Forge
New repositoryImport repositoryNew issue
Your repositories Your dashboard Sign in

cloudflare/Azure-Sentinel

Public

mirrored fromhttps://github.com/cloudflare/Azure-Sentinel

Watch0Fork0Star0
CodeCommitsIssuesPull requestsActionsInsightsSecurity
1842d9dbd7ce12b9a5c7f85d35f01f6b8dc88aac

Branches

Tags

  • No tags available.
0Branches0Tags
Go to file
Add file
Code

Clone

HTTPS

Download ZIP

Azure-Sentinel/Dashboards

Dashboards/Azure_Active_Directory.json

1627lines · modecode

RawDownload
add telemetry97e42be
7 years ago
1{
2 "name": "AzureActiveDirectoryDashboard_{Workspace_Name}",
3 "type": "Microsoft.Portal/dashboards",
4 "location": "{Dashboard_Location}",
5 "tags": {
6 "dashboardKey": "AzureActiveDirectoryDashboard",
7 "hidden-title": "Azure Active Directory - {Workspace_Name}",
8 "version": "1.2",
9 "workspaceName": "{Workspace_Name}"
10 },
11 "properties": {
12 "lenses": {
13 "0": {
14 "order": 0,
15 "parts": {
16 "0": {
17 "position": {
18 "x": 1,
19 "y": 0,
20 "colSpan": 17,
21 "rowSpan": 1
22 },
23 "metadata": {
24 "inputs": [],
25 "type": "Extension/HubsExtension/PartType/MarkdownPart",
26 "settings": {
27 "content": {
28 "settings": {
29 "content": "<div style='font-size:300%;'>Overview</div>",
30 "title": "",
31 "subtitle": ""
32 }
33 }
34 }
35 }
36 },
37 "1": {
38 "position": {
39 "x": 19,
40 "y": 0,
41 "colSpan": 7,
42 "rowSpan": 1
43 },
44 "metadata": {
45 "inputs": [],
46 "type": "Extension/HubsExtension/PartType/MarkdownPart",
47 "settings": {
48 "content": {
49 "settings": {
50 "content": "<div style='font-size:300%;'>User activity</div>",
51 "title": "",
52 "subtitle": ""
53 }
54 }
55 }
56 }
57 },
58 "2": {
59 "position": {
60 "x": 0,
61 "y": 1,
62 "colSpan": 6,
63 "rowSpan": 4
64 },
65 "metadata": {
66 "inputs": [
67 {
68 "name": "ComponentId",
69 "value": {
70 "SubscriptionId": "{Subscription_Id}",
71 "ResourceGroup": "{Resource_Group}",
72 "Name": "{Workspace_Name}"
73 }
74 },
75 {
76 "name": "Query",
77 "value": "//Top AzureActiveDirectory operations \nOfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| summarize count() by Operation \n| order by count_ \n"
78 },
79 {
80 "name": "TimeRange",
81 "value": "P1D"
82 },
83 {
84 "name": "Dimensions",
85 "value": {
86 "xAxis": {
87 "name": "Operation",
88 "type": "String"
89 },
90 "yAxis": [
91 {
92 "name": "count_",
93 "type": "Int64"
94 }
95 ],
96 "splitBy": [],
97 "aggregation": "Sum"
98 }
99 },
100 {
101 "name": "Version",
102 "value": "1.0"
103 },
104 {
105 "name": "DashboardId",
106 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
107 },
108 {
109 "name": "PartId",
110 "value": "e5af5953-8c1e-436a-ae56-a76ff225ea07"
111 },
112 {
113 "name": "PartTitle",
114 "value": "Analytics"
115 },
116 {
117 "name": "PartSubTitle",
118 "value": ""
119 },
120 {
121 "name": "resourceTypeMode",
122 "value": "workspace"
123 },
124 {
125 "name": "ControlType",
126 "value": "AnalyticsDonut"
127 },
128 {
129 "name": "SpecificChart",
130 "isOptional": true
131 }
132 ],
133 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
134 "settings": {
135 "content": {
136 "PartTitle": "Activities, by type",
137 "PartSubTitle": " "
138 }
139 },
140 "asset": {
141 "idInputName": "ComponentId",
142 "type": "ApplicationInsights"
143 }
144 }
145 },
146 "3": {
147 "position": {
148 "x": 6,
149 "y": 1,
150 "colSpan": 12,
151 "rowSpan": 4
152 },
153 "metadata": {
154 "inputs": [
155 {
156 "name": "ComponentId",
157 "value": {
158 "SubscriptionId": "{Subscription_Id}",
159 "ResourceGroup": "{Resource_Group}",
160 "Name": "{Workspace_Name}"
161 }
162 },
163 {
164 "name": "Query",
165 "value": "//AzureActiveDirectory operations over time\nOfficeActivity\n| where TimeGenerated >= ago(14d)\n| where OfficeWorkload == 'AzureActiveDirectory'\n| summarize Current_Week = countif(TimeGenerated >= ago(7d)), Previous_Week = countif(TimeGenerated < ago(7d)) by Operation\n| extend Per = iff(Current_Week > Previous_Week, toreal(Current_Week) / Previous_Week, toreal(Previous_Week) / Current_Week)\n| extend sign = iff(Current_Week > Previous_Week, '+', '-')\n| extend Percentage = iff(Current_Week != 0 and Previous_Week != 0 and Previous_Week != Current_Week, strcat(sign, extract(@'(\\d*(\\.\\d{1,2}|$))', 1, tostring((Per -1 )*100)), '%'), 'No Percentage - 0')\n| project Operation, Previous_Week, Current_Week, Percentage\n"
