strcat(AssetCount, \" assets found in total\")\r\n | project SourceType, AssetCount, AssetClassifiedCount;\r\nClassifiedAssetsByResourceType",
|
|
"size": 0,
|
|
"title": "Number of Classified Assets Found Based on Resource Type",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "tiles",
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "SourceType",
|
|
"formatter": 16,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "AssetClassifiedCount",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "auto"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"maximumFractionDigits": 2,
|
|
"maximumSignificantDigits": 3
|
|
},
|
|
"emptyValCustomText": "0"
|
|
}
|
|
},
|
|
"secondaryContent": {
|
|
"columnMatch": "AssetCount"
|
|
},
|
|
"showBorder": true
|
|
},
|
|
"mapSettings": {
|
|
"locInfo": "LatLong",
|
|
"sizeSettings": "AssetClassifiedCount",
|
|
"sizeAggregation": "Sum",
|
|
"legendMetric": "AssetClassifiedCount",
|
|
"legendAggregation": "Sum",
|
|
"itemColorSettings": {
|
|
"type": "heatmap",
|
|
"colorAggregation": "Sum",
|
|
"nodeColorField": "AssetClassifiedCount",
|
|
"heatmapPalette": "greenRed"
|
|
}
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Resources"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 25"
|
|
},
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "To use the Asset Drilldown view, select the row of the data source in the Sources table below to get a list of all assets scanned by Purview in that data source. Within the Assets Drilldown, click on the Asset Path hyperlink to view the Details pane. To view the data source within the Azure portal, click on the data source hyperlink in the Assets Drilldown table. ",
|
|
"style": "warning"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Resources"
|
|
},
|
|
"name": "text - 22"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where ActivityType == \"Classification\"\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName) \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\r\nlet AllAssets = MostRecentScanLogs\r\n| summarize AssetCount = count() by DataSource = SourcePath, SourceRegion, SourceType;\r\nlet ClassifiedAssets = MostRecentScanLogs\r\n| where Classification != \"[]\"\r\n| summarize AssetClassifiedCount = count() by DataSource = SourcePath, SourceRegion, SourceType;\r\nlet AssetsDrilldown = AllAssets\r\n| join kind= leftouter ClassifiedAssets on DataSource, SourceType\r\n| extend PathName = substring(DataSource, 1)\r\n| extend ClassifiedPercentage = round((100.0 * AssetClassifiedCount / AssetCount),1)\r\n| project DataSource, SourceRegion, SourceType, ClassifiedPercentage, AssetClassifiedCount, AssetCount, PathName;\r\nAssetsDrilldown\r\n\r\n\r\n",
|
|
"size": 0,
|
|
"showAnalytics": true,
|
|
"title": "Sources",
|
|
"timeContext": {
|
|
"durationMs": 2592000000
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"showRefreshButton": true,
|
|
"exportFieldName": "PathName",
|
|
"exportParameterName": "UserSelectedDataSource",
|
|
"exportDefaultValue": "All",
|
|
"showExportToExcel": true,
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "DataSource",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "25ch"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "ClassifiedPercentage",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "20ch"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 1,
|
|
"options": {
|
|
"style": "decimal",
|
|
"maximumFractionDigits": 1
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "AssetClassifiedCount",
|
|
"formatter": 2,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "20ch"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal"
|
|
},
|
|
"emptyValCustomText": "0"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "AssetCount",
|
|
"formatter": 2,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "20ch"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "PathName",
|
|
"formatter": 5
|
|
}
|
|
],
|
|
"filter": true,
|
|
"sortBy": [
|
|
{
|
|
"itemKey": "SourceType",
|
|
"sortOrder": 2
|
|
}
|
|
],
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "DataSource",
|
|
"label": "Data Source"
|
|
},
|
|
{
|
|
"columnId": "SourceRegion",
|
|
"label": "Source Region"
|
|
},
|
|
{
|
|
"columnId": "SourceType",
|
|
"label": "Source Type"
|
|
},
|
|
{
|
|
"columnId": "ClassifiedPercentage",
|
|
"label": "% Classified"
|
|
},
|
|
{
|
|
"columnId": "AssetClassifiedCount",
|
|
"label": "Classified Assets"
|
|
},
|
|
{
|
|
"columnId": "AssetCount",
|
|
"label": "Total Assets"
|
|
},
|
|
{
|
|
"columnId": "PathName",
|
|
"label": "Source Path"
