{
"name": "CylanceDashboard_{Workspace_Name}",
"type": "Microsoft.Portal/dashboards",
"location": "{Dashboard_Location}",
"tags": {
"dashboardKey": "CylanceDashboard",
"hidden-title": "Cylance - {Workspace_Name}",
"version": "1.0",
"workspaceName": "{Workspace_Name}"
},
"properties": {
"lenses": {
"0": {
"order": 0,
"parts": {
"0": {
"position": {
"x": 1,
"y": 0,
"colSpan": 11,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Cylance overview</div> ",
"title": "",
"subtitle": ""
}
}
}
}
},
"1": {
"position": {
"x": 12,
"y": 0,
"colSpan": 6,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<body style='background-color:#FF0000;'><img width='600' height='50' src='https://download.cylance.com/updates/CylanceDetectImages/cylance_signin_logo.png'/> \n</body>",
"title": "",
"subtitle": ""
}
}
}
}
},
"2": {
"position": {
"x": 0,
"y": 1,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//log type trend\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| summarize LogTypeCount= count() by LogType , TimeGenerated\n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "LogTypeCount",
"type": "Int64"
}
],
"splitBy": [
{
"name": "LogType",
"type": "String"
}
],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "d88fd7ce-0325-45b7-80bf-7f4aa8709fa7"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Bar"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Event type trend over time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"3": {
"position": {
"x": 6,
"y": 1,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//log volume trend\nSyslog\n| where Computer =~ 'sysloghost' \n| summarize LogVolume= count() by TimeGenerated "
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "TimeGenerated",
"type": "DateTime"
},
"yAxis": [
{
"name": "LogVolume",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "5256b3b9-e294-49be-95da-c01b3eec7bf9"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsChart"
},
{
"name": "SpecificChart",
"value": "Line"
},
{
"name": "TimeRange",
"value": "P1D"
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Event count trend over time",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"4": {
"position": {
"x": 12,
"y": 1,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "// log type count\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| summarize LogTypeCount= count() by LogType \n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "LogType",
"type": "String"
},
"yAxis": [
{
"name": "LogTypeCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "8c4bdd63-3db8-4c6f-8479-2e730f87ad1e"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Event type summary",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"5": {
"position": {
"x": 0,
"y": 5,
"colSpan": 18,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Malware posture</div> ",
"title": "",
"subtitle": ""
}
}
}
}
},
"6": {
"position": {
"x": 0,
"y": 6,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//top 5 malware seen\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat'\n| extend MalwareMD5= extract('MD5: (.*?),',1,SyslogMessage) \n| summarize MalwareCount= count() by MalwareMD5\n| top 5 by MalwareCount desc \n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "a63faa99-b0b5-42c7-8e8f-7de3bca4391b"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 malware events",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"7": {
"position": {
"x": 6,
"y": 6,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Threat classification\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat'\n| extend Classification= extract('Threat Classification: (.*?)#',1,SyslogMessage)\n| summarize count() by Classification \n| top 5 by count_ desc \n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "ac7b0173-e513-4388-a1cc-8cf5b7498893"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 malware types",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"8": {
"position": {
"x": 12,
"y": 6,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//how new is malware\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat'\n| extend Unique= extract('Is Unique To Cylance: (.*?),',1,SyslogMessage)\n| summarize count() by Unique \n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "8e4ef54c-4a1f-4101-a8eb-390059b26332"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "First time malware type detected?",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"9": {