166 },
167 {
168 "name": "Version",
169 "value": "1.0"
170 },
171 {
172 "name": "DashboardId",
173 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
174 },
175 {
176 "name": "PartId",
177 "value": "4ee3fbd9-18e7-402f-a1df-d7ef71a7b74a"
178 },
179 {
180 "name": "PartTitle",
181 "value": "Analytics"
182 },
183 {
184 "name": "PartSubTitle",
185 "value": ""
186 },
187 {
188 "name": "resourceTypeMode",
189 "value": "workspace"
190 },
191 {
192 "name": "ControlType",
193 "value": "AnalyticsGrid"
194 },
195 {
196 "name": "Dimensions",
197 "isOptional": true
198 },
199 {
200 "name": "TimeRange",
201 "isOptional": true
202 },
203 {
204 "name": "SpecificChart",
205 "isOptional": true
206 }
207 ],
208 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
209 "settings": {
210 "content": {
211 "PartTitle": "Activities, by week",
212 "PartSubTitle": "Per week"
213 }
214 },
215 "asset": {
216 "idInputName": "ComponentId",
217 "type": "ApplicationInsights"
218 }
219 }
220 },
221 "4": {
222 "position": {
223 "x": 19,
224 "y": 1,
225 "colSpan": 7,
226 "rowSpan": 4
227 },
228 "metadata": {
229 "inputs": [
230 {
231 "name": "ComponentId",
232 "value": {
233 "SubscriptionId": "{Subscription_Id}",
234 "ResourceGroup": "{Resource_Group}",
235 "Name": "{Workspace_Name}"
236 }
237 },
238 {
239 "name": "Query",
240 "value": "//AzureActiveDirectory operations over time\nOfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| summarize Events = count() by bin_at(TimeGenerated, 1d, now()) \n"
241 },
242 {
243 "name": "TimeRange",
244 "value": "P1D"
245 },
246 {
247 "name": "Dimensions",
248 "value": {
249 "xAxis": {
250 "name": "TimeGenerated",
251 "type": "DateTime"
252 },
253 "yAxis": [
254 {
255 "name": "Events",
256 "type": "Int64"
257 }
258 ],
259 "splitBy": [],
260 "aggregation": "Sum"
261 }
262 },
263 {
264 "name": "Version",
265 "value": "1.0"
266 },
267 {
268 "name": "DashboardId",
269 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
270 },
271 {
272 "name": "PartId",
273 "value": "3e977483-2bd7-4c13-a17b-ac02b5886bbc"
274 },
275 {
276 "name": "PartTitle",
277 "value": "Analytics"
278 },
279 {
280 "name": "PartSubTitle",
281 "value": ""
282 },
283 {
284 "name": "resourceTypeMode",
285 "value": "workspace"
286 },
287 {
288 "name": "ControlType",
289 "value": "AnalyticsChart"
290 },
291 {
292 "name": "SpecificChart",
293 "value": "Line"
294 }
295 ],
296 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
297 "settings": {
298 "content": {
299 "PartTitle": "Activities over time",
300 "PartSubTitle": " "
301 }
302 },
303 "asset": {
304 "idInputName": "ComponentId",
305 "type": "ApplicationInsights"
306 }
307 }
308 },
309 "5": {
310 "position": {
311 "x": 0,
312 "y": 5,
313 "colSpan": 18,
314 "rowSpan": 1
315 },
316 "metadata": {
317 "inputs": [],
318 "type": "Extension/HubsExtension/PartType/MarkdownPart",
319 "settings": {
320 "content": {
321 "settings": {
322 "content": "<div style='font-size:300%;'>Additions, updates, deletions</div>",
323 "title": "",
324 "subtitle": ""
325 }
326 }
327 }
328 }
329 },
330 "6": {
331 "position": {
332 "x": 19,
333 "y": 5,
334 "colSpan": 7,
335 "rowSpan": 5
336 },
337 "metadata": {
338 "inputs": [
339 {
340 "name": "ComponentId",
341 "value": {
342 "SubscriptionId": "{Subscription_Id}",
343 "ResourceGroup": "{Resource_Group}",
344 "Name": "{Workspace_Name}"
345 }
346 },
347 {
348 "name": "Query",
349 "value": "//AzureActiveDirectory operations over time\nOfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| summarize Number = count() by UserId\n| top 10 by Number\n| project User_ID = UserId, Number\n"
350 },
351 {
352 "name": "TimeRange",
353 "value": "P1D"
354 },
355 {
356 "name": "Version",
357 "value": "1.0"
358 },
359 {
360 "name": "DashboardId",
361 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
362 },
363 {
364 "name": "PartId",
365 "value": "c6004e80-d6bb-475d-aba9-bd817d97de00"
366 },
367 {
368 "name": "PartTitle",