|
|
}
|
|
]
|
|
},
|
|
"sortBy": [
|
|
{
|
|
"itemKey": "SourceType",
|
|
"sortOrder": 2
|
|
}
|
|
]
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Resources"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 8",
|
|
"styleSettings": {
|
|
"showBorder": true
|
|
}
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | where \"{UserSelectedDataSource:label}\" == \"All\" or (SourcePath contains \"{UserSelectedDataSource:label}\")\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType ;\r\nlet ClassificationCounts = MostRecentScanLogs\r\n | where ActivityType == \"Classification\"\r\n | mv-expand Classification\r\n | summarize ClassificationCount= count(todynamic(Classification)) by AssetPath\r\n | project ClassificationCount, AssetPath;\r\nlet ClassifiedAssetsWithCounts = MostRecentScanLogs\r\n | where ActivityType == \"Classification\"\r\n | join kind= leftouter ClassificationCounts on AssetPath\r\n | summarize arg_max(TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, Classification, ClassificationCount, ClassificationTrigger, ClassificationDetails, SourceScanId) by AssetPath ;\r\nlet LabeledAssets = MostRecentScanLogs\r\n | where ActivityType == \"Labeling\" \r\n | mv-expand SensitivityLabel to typeof(string)\r\n | where SensitivityLabel != int(null)\r\n | mv-expand SensitivityLabelDetails\r\n | summarize arg_max(SensitivityLabel, SourceType, SensitivityLabelTrigger, SensitivityLabelDetails) by AssetPath\r\n | project AssetPath, SensitivityLabel, SensitivityLabelTrigger, SensitivityLabelDetails;\r\nlet ClassificationCountWithSensitivityInformation = ClassifiedAssetsWithCounts\r\n | join kind= leftouter LabeledAssets on AssetPath\r\n | project\r\n TimeGenerated,\r\n PurviewTenantId,\r\n PurviewAccountName,\r\n PurviewRegion,\r\n AssetName,\r\n AssetPath,\r\n AssetType,\r\n AssetCreationTime,\r\n AssetModifiedTime,\r\n AssetLastScanTime,\r\n FileExtension,\r\n FileSize,\r\n ActivityType,\r\n ClassificationTrigger,\r\n Classification,\r\n ClassificationCount,\r\n ClassificationDetails,\r\n SensitivityLabelTrigger,\r\n SensitivityLabel,\r\n SensitivityLabelDetails,\r\n SourceName,\r\n SourceType,\r\n SourcePath,\r\n SourceSubscriptionId,\r\n SourceRegion,\r\n SourceCollectionName,\r\n SourceScanId\r\n | sort by ClassificationCount;\r\nClassificationCountWithSensitivityInformation",
|
|
"size": 0,
|
|
"showAnalytics": true,
|
|
"title": "Assets Drilldown",
|
|
"timeContext": {
|
|
"durationMs": 2592000000
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"showRefreshButton": true,
|
|
"showExportToExcel": true,
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "TimeGenerated",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "PurviewTenantId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "PurviewAccountName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "PurviewRegion",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetPath",
|
|
"formatter": 7,
|
|
"formatOptions": {
|
|
"linkTarget": "GenericDetails",
|
|
"linkIsContextBlade": true,
|
|
"customColumnWidthSetting": "60ch"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "AssetType",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetCreationTime",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetModifiedTime",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetLastScanTime",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "FileExtension",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "FileSize",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "ActivityType",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "Classification",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "ClassificationCount",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "blue"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal"
|
|
},
|
|
"emptyValCustomText": "0"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "ClassificationDetails",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelTrigger",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabel",
|
|
"formatter": 0,
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal"
|
|
},
|
|
"emptyValCustomText": "No Label"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelDetails",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceType",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourcePath",
|
|
"formatter": 13,
|
|
"formatOptions": {
|
|