"position": {
"x": 0,
"y": 10,
"colSpan": 18,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Threat posture in environment</div> ",
"title": "",
"subtitle": ""
}
}
}
}
},
"10": {
"position": {
"x": 0,
"y": 11,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Detected By\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat'\n| extend DetectionMethod= extract('Detected By: (.*?),',1,SyslogMessage)\n| summarize count() by DetectionMethod\n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "106a734c-1b9a-44e9-8541-b4b2b1f787fb"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Cylance threat, by feature",
"PartSubTitle": " ",
"Query": "//Detected By\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat'\n| extend DetectionMethod= extract('Detected By: (.*?),',1,SyslogMessage)\n| summarize Count=count() by DetectionMethod\n"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"11": {
"position": {
"x": 6,
"y": 11,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Count by status\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat'\n| extend CylanceStatus= extract('Status: (.*?),',1,SyslogMessage)\n| summarize count() by CylanceStatus \n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "636dd1a9-1304-4da0-9a4b-fdd8d734bfda"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Clyance threat status summary",
"PartSubTitle": " ",
"Query": "//Count by status\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat'\n| extend CylanceStatus= extract('Status: (.*?),',1,SyslogMessage)\n| summarize StatusCount=count() by CylanceStatus \n"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"12": {
"position": {
"x": 12,
"y": 11,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//threat type make pie chart \nSyslog \n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat' \n| extend EventName = extract('Event Name: (.*?),',1,SyslogMessage ) \n| summarize EventType= count() by EventName \n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "EventName",
"type": "String"
},
"yAxis": [
{
"name": "EventType",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "ab497652-b6c8-46c9-be16-fd656372373c"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Threat event summary",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"13": {
"position": {
"x": 0,
"y": 15,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//top 5 device in threat\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat'\n| extend DeviceName = extract('Device Name: (.*?),',1,SyslogMessage)\n| where DeviceName != ''\n| summarize DeviceCount=count() by DeviceName\n| top 5 by DeviceCount desc \n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "fe52d69e-369f-4ec0-9210-1860baa3c55a"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 devices with threats, by count",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"14": {
"position": {
"x": 6,
"y": 15,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//unsafe count by device\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat'\n| extend CylanceStatus= extract('Status: (.*?),',1,SyslogMessage)\n| where CylanceStatus =~'Unsafe'\n| extend DeviceName = extract('Device Name: (.*?),',1,SyslogMessage)\n| summarize count() by DeviceName \n| top 5 by count_ desc nulls last \n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "55fb4a5b-a9ce-4d64-9db4-1e113859f4ff"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Top 5 devices with unsafe threats, by count",
"PartSubTitle": " ",
"Query": "//unsafe count by device\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat'\n| extend CylanceStatus= extract('Status: (.*?),',1,SyslogMessage)\n| where CylanceStatus =~'Unsafe'\n| extend DeviceName = extract('Device Name: (.*?),',1,SyslogMessage)\n| summarize StatusCount=count() by DeviceName \n| top 5 by StatusCount nulls last \n"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"15": {
"position": {
"x": 12,
"y": 15,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//malware type pie chart \nSyslog \n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Threat' \n| extend FileType= extract('File Type: (.*?),',1,SyslogMessage) \n| summarize FileTypeCount=count() by FileType \n"
},
{
"name": "Dimensions",
"value": {
"xAxis": {
"name": "FileType",
"type": "String"
},
"yAxis": [
{
"name": "FileTypeCount",