369 "value": "Analytics"
370 },
371 {
372 "name": "PartSubTitle",
373 "value": ""
374 },
375 {
376 "name": "resourceTypeMode",
377 "value": "workspace"
378 },
379 {
380 "name": "ControlType",
381 "value": "AnalyticsGrid"
382 },
383 {
384 "name": "Dimensions",
385 "isOptional": true
386 },
387 {
388 "name": "SpecificChart",
389 "isOptional": true
390 }
391 ],
392 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
393 "settings": {
394 "content": {
395 "PartTitle": "Top 10 active users",
396 "PartSubTitle": " "
397 }
398 },
399 "asset": {
400 "idInputName": "ComponentId",
401 "type": "ApplicationInsights"
402 }
403 }
404 },
405 "7": {
406 "position": {
407 "x": 0,
408 "y": 6,
409 "colSpan": 18,
410 "rowSpan": 4
411 },
412 "metadata": {
413 "inputs": [
414 {
415 "name": "ComponentId",
416 "value": {
417 "SubscriptionId": "{Subscription_Id}",
418 "ResourceGroup": "{Resource_Group}",
419 "Name": "{Workspace_Name}"
420 }
421 },
422 {
423 "name": "Query",
424 "value": "OfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| summarize additions = countif(Operation contains 'add'), updates = countif(Operation contains 'Update'), deletions = countif(Operation contains 'Delete') by bin_at(TimeGenerated, 1d, now())"
425 },
426 {
427 "name": "TimeRange",
428 "value": "P1D"
429 },
430 {
431 "name": "Dimensions",
432 "value": {
433 "xAxis": {
434 "name": "TimeGenerated",
435 "type": "DateTime"
436 },
437 "yAxis": [
438 {
439 "name": "deletions",
440 "type": "Int64"
441 },
442 {
443 "name": "additions",
444 "type": "Int64"
445 },
446 {
447 "name": "updates",
448 "type": "Int64"
449 }
450 ],
451 "splitBy": [],
452 "aggregation": "Sum"
453 }
454 },
455 {
456 "name": "Version",
457 "value": "1.0"
458 },
459 {
460 "name": "DashboardId",
461 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
462 },
463 {
464 "name": "PartId",
465 "value": "d95e9c41-ab8b-44e5-931e-3511521bafcd"
466 },
467 {
468 "name": "PartTitle",
469 "value": "Analytics"
470 },
471 {
472 "name": "PartSubTitle",
473 "value": ""
474 },
475 {
476 "name": "resourceTypeMode",
477 "value": "workspace"
478 },
479 {
480 "name": "ControlType",
481 "value": "AnalyticsChart"
482 },
483 {
484 "name": "SpecificChart",
485 "value": "Line"
486 }
487 ],
488 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
489 "settings": {
490 "content": {
491 "PartTitle": "Additions, updates, and deletions",
492 "PartSubTitle": "Over the past week"
493 }
494 },
495 "asset": {
496 "idInputName": "ComponentId",
497 "type": "ApplicationInsights"
498 }
499 }
500 },
501 "8": {
502 "position": {
503 "x": 0,
504 "y": 10,
505 "colSpan": 6,
506 "rowSpan": 4
507 },
508 "metadata": {
509 "inputs": [
510 {
511 "name": "ComponentId",
512 "value": {
513 "SubscriptionId": "{Subscription_Id}",
514 "ResourceGroup": "{Resource_Group}",
515 "Name": "{Workspace_Name}"
516 }
517 },
518 {
519 "name": "Query",
520 "value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| where Operation contains 'add' \n| summarize count() by Operation, bin_at(TimeGenerated, 1h, now()) \n"
521 },
522 {
523 "name": "TimeRange",
524 "value": "P1D"
525 },
526 {
527 "name": "Dimensions",
528 "value": {
529 "xAxis": {
530 "name": "TimeGenerated",
531 "type": "DateTime"
532 },
533 "yAxis": [
534 {
535 "name": "count_",
536 "type": "Int64"
537 }
538 ],
539 "splitBy": [
540 {
541 "name": "Operation",
542 "type": "String"
543 }
544 ],
545 "aggregation": "Sum"
546 }
547 },
548 {
549 "name": "Version",
550 "value": "1.0"
551 },
552 {
553 "name": "DashboardId",
554 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
555 },
556 {
557 "name": "PartId",
558 "value": "412f8581-42fe-4c76-850c-9aec4004d2b4"
559 },
560 {
561 "name": "PartTitle",
562 "value": "Analytics"
563 },
564 {
565 "name": "PartSubTitle",
566 "value": ""
567 },
568 {
569 "name": "resourceTypeMode",
570 "value": "workspace"
571 },
572 {
573 "name": "ControlType",
574 "value": "AnalyticsChart"
575 },
576 {
577 "name": "SpecificChart",
578 "value": "GroupedBar"
579 }
580 ],
581 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
582 "settings": {
583 "content": {
584 "PartTitle": "Add activities, by type",