"linkTarget": "Resource",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "SourceSubscriptionId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceRegion",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceCollectionName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceScanId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "PurviewSubscriptionId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceOwner",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetOwner",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "ClassificationActivityTrigger",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelActivityTrigger",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelGuid",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "UserId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "ActivityTrigger",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelName",
|
|
"formatter": 5,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "25ch"
|
|
}
|
|
}
|
|
],
|
|
"rowLimit": 1000,
|
|
"filter": true,
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "AssetPath",
|
|
"label": "Asset Path"
|
|
},
|
|
{
|
|
"columnId": "ClassificationCount",
|
|
"label": "Classifications"
|
|
},
|
|
{
|
|
"columnId": "SensitivityLabel",
|
|
"label": "Sensitivity Label"
|
|
},
|
|
{
|
|
"columnId": "SourcePath",
|
|
"label": "Data Source"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Resources"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 9",
|
|
"styleSettings": {
|
|
"showBorder": true
|
|
}
|
|
},
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "__Classifications__\r\n\r\nClassifications within Microsoft Purview display which sensitive information resides within your organization. A list of supported classifications can be found at <a href='https://docs.microsoft.com/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=o365-worldwide' target='_blank'>Sensitive Information Type Entity Definitions.</a> \r\n\r\n",
|
|
"style": "info"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Classification"
|
|
},
|
|
"name": "text - 10"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "PurviewDataSensitivityLogs\r\n| where ActivityType == \"Classification\"\r\n| where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n| where \"{DataSource:label}\" == \"All\" or SourceType in~ (split(\"{DataSource:label}\", \", \"))\r\n| extend CollectionName = iff(SourceCollectionName == \"\",\"No Collection\",SourceCollectionName)\r\n| where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n| where Classification != \"[]\"\r\n| summarize ClassifiedAssetCount = count() by DateClassified = bin(TimeGenerated, 1d), SourceType",
|
|
"size": 0,
|
|
"aggregation": 5,
|
|
"title": "Assets with Classifications",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "barchart"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Classification"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 21",
|
|
"styleSettings": {
|
|
"showBorder": true
|
|
}
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Classification\" \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\r\nlet ClassificationCountAdded = MostRecentScanLogs\r\n| mv-expand Classification\r\n| summarize ClassificationCount= count(todynamic(Classification)) by AssetPath; \r\nlet TopClassifiedAssets = MostRecentScanLogs | join ClassificationCountAdded on AssetPath \r\n| summarize arg_max(TimeGenerated, Classification, ClassificationCount, AssetName, AssetType, AssetPath, FileExtension, FileSize, SourceType, SourcePath) by AssetPath \r\n| project AssetPath, SourcePath, ClassificationCount\r\n| top 4 by ClassificationCount;\r\nTopClassifiedAssets",
|
|
"size": 0,
|
|
"title": "Top Assets with Classifications",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "tiles",
|
|
"tileSettings": {
|
|
"titleContent": {
|
|
"columnMatch": "SourcePath",
|
|
"formatter": 13,
|
|
"formatOptions": {
|
|
"showIcon": true
|
|
}
|
|
},
|
|
"subtitleContent": {
|
|
"columnMatch": "AssetPath"
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "ClassificationCount",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "auto"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"style": "decimal",
|
|
"maximumFractionDigits": 2,
|
|
"maximumSignificantDigits": 3
|
|
}
|
|
}
|
|
},
|
|
"showBorder": true,
|
|
"size": "full"
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Classification"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 19"
|
|
},
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "To use the Classifications Drilldown view, select a Classification in the Classifications table below to get a list all assets scanned by Purview with that classification. Within the Asset Level Drilldown, click on the Asset Path hyperlink to view the Details pane. To view the data source within the Azure portal, click on the data source hyperlink in the Asset Level Drilldown table.",