"type": "Int64"
}
],
"splitBy": [],
"aggregation": "Sum"
}
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "4ec2c57b-16a4-4632-846f-e83c33c10e6f"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsDonut"
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "File type associated with threat, by count",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"16": {
"position": {
"x": 0,
"y": 19,
"colSpan": 18,
"rowSpan": 1
},
"metadata": {
"inputs": [],
"type": "Extension/HubsExtension/PartType/MarkdownPart",
"settings": {
"content": {
"settings": {
"content": "<div style='font-size:300%;'>Cylance mangement</div> \n",
"title": "",
"subtitle": ""
}
}
}
}
},
"17": {
"position": {
"x": 0,
"y": 20,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Audit logs type\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'AuditLog'\n| extend EventName = extract('Event Name: (.*?),',1,SyslogMessage ) \n| summarize EventType= count() by EventName\n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "3a902863-3cfc-41af-9832-bc18926c22bd"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Audit event summary",
"PartSubTitle": " ",
"Query": "//Audit logs type\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'AuditLog'\n| extend EventName = extract('Event Name: (.*?),',1,SyslogMessage ) \n| summarize EventCount= count() by EventName\n"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"18": {
"position": {
"x": 6,
"y": 20,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//Agent Version Across \nSyslog \n| where Computer =~ 'sysloghost' \n| extend AgentVersion= extract('Agent Version: (.*?),',1,SyslogMessage) \n| where AgentVersion !='' \n| extend DeviceName = extract('Device Name: (.*?),',1,SyslogMessage) \n| summarize DeviceCount=dcount(DeviceName) by AgentVersion \n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "591a1ebd-822d-4188-a3f8-63fe9d376c77"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Agent version summary",
"PartSubTitle": " "
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"19": {
"position": {
"x": 12,
"y": 20,
"colSpan": 6,
"rowSpan": 4
},
"metadata": {
"inputs": [
{
"name": "ComponentId",
"value": {
"SubscriptionId": "{Subscription_Id}",
"ResourceGroup": "{Resource_Group}",
"Name": "{Workspace_Name}",
"ResourceId": "/subscriptions/{Subscription_Id}/resourcegroups/{Resource_Group}/providers/microsoft.operationalInsights/workspaces/{Workspace_Name}"
}
},
{
"name": "Query",
"value": "//device logs\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Device'\n| extend EventName = extract('Event Name: (.*?),',1,SyslogMessage ) \n| summarize EventType= count() by EventName\n"
},
{
"name": "Version",
"value": "1.0"
},
{
"name": "DashboardId",
"value": "/subscriptions/{Subscription_Id}/resourceGroups/dashboards/providers/Microsoft.Portal/dashboards/CylanceDashboard_{Workspace_Name}"
},
{
"name": "PartId",
"value": "1dc8e02e-d322-45fd-800e-07c9f889d64b"
},
{
"name": "PartTitle",
"value": "Analytics"
},
{
"name": "PartSubTitle",
"value": "{Workspace_Name}"
},
{
"name": "resourceTypeMode",
"value": "workspace"
},
{
"name": "ControlType",
"value": "AnalyticsGrid"
},
{
"name": "Dimensions",
"isOptional": true
},
{
"name": "TimeRange",
"value": "P1D"
},
{
"name": "SpecificChart",
"isOptional": true
}
],
"type": "Extension/AppInsightsExtension/PartType/AnalyticsPart",
"settings": {
"content": {
"PartTitle": "Device event summary",
"PartSubTitle": " ",
"Query": "//device logs\nSyslog\n| where Computer =~ 'sysloghost' \n| extend LogType= extract('^([a-xA-Z]*),',1,SyslogMessage ) \n| where LogType =~'Device'\n| extend EventName = extract('Event Name: (.*?),',1,SyslogMessage ) \n| summarize EventCount= count() by EventName\n"
}
},
"asset": {
"idInputName": "ComponentId",
"type": "ApplicationInsights"
}
}
},
"20": {
"position": {
"x": 0,
"y": 0,
"colSpan": 1,
"rowSpan": 1
},
"metadata": {
"inputs": [
{
"name": "subscriptionId",
"value": "{Subscription_Id}"
},
{
"name": "resourceGroup",
"value": "{Resource_Group}"
},
{
"name": "workspaceName",
"value": "{Workspace_Name}"
},
{
"name": "menuItemToOpen",
"value": "Dashboards"
}
],
"type": "Extension/Microsoft_Azure_Security_Insights/PartType/AsiOverviewPart",
"defaultMenuItemId": "0"
}
}
}
}
}
}
}cloudflare/Azure-Sentinel
Publicmirrored fromhttps://github.com/cloudflare/Azure-Sentinel
Dashboards/Cylance.json
1370lines · modepreview
unknown