585 "PartSubTitle": "Over time"
586 }
587 },
588 "asset": {
589 "idInputName": "ComponentId",
590 "type": "ApplicationInsights"
591 }
592 }
593 },
594 "9": {
595 "position": {
596 "x": 6,
597 "y": 10,
598 "colSpan": 6,
599 "rowSpan": 4
600 },
601 "metadata": {
602 "inputs": [
603 {
604 "name": "ComponentId",
605 "value": {
606 "SubscriptionId": "{Subscription_Id}",
607 "ResourceGroup": "{Resource_Group}",
608 "Name": "{Workspace_Name}"
609 }
610 },
611 {
612 "name": "Query",
613 "value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| where Operation contains 'update' \n| summarize count() by Operation, bin_at(TimeGenerated, 1h, now()) \n"
614 },
615 {
616 "name": "TimeRange",
617 "value": "P1D"
618 },
619 {
620 "name": "Dimensions",
621 "value": {
622 "xAxis": {
623 "name": "TimeGenerated",
624 "type": "DateTime"
625 },
626 "yAxis": [
627 {
628 "name": "count_",
629 "type": "Int64"
630 }
631 ],
632 "splitBy": [
633 {
634 "name": "Operation",
635 "type": "String"
636 }
637 ],
638 "aggregation": "Sum"
639 }
640 },
641 {
642 "name": "Version",
643 "value": "1.0"
644 },
645 {
646 "name": "DashboardId",
647 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
648 },
649 {
650 "name": "PartId",
651 "value": "02bfb13a-3fa6-4cb0-ae06-80af5dd6ab54"
652 },
653 {
654 "name": "PartTitle",
655 "value": "Analytics"
656 },
657 {
658 "name": "PartSubTitle",
659 "value": ""
660 },
661 {
662 "name": "resourceTypeMode",
663 "value": "workspace"
664 },
665 {
666 "name": "ControlType",
667 "value": "AnalyticsChart"
668 },
669 {
670 "name": "SpecificChart",
671 "value": "GroupedBar"
672 }
673 ],
674 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
675 "settings": {
676 "content": {
677 "PartTitle": "Update activities, by type",
678 "PartSubTitle": "Over time"
679 }
680 },
681 "asset": {
682 "idInputName": "ComponentId",
683 "type": "ApplicationInsights"
684 }
685 }
686 },
687 "10": {
688 "position": {
689 "x": 12,
690 "y": 10,
691 "colSpan": 6,
692 "rowSpan": 4
693 },
694 "metadata": {
695 "inputs": [
696 {
697 "name": "ComponentId",
698 "value": {
699 "SubscriptionId": "{Subscription_Id}",
700 "ResourceGroup": "{Resource_Group}",
701 "Name": "{Workspace_Name}"
702 }
703 },
704 {
705 "name": "Query",
706 "value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| where Operation contains 'delete' \n| summarize count() by Operation, bin_at(TimeGenerated, 1h, now()) \n"
707 },
708 {
709 "name": "TimeRange",
710 "value": "P1D"
711 },
712 {
713 "name": "Dimensions",
714 "value": {
715 "xAxis": {
716 "name": "TimeGenerated",
717 "type": "DateTime"
718 },
719 "yAxis": [
720 {
721 "name": "count_",
722 "type": "Int64"
723 }
724 ],
725 "splitBy": [
726 {
727 "name": "Operation",
728 "type": "String"
729 }
730 ],
731 "aggregation": "Sum"
732 }
733 },
734 {
735 "name": "Version",
736 "value": "1.0"
737 },
738 {
739 "name": "DashboardId",
740 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
741 },
742 {
743 "name": "PartId",
744 "value": "4a895dc8-34f0-4c73-b5bc-f9eed7449253"
745 },
746 {
747 "name": "PartTitle",
748 "value": "Analytics"
749 },
750 {
751 "name": "PartSubTitle",
752 "value": ""
753 },
754 {
755 "name": "resourceTypeMode",
756 "value": "workspace"
757 },
758 {
759 "name": "ControlType",
760 "value": "AnalyticsChart"
761 },
762 {
763 "name": "SpecificChart",
764 "value": "GroupedBar"
765 }
766 ],
767 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
768 "settings": {
769 "content": {
770 "PartTitle": "Delete activities, by type",
771 "PartSubTitle": "Over time"
772 }
773 },
774 "asset": {
775 "idInputName": "ComponentId",
776 "type": "ApplicationInsights"
777 }
778 }
779 },
780 "11": {
781 "position": {
782 "x": 19,
783 "y": 10,
784 "colSpan": 7,
785 "rowSpan": 4
786 },
787 "metadata": {
788 "inputs": [
789 {
790 "name": "ComponentId",
791 "value": {
792 "SubscriptionId": "{Subscription_Id}",
793 "ResourceGroup": "{Resource_Group}",
794 "Name": "{Workspace_Name}"
795 }
796 },
797 {
798 "name": "Query",
799 "value": "//Activity by User type \nOfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| summarize count() by UserType\n"
800 },
801 {