|
|
"style": "warning"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Classification"
|
|
},
|
|
"name": "text - 22 - Copy - Copy"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Classification\" \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\r\nlet Classifications = MostRecentScanLogs\r\n| summarize arg_max(TimeGenerated, Classification, FileSize, AssetType) by AssetPath \r\n| extend classifications = split(Classification, ',')\r\n| mv-expand classifications\r\n| extend Classification = trim(@\"[^\\w]+\", tostring(classifications))\r\n| where Classification != \"\"\r\n| summarize FileSize = round(sum(FileSize)/1000000,2), AssetCount = count() by Classification\r\n| project Classification, AssetCount, FileSize;\r\nClassifications\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n",
|
|
"size": 0,
|
|
"showAnalytics": true,
|
|
"title": "Classifications",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"showRefreshButton": true,
|
|
"exportFieldName": "Classification",
|
|
"exportParameterName": "UserSelectedClassification",
|
|
"exportDefaultValue": "All",
|
|
"showExportToExcel": true,
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "Classification",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "50ch"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal"
|
|
},
|
|
"emptyValCustomText": "No Classifications"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "AssetCount",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "blue",
|
|
"customColumnWidthSetting": "25ch"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "FileSize",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "blue",
|
|
"customColumnWidthSetting": "25ch"
|
|
}
|
|
}
|
|
],
|
|
"filter": true,
|
|
"sortBy": [
|
|
{
|
|
"itemKey": "$gen_bar_AssetCount_1",
|
|
"sortOrder": 2
|
|
}
|
|
],
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "AssetCount",
|
|
"label": "Classified Asset Count"
|
|
},
|
|
{
|
|
"columnId": "FileSize",
|
|
"label": "Total Size of Files (MB)"
|
|
}
|
|
]
|
|
},
|
|
"sortBy": [
|
|
{
|
|
"itemKey": "$gen_bar_AssetCount_1",
|
|
"sortOrder": 2
|
|
}
|
|
],
|
|
"tileSettings": {
|
|
"showBorder": false,
|
|
"titleContent": {
|
|
"columnMatch": "Classification",
|
|
"formatter": 1
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "Size",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "auto"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"maximumSignificantDigits": 3,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Classification"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 4 - Copy",
|
|
"styleSettings": {
|
|
"showBorder": true
|
|
}
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Classification\" \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\r\nlet ClassificationsDrilldown = MostRecentScanLogs\r\n| extend classifications = split(Classification, ',')\r\n| mv-expand classifications\r\n| extend SelectedClassification = trim(@\"[^\\w]+\", tostring(classifications))\r\n| where SelectedClassification != \"\"\r\n| where \"{UserSelectedClassification:label}\" == \"All\" or (split(\"{UserSelectedClassification:label}\", \", \") contains SelectedClassification)\r\n| summarize arg_max(TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, ClassificationTrigger, Classification, ClassificationDetails, SourceScanId) by AssetPath \r\n| project TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, ClassificationTrigger, Classification, ClassificationDetails, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, SourceScanId;\r\n\r\nClassificationsDrilldown\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n",
|
|
"size": 0,
|
|
"showAnalytics": true,
|
|
"title": "Classifications Drilldown- Asset Level",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"showRefreshButton": true,
|
|
"showExportToExcel": true,
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "TimeGenerated",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "PurviewTenantId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "PurviewAccountName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "PurviewRegion",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetPath",
|
|
"formatter": 7,
|
|
"formatOptions": {
|
|
"linkTarget": "GenericDetails",
|
|
"linkIsContextBlade": true,
|
|
"customColumnWidthSetting": "70ch"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "AssetType",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetCreationTime",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetModifiedTime",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetLastScanTime",
|
|
"formatter": 0,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "30ch"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "FileExtension",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "FileSize",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "ActivityType",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "Classification",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceType",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourcePath",
|
|
"formatter": 13,
|
|
"formatOptions": {
|
|
"linkTarget": "Resource",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "SourceSubscriptionId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceRegion",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceCollectionName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceScanId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "PurviewSubscriptionId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceOwner",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetOwner",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "ActivityTrigger",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelGuid",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "UserId",
|
|
"formatter": 5
|
|
}
|
|
],
|
|
"filter": true,
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "AssetPath",
|
|
"label": "Asset Path"
|
|
},
|
|
{
|
|
"columnId": "AssetLastScanTime",
|
|
"label": "Asset Last Scan Time"
|
|
},
|
|
{
|
|
"columnId": "SourcePath",
|
|
"label": "Data Source"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Classification"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 10",
|
|
"styleSettings": {
|
|
"showBorder": true
|
|
}
|
|
},
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "__Sensitivity Labels__\r\n\r\nSensitivity Labels let you classify your organization's data in order to highlight which resources contain sensitive information. Labels can be set up through Security and Compliance Center and applied in Microsoft Purview. <a href='https://docs.microsoft.com/azure/purview/create-sensitivity-label' target='_blank'>Learn More</a> ",
|
|
"style": "info"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Labels"
|
|
},
|
|
"name": "text - 12"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "PurviewDataSensitivityLogs\r\n| where ActivityType == \"Labeling\" \r\n| where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n| where \"{DataSource:label}\" == \"All\" or SourceType in~ (split(\"{DataSource:label}\", \", \"))\r\n| extend CollectionName = iff(SourceCollectionName == \"\",\"No Collection\",SourceCollectionName)\r\n| where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n| where SensitivityLabel != \"[]\"\r\n| summarize LabeledAssetCount = count() by DateClassified = bin(TimeGenerated, 1d), SourceType",
|
|
"size": 0,
|
|
"aggregation": 5,
|
|
"title": "Sensitivity Labeling Events",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "barchart"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Labels"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 21",
|
|
"styleSettings": {
|
|
"showBorder": true
|
|
}
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let LabelPercentage = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Labeling\" \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType\r\n | summarize LabelCount = count() by tostring(SensitivityLabel[0]), SourceType;\r\nLabelPercentage\r\n",
|
|
"size": 3,
|
|
"title": "Percentage of Labels Applied",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "piechart",
|
|
"tileSettings": {
|
|
"showBorder": false,
|
|
"titleContent": {
|
|
"columnMatch": "SensitivityLabelName_s",
|
|
"formatter": 1
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "LabelCount",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "auto"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"maximumSignificantDigits": 3,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"graphSettings": {
|
|
"type": 0,
|
|
"topContent": {
|
|
"columnMatch": "SensitivityLabelName_s",
|
|
"formatter": 1
|
|
},
|
|
"centerContent": {
|
|
"columnMatch": "LabelCount",
|
|
"formatter": 1,
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"maximumSignificantDigits": 3,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"chartSettings": {
|
|
"yAxis": [
|
|
"LabelCount"
|
|
],
|
|
"createOtherGroup": null,
|
|
"seriesLabelSettings": [
|
|
{
|
|