802 "name": "TimeRange",
803 "value": "P1D"
804 },
805 {
806 "name": "Dimensions",
807 "value": {
808 "xAxis": {
809 "name": "UserType",
810 "type": "String"
811 },
812 "yAxis": [
813 {
814 "name": "count_",
815 "type": "Int64"
816 }
817 ],
818 "splitBy": [],
819 "aggregation": "Sum"
820 }
821 },
822 {
823 "name": "Version",
824 "value": "1.0"
825 },
826 {
827 "name": "DashboardId",
828 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
829 },
830 {
831 "name": "PartId",
832 "value": "905469fc-2a41-4637-ba34-84feb358bca7"
833 },
834 {
835 "name": "PartTitle",
836 "value": "Analytics"
837 },
838 {
839 "name": "PartSubTitle",
840 "value": ""
841 },
842 {
843 "name": "resourceTypeMode",
844 "value": "workspace"
845 },
846 {
847 "name": "ControlType",
848 "value": "AnalyticsDonut"
849 },
850 {
851 "name": "SpecificChart",
852 "isOptional": true
853 }
854 ],
855 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
856 "settings": {
857 "content": {
858 "PartTitle": "Activity, by user type",
859 "PartSubTitle": " "
860 }
861 },
862 "asset": {
863 "idInputName": "ComponentId",
864 "type": "ApplicationInsights"
865 }
866 }
867 },
868 "12": {
869 "position": {
870 "x": 0,
871 "y": 14,
872 "colSpan": 18,
873 "rowSpan": 1
874 },
875 "metadata": {
876 "inputs": [],
877 "type": "Extension/HubsExtension/PartType/MarkdownPart",
878 "settings": {
879 "content": {
880 "settings": {
881 "content": "<div style='font-size:300%;'>User, groups</div>",
882 "title": "",
883 "subtitle": ""
884 }
885 }
886 }
887 }
888 },
889 "13": {
890 "position": {
891 "x": 19,
892 "y": 14,
893 "colSpan": 7,
894 "rowSpan": 1
895 },
896 "metadata": {
897 "inputs": [],
898 "type": "Extension/HubsExtension/PartType/MarkdownPart",
899 "settings": {
900 "content": {
901 "settings": {
902 "content": "<div style='font-size:300%;'>User logons</div>",
903 "title": "",
904 "subtitle": ""
905 }
906 }
907 }
908 }
909 },
910 "14": {
911 "position": {
912 "x": 0,
913 "y": 15,
914 "colSpan": 6,
915 "rowSpan": 4
916 },
917 "metadata": {
918 "inputs": [
919 {
920 "name": "ComponentId",
921 "value": {
922 "SubscriptionId": "{Subscription_Id}",
923 "ResourceGroup": "{Resource_Group}",
924 "Name": "{Workspace_Name}"
925 }
926 },
927 {
928 "name": "Query",
929 "value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| where Operation contains 'user' \n| summarize count() by Operation \n"
930 },
931 {
932 "name": "TimeRange",
933 "value": "P1D"
934 },
935 {
936 "name": "Dimensions",
937 "value": {
938 "xAxis": {
939 "name": "Operation",
940 "type": "String"
941 },
942 "yAxis": [
943 {
944 "name": "count_",
945 "type": "Int64"
946 }
947 ],
948 "splitBy": [],
949 "aggregation": "Sum"
950 }
951 },
952 {
953 "name": "Version",
954 "value": "1.0"
955 },
956 {
957 "name": "DashboardId",
958 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
959 },
960 {
961 "name": "PartId",
962 "value": "77d6ebe2-5afc-4f1a-9592-d7bca00a63e7"
963 },
964 {
965 "name": "PartTitle",
966 "value": "Analytics"
967 },
968 {
969 "name": "PartSubTitle",
970 "value": ""
971 },
972 {
973 "name": "resourceTypeMode",
974 "value": "workspace"
975 },
976 {
977 "name": "ControlType",
978 "value": "AnalyticsDonut"
979 },
980 {
981 "name": "SpecificChart",
982 "isOptional": true
983 }
984 ],
985 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
986 "settings": {
987 "content": {
988 "PartTitle": "User activities, by type",
989 "PartSubTitle": " ",
990 "Query": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation contains 'user' and Operation != 'UserLoggedIn'\n| summarize count() by Operation\n"
991 }
992 },
993 "asset": {
994 "idInputName": "ComponentId",
995 "type": "ApplicationInsights"
996 }
997 }
998 },
999 "15": {
1000 "position": {
1001 "x": 6,
1002 "y": 15,
1003 "colSpan": 6,
1004 "rowSpan": 4
1005 },
1006 "metadata": {
1007 "inputs": [
1008 {
1009 "name": "ComponentId",
1010 "value": {
1011 "SubscriptionId": "{Subscription_Id}",
1012 "ResourceGroup": "{Resource_Group}",
1013 "Name": "{Workspace_Name}"
1014 }
1015 },
1016 {
1017 "name": "Query",