"seriesName": "",
|
|
"label": "No Label"
|
|
}
|
|
],
|
|
"ySettings": {
|
|
"numberFormatSettings": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal",
|
|
"useGrouping": true
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"mapSettings": {
|
|
"locInfo": "LatLong",
|
|
"sizeSettings": "LabelCount",
|
|
"sizeAggregation": "Sum",
|
|
"legendMetric": "LabelCount",
|
|
"legendAggregation": "Sum",
|
|
"itemColorSettings": {
|
|
"type": "heatmap",
|
|
"colorAggregation": "Sum",
|
|
"nodeColorField": "LabelCount",
|
|
"heatmapPalette": "greenRed"
|
|
}
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Labels"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 11",
|
|
"styleSettings": {
|
|
"padding": "20",
|
|
"showBorder": true
|
|
}
|
|
},
|
|
{
|
|
"type": 1,
|
|
"content": {
|
|
"json": "To use the Sensitivity Labels Drilldown view, select a Sensitivity Label in the table below to get a list all assets scanned by Purview with that label. Within the Asset Level Drilldown, click on the Asset Path hyperlink to view the Details pane.",
|
|
"style": "warning"
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Labels"
|
|
},
|
|
"name": "text - 22 - Copy"
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let SensitivityLabels = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Labeling\" \r\n | extend SensitivityLabel = iff(SensitivityLabel[0] == \"\", \"No Label\", SensitivityLabel[0])\r\n | extend Label = replace(@\"\\\\\", \"/\", SensitivityLabel)\r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType\r\n | summarize FileSize = round(sum(FileSize)/1000000,2), AssetCount = count() by SensitivityLabel, Label\r\n | project SensitivityLabel, FileSize, AssetCount, Label\r\n | sort by AssetCount;\r\nSensitivityLabels",
|
|
"size": 0,
|
|
"showAnalytics": true,
|
|
"title": "Sensitivity Labels",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"showRefreshButton": true,
|
|
"exportFieldName": "Label",
|
|
"exportParameterName": "UserSelectedLabel",
|
|
"exportDefaultValue": "All",
|
|
"showExportToExcel": true,
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"visualization": "table",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "SensitivityLabel",
|
|
"formatter": 1
|
|
},
|
|
{
|
|
"columnMatch": "FileSize",
|
|
"formatter": 8,
|
|
"formatOptions": {
|
|
"palette": "blue",
|
|
"customColumnWidthSetting": "20ch"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Count",
|
|
"formatter": 4,
|
|
"formatOptions": {
|
|
"palette": "blue",
|
|
"customColumnWidthSetting": "20ch"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "Label",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelName",
|
|
"formatter": 1,
|
|
"formatOptions": {
|
|
"customColumnWidthSetting": "60ch"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal"
|
|
}
|
|
}
|
|
}
|
|
],
|
|
"filter": true,
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "SensitivityLabel",
|
|
"label": "Sensitivity Label"
|
|
},
|
|
{
|
|
"columnId": "FileSize",
|
|
"label": "File Size"
|
|
},
|
|
{
|
|
"columnId": "AssetCount",
|
|
"label": "Asset Count"
|
|
}
|
|
]
|
|
},
|
|
"tileSettings": {
|
|
"showBorder": false,
|
|
"titleContent": {
|
|
"columnMatch": "SensitivityLabelName",
|
|
"formatter": 1
|
|
},
|
|
"leftContent": {
|
|
"columnMatch": "LabelCount",
|
|
"formatter": 12,
|
|
"formatOptions": {
|
|
"palette": "auto"
|
|
},
|
|
"numberFormat": {
|
|
"unit": 17,
|
|
"options": {
|
|
"maximumSignificantDigits": 3,
|
|
"maximumFractionDigits": 2
|
|
}
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Labels"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 14 - Copy",
|
|
"styleSettings": {
|
|
"showBorder": true
|
|
}
|
|
},
|
|
{
|
|
"type": 3,
|
|
"content": {
|
|
"version": "KqlItem/1.0",
|
|
"query": "let MostRecentScanLogs = PurviewDataSensitivityLogs\r\n | where \"{PurviewAccount:label}\" == \"All\" or PurviewAccountName in~ (split(\"{PurviewAccount:label}\", \", \"))\r\n | where SourceType in~ (split(\"{DataSource}\", \",\"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where \"{Collection:label}\" == \"All\" or CollectionName in~ (split(\"{Collection:label}\", \", \"))\r\n | extend CollectionName = iff(SourceCollectionName == \"\", \"No Collection\", SourceCollectionName)\r\n | where ActivityType == \"Labeling\" \r\n | summarize arg_max( AssetLastScanTime, *) by AssetPath, ActivityType;\r\n\r\nlet LabelDrilldown = MostRecentScanLogs \r\n| extend SensitivityLabel = iff(SensitivityLabel[0] == \"\", \"No Label\", SensitivityLabel[0])\r\n| extend Label = replace(@\"\\\\\", \"/\", SensitivityLabel)\r\n| where \"{UserSelectedLabel:label}\" == \"All\" or \"{UserSelectedLabel:label}\" == Label\r\n| summarize arg_max(TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, SensitivityLabelTrigger, SensitivityLabel, SensitivityLabelDetails, SourceScanId) by AssetPath \r\n| project TimeGenerated, PurviewTenantId, PurviewAccountName, PurviewRegion, AssetName, AssetPath, AssetType, AssetCreationTime, AssetModifiedTime, AssetLastScanTime, FileExtension, FileSize, ActivityType, SensitivityLabelTrigger, SensitivityLabel, SensitivityLabelDetails, SourceName, SourceType, SourcePath, SourceSubscriptionId, SourceRegion, SourceCollectionName, SourceScanId;\r\nLabelDrilldown",
|
|
"size": 0,
|
|
"showAnalytics": true,
|
|
"title": "Sensitivity Labels Drilldown- Asset Level",
|
|
"timeContext": {
|
|
"durationMs": 0
|
|
},
|
|
"timeContextFromParameter": "Time",
|
|
"showRefreshButton": true,
|
|
"showExportToExcel": true,
|
|
"queryType": 0,
|
|
"resourceType": "microsoft.operationalinsights/workspaces",
|
|
"gridSettings": {
|
|
"formatters": [
|
|
{
|
|
"columnMatch": "TimeGenerated",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "PurviewTenantId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "PurviewAccountName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "PurviewRegion",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetPath",
|
|
"formatter": 7,
|
|
"formatOptions": {
|
|
"linkTarget": "GenericDetails",
|
|
"linkIsContextBlade": true,
|
|
"customColumnWidthSetting": "70ch"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "AssetType",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetCreationTime",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetModifiedTime",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "FileExtension",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "FileSize",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "ActivityType",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelTrigger",
|
|
"formatter": 5,
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal"
|
|
},
|
|
"emptyValCustomText": "No Label"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabel",
|
|
"formatter": 0,
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal"
|
|
},
|
|
"emptyValCustomText": "No Label"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelDetails",
|
|
"formatter": 5,
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal"
|
|
},
|
|
"emptyValCustomText": "No Label"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "SourceName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceType",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourcePath",
|
|
"formatter": 13,
|
|
"formatOptions": {
|
|
"linkTarget": "Resource",
|
|
"showIcon": true
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "SourceSubscriptionId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceRegion",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceCollectionName",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceScanId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelName",
|
|
"formatter": 0,
|
|
"numberFormat": {
|
|
"unit": 0,
|
|
"options": {
|
|
"style": "decimal"
|
|
},
|
|
"emptyValCustomText": "No Label"
|
|
}
|
|
},
|
|
{
|
|
"columnMatch": "PurviewSubscriptionId",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SourceOwner",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "AssetOwner",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "ActivityTrigger",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "Classification",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "ClassificationCount",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "SensitivityLabelGuid",
|
|
"formatter": 5
|
|
},
|
|
{
|
|
"columnMatch": "UserId",
|
|
"formatter": 5
|
|
}
|
|
],
|
|
"filter": true,
|
|
"labelSettings": [
|
|
{
|
|
"columnId": "AssetPath",
|
|
"label": "Asset Path"
|
|
},
|
|
{
|
|
"columnId": "AssetLastScanTime",
|
|
"label": "Asset Last Scan Time"
|
|
},
|
|
{
|
|
"columnId": "SensitivityLabel",
|
|
"label": "Sensitivity Label"
|
|
},
|
|
{
|
|
"columnId": "SourcePath",
|
|
"label": "Source Path"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"conditionalVisibility": {
|
|
"parameterName": "Tab",
|
|
"comparison": "isEqualTo",
|
|
"value": "Labels"
|
|
},
|
|
"customWidth": "50",
|
|
"name": "query - 13",
|
|
"styleSettings": {
|
|
"showBorder": true
|
|
}
|
|
}
|
|
],
|
|
"fallbackResourceIds": [],
|
|
"fromTemplateId": "sentinel-MicrosoftPurview",
|
|
"$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
|
|
} |