1018 "value": "OfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation contains 'user' and Operation != 'UserLoggedIn'\n| top 10 by TimeGenerated desc\n| project Operation, UserId , ResultStatus\n"
1019 },
1020 {
1021 "name": "TimeRange",
1022 "value": "P1D"
1023 },
1024 {
1025 "name": "Version",
1026 "value": "1.0"
1027 },
1028 {
1029 "name": "DashboardId",
1030 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
1031 },
1032 {
1033 "name": "PartId",
1034 "value": "879f26ca-215c-4624-b50e-ac49916c4b8a"
1035 },
1036 {
1037 "name": "PartTitle",
1038 "value": "Analytics"
1039 },
1040 {
1041 "name": "PartSubTitle",
1042 "value": ""
1043 },
1044 {
1045 "name": "resourceTypeMode",
1046 "value": "workspace"
1047 },
1048 {
1049 "name": "ControlType",
1050 "value": "AnalyticsGrid"
1051 },
1052 {
1053 "name": "Dimensions",
1054 "isOptional": true
1055 },
1056 {
1057 "name": "SpecificChart",
1058 "isOptional": true
1059 }
1060 ],
1061 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
1062 "settings": {
1063 "content": {
1064 "PartTitle": "User activities",
1065 "PartSubTitle": "Last 10"
1066 }
1067 },
1068 "asset": {
1069 "idInputName": "ComponentId",
1070 "type": "ApplicationInsights"
1071 }
1072 }
1073 },
1074 "16": {
1075 "position": {
1076 "x": 12,
1077 "y": 15,
1078 "colSpan": 6,
1079 "rowSpan": 4
1080 },
1081 "metadata": {
1082 "inputs": [
1083 {
1084 "name": "ComponentId",
1085 "value": {
1086 "SubscriptionId": "{Subscription_Id}",
1087 "ResourceGroup": "{Resource_Group}",
1088 "Name": "{Workspace_Name}"
1089 }
1090 },
1091 {
1092 "name": "Query",
1093 "value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation == 'Add user.'\n| project TimeGenerated, User_Name=todynamic(AADTarget)[0].ID\n| summarize by tostring(User_Name), TimeGenerated\n| limit 10\n"
1094 },
1095 {
1096 "name": "TimeRange",
1097 "value": "P1D"
1098 },
1099 {
1100 "name": "Version",
1101 "value": "1.0"
1102 },
1103 {
1104 "name": "DashboardId",
1105 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
1106 },
1107 {
1108 "name": "PartId",
1109 "value": "bc8f871e-fa66-4fb3-8eb4-b94096c200c6"
1110 },
1111 {
1112 "name": "PartTitle",
1113 "value": "Analytics"
1114 },
1115 {
1116 "name": "PartSubTitle",
1117 "value": ""
1118 },
1119 {
1120 "name": "resourceTypeMode",
1121 "value": "workspace"
1122 },
1123 {
1124 "name": "ControlType",
1125 "value": "AnalyticsGrid"
1126 },
1127 {
1128 "name": "Dimensions",
1129 "isOptional": true
1130 },
1131 {
1132 "name": "SpecificChart",
1133 "isOptional": true
1134 }
1135 ],
1136 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
1137 "settings": {
1138 "content": {
1139 "PartTitle": "New users",
1140 "PartSubTitle": "Last 10"
1141 }
1142 },
1143 "asset": {
1144 "idInputName": "ComponentId",
1145 "type": "ApplicationInsights"
1146 }
1147 }
1148 },
1149 "17": {
1150 "position": {
1151 "x": 19,
1152 "y": 15,
1153 "colSpan": 7,
1154 "rowSpan": 3
1155 },
1156 "metadata": {
1157 "inputs": [
1158 {
1159 "name": "ComponentId",
1160 "value": {
1161 "SubscriptionId": "{Subscription_Id}",
1162 "ResourceGroup": "{Resource_Group}",
1163 "Name": "{Workspace_Name}"
1164 }
1165 },
1166 {
1167 "name": "Query",
1168 "value": "OfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation == 'UserLoggedIn'\n| summarize Logons = count() by ResultStatus, bin_at(TimeGenerated, 1h, now())"
1169 },
1170 {
1171 "name": "TimeRange",
1172 "value": "P1D"
1173 },
1174 {
1175 "name": "Dimensions",
1176 "value": {
1177 "xAxis": {
1178 "name": "TimeGenerated",
1179 "type": "DateTime"
1180 },
1181 "yAxis": [
1182 {
1183 "name": "Logons",
1184 "type": "Int64"
1185 }
1186 ],
1187 "splitBy": [],
1188 "aggregation": "Sum"
1189 }
1190 },
1191 {
1192 "name": "Version",
1193 "value": "1.0"
1194 },
1195 {
1196 "name": "DashboardId",
1197 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
1198 },
1199 {
1200 "name": "PartId",
1201 "value": "fc6b0018-e776-429e-91dc-2cff0721eab9"
1202 },
1203 {
1204 "name": "PartTitle",
1205 "value": "Analytics"
1206 },
1207 {
1208 "name": "PartSubTitle",
1209 "value": ""
1210 },
1211 {
1212 "name": "resourceTypeMode",
1213 "value": "workspace"
1214 },
1215 {
1216 "name": "ControlType",
1217 "value": "AnalyticsChart"
1218 },
1219 {
1220 "name": "SpecificChart",
1221 "value": "Line"
1222 }
1223 ],
1224 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
1225 "settings": {
1226 "content": {
1227 "PartTitle": "User logons",
1228 "PartSubTitle": "Failed and succeeded"
1229 }
1230 },
1231 "asset": {
1232 "idInputName": "ComponentId",
1233 "type": "ApplicationInsights"
1234 }
1235 }
1236 },
1237 "18": {
1238 "position": {
1239 "x": 19,
1240 "y": 18,
1241 "colSpan": 7,
1242 "rowSpan": 1
1243 },
1244 "metadata": {
1245 "inputs": [],
1246 "type": "Extension/HubsExtension/PartType/MarkdownPart",
1247 "settings": {
1248 "content": {
1249 "settings": {
1250 "content": "<div style='font-size:300%;'>Failed activities</div>",
1251 "title": "",
1252 "subtitle": ""
1253 }
1254 }
1255 }
1256 }
1257 },
1258 "19": {
1259 "position": {
1260 "x": 0,
1261 "y": 19,
1262 "colSpan": 6,
1263 "rowSpan": 4
1264 },
1265 "metadata": {
1266 "inputs": [
1267 {
1268 "name": "ComponentId",
1269 "value": {
1270 "SubscriptionId": "{Subscription_Id}",
1271 "ResourceGroup": "{Resource_Group}",
1272 "Name": "{Workspace_Name}"
1273 }
1274 },
1275 {
1276 "name": "Query",
1277 "value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory' \n| where Operation contains 'group' \n| summarize count() by Operation"
1278 },
1279 {
1280 "name": "TimeRange",
1281 "value": "P1D"
1282 },
1283 {
1284 "name": "Dimensions",
1285 "value": {
1286 "xAxis": {
1287 "name": "Operation",
1288 "type": "String"
1289 },
1290 "yAxis": [
1291 {
1292 "name": "count_",
1293 "type": "Int64"
1294 }
1295 ],
1296 "splitBy": [],
1297 "aggregation": "Sum"
1298 }
1299 },
1300 {
1301 "name": "Version",
1302 "value": "1.0"
1303 },
1304 {
1305 "name": "DashboardId",
1306 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
1307 },
1308 {
1309 "name": "PartId",
1310 "value": "17896e4c-0872-41d4-bbad-f8bc61fb9cb1"
1311 },
1312 {
1313 "name": "PartTitle",
1314 "value": "Analytics"
1315 },
1316 {
1317 "name": "PartSubTitle",
1318 "value": ""
1319 },
1320 {
1321 "name": "resourceTypeMode",
1322 "value": "workspace"
1323 },
1324 {
1325 "name": "ControlType",
1326 "value": "AnalyticsDonut"
1327 },
1328 {
1329 "name": "SpecificChart",
1330 "isOptional": true
1331 }
1332 ],
1333 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
1334 "settings": {
1335 "content": {
1336 "PartTitle": "Group activities, by type",
1337 "PartSubTitle": " "
1338 }
1339 },
1340 "asset": {
1341 "idInputName": "ComponentId",
1342 "type": "ApplicationInsights"
1343 }
1344 }
1345 },
1346 "20": {
1347 "position": {
1348 "x": 6,
1349 "y": 19,
1350 "colSpan": 6,
1351 "rowSpan": 4
1352 },
1353 "metadata": {
1354 "inputs": [
1355 {
1356 "name": "ComponentId",
1357 "value": {
1358 "SubscriptionId": "{Subscription_Id}",
1359 "ResourceGroup": "{Resource_Group}",
1360 "Name": "{Workspace_Name}"
1361 }
1362 },
1363 {
1364 "name": "Query",
1365 "value": "OfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation contains 'group'\n| top 10 by TimeGenerated desc\n| project Operation, UserId , ResultStatus\n"
1366 },
1367 {
1368 "name": "TimeRange",
1369 "value": "P1D"
1370 },
1371 {
1372 "name": "Version",
1373 "value": "1.0"
1374 },
1375 {
1376 "name": "DashboardId",
1377 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
1378 },
1379 {
1380 "name": "PartId",
1381 "value": "82bb1da4-fc89-4c3f-b356-05315803f703"
1382 },
1383 {
1384 "name": "PartTitle",
1385 "value": "Analytics"
1386 },
1387 {
1388 "name": "PartSubTitle",
1389 "value": ""
1390 },
1391 {
1392 "name": "resourceTypeMode",
1393 "value": "workspace"
1394 },
1395 {
1396 "name": "ControlType",
1397 "value": "AnalyticsGrid"
1398 },
1399 {
1400 "name": "Dimensions",
1401 "isOptional": true
1402 },
1403 {
1404 "name": "SpecificChart",
1405 "isOptional": true
1406 }
1407 ],
1408 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
1409 "settings": {
1410 "content": {
1411 "PartTitle": "Group activities",
1412 "PartSubTitle": "Last 10"
1413 }
1414 },
1415 "asset": {
1416 "idInputName": "ComponentId",
1417 "type": "ApplicationInsights"
1418 }
1419 }
1420 },
1421 "21": {
1422 "position": {
1423 "x": 12,
1424 "y": 19,
1425 "colSpan": 6,
1426 "rowSpan": 4
1427 },
1428 "metadata": {
1429 "inputs": [
1430 {
1431 "name": "ComponentId",
1432 "value": {
1433 "SubscriptionId": "{Subscription_Id}",
1434 "ResourceGroup": "{Resource_Group}",
1435 "Name": "{Workspace_Name}"
1436 }
1437 },
1438 {
1439 "name": "Query",
1440 "value": "OfficeActivity \n| where OfficeWorkload == 'AzureActiveDirectory'\n| where Operation == 'Add group.'\n| project Group_Name=todynamic(AADTarget)[0].ID, TimeGenerated\n| sort by TimeGenerated\n| limit 10"
1441 },
1442 {
1443 "name": "TimeRange",
1444 "value": "P1D"
1445 },
1446 {
1447 "name": "Version",
1448 "value": "1.0"
1449 },
1450 {
1451 "name": "DashboardId",
1452 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
1453 },
1454 {
1455 "name": "PartId",
1456 "value": "5b5d670e-188c-40e1-aa17-bbbea21e86e6"
1457 },
1458 {
1459 "name": "PartTitle",
1460 "value": "Analytics"
1461 },
1462 {
1463 "name": "PartSubTitle",
1464 "value": ""
1465 },
1466 {
1467 "name": "resourceTypeMode",
1468 "value": "workspace"
1469 },
1470 {
1471 "name": "ControlType",
1472 "value": "AnalyticsGrid"
1473 },
1474 {
1475 "name": "Dimensions",
1476 "isOptional": true
1477 },
1478 {
1479 "name": "SpecificChart",
1480 "isOptional": true
1481 }
1482 ],
1483 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
1484 "settings": {
1485 "content": {
1486 "PartTitle": "New groups",
1487 "PartSubTitle": "Last 10"
1488 }
1489 },
1490 "asset": {
1491 "idInputName": "ComponentId",
1492 "type": "ApplicationInsights"
1493 }
1494 }
1495 },
1496 "22": {
1497 "position": {
1498 "x": 19,
1499 "y": 19,
1500 "colSpan": 7,
1501 "rowSpan": 4
1502 },
1503 "metadata": {
1504 "inputs": [
1505 {
1506 "name": "ComponentId",
1507 "value": {
1508 "SubscriptionId": "{Subscription_Id}",
1509 "ResourceGroup": "{Resource_Group}",
1510 "Name": "{Workspace_Name}"
1511 }
1512 },
1513 {
1514 "name": "Query",
1515 "value": "//Failed operations by operation\nOfficeActivity\n| where OfficeWorkload == 'AzureActiveDirectory'\n| where ResultStatus == 'Failure'\n| summarize count() by Operation, bin_at(TimeGenerated, 1h, now())\n"
1516 },
1517 {
1518 "name": "TimeRange",
1519 "value": "P1D"
1520 },
1521 {
1522 "name": "Dimensions",
1523 "value": {
1524 "xAxis": {
1525 "name": "TimeGenerated",
1526 "type": "DateTime"
1527 },
1528 "yAxis": [
1529 {
1530 "name": "count_",
1531 "type": "Int64"
1532 }
1533 ],
1534 "splitBy": [
1535 {
1536 "name": "Operation",
1537 "type": "String"
1538 }
1539 ],
1540 "aggregation": "Sum"
1541 }
1542 },
1543 {
1544 "name": "Version",
1545 "value": "1.0"
1546 },
1547 {
1548 "name": "DashboardId",
1549 "value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/AzureActiveDirectoryDashboard_{Workspace_Name}"
1550 },
1551 {
1552 "name": "PartId",
1553 "value": "db0b2916-3d18-46eb-8f8b-a9a2139c46e7"
1554 },
1555 {
1556 "name": "PartTitle",
1557 "value": "Analytics"
1558 },
1559 {
1560 "name": "PartSubTitle",
1561 "value": ""
1562 },
1563 {
1564 "name": "resourceTypeMode",
1565 "value": "workspace"
1566 },
1567 {
1568 "name": "ControlType",
1569 "value": "AnalyticsChart"
1570 },
1571 {
1572 "name": "SpecificChart",
1573 "value": "Bar"
1574 }
1575 ],
1576 "type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
1577 "settings": {
1578 "content": {
1579 "PartTitle": "Failed activities, by type",
1580 "PartSubTitle": " "
1581 }
1582 },
1583 "asset": {
1584 "idInputName": "ComponentId",
1585 "type": "ApplicationInsights"
1586 }
1587 }
1588 },
1589 "23": {
1590 "position": {
1591 "x": 0,
1592 "y": 0,
1593 "colSpan": 1,
1594 "rowSpan": 1
1595 },
1596 "metadata": {
1597 "inputs": [
1598 {
1599 "name": "subscriptionId",
1600 "value": "{Subscription_Id}"
1601 },
1602 {
1603 "name": "resourceGroup",
1604 "value": "{Resource_Group}"
1605 },
1606 {
1607 "name": "workspaceName",
1608 "value": "{Workspace_Name}"
1609 },
1610 {
1611 "name": "dashboardName",
1612 "value": "AzureActiveDirectoryDashboard"
1613 },
1614 {
1615 "name": "menuItemToOpen",
1616 "value": "Dashboards"
1617 }
1618 ],
1619 "type": "Extension/Microsoft_Azure_Security_Insights/PartType/AsiOverviewPart",
1620 "defaultMenuItemId": "0"
1621 }
1622 }
1623 }
1624 }
1625 }
1626 }
1627}