add

deployment-apps/02-M-TIC_idx_indexes_base/default/indexes.conf

@@ -94,163 +94,163 @@ repFactor = auto
 [wineventlog]
 #maxHotBuckets = 10
 
-# Overview. Below you will find the basic indexes.conf settings for
-# setting up your indexes in Splunk. We separate into different indexes 
-# to allow for performance (in some cases) or data isolation in others. 
-# All indexes come preconfigured with a relatively short retention period 
-# that should work for everyone, but if you have more disk space, we 
-# encourage (and usually see) longer retention periods, particularly 
-# for security customers.
-
-# Endpoint Indexes used for Splunk Security Essentials. 
-# If you have the sources, other standard indexes we recommend include:
-# epproxy - Local Proxy Activity
-
-[epav]
-coldPath = $SPLUNK_DB/epav/colddb
-homePath = $SPLUNK_DB/epav/db
-thawedPath = $SPLUNK_DB/epav/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[epfw]
-coldPath = $SPLUNK_DB/epnet/colddb
-homePath = $SPLUNK_DB/epnet/db
-thawedPath = $SPLUNK_DB/epnet/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[ephids]
-coldPath = $SPLUNK_DB/epmon/colddb
-homePath = $SPLUNK_DB/epmon/db
-thawedPath = $SPLUNK_DB/epmon/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[epintel]
-coldPath = $SPLUNK_DB/epweb/colddb
-homePath = $SPLUNK_DB/epweb/db
-thawedPath = $SPLUNK_DB/epweb/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[oswin]
-coldPath = $SPLUNK_DB/oswin/colddb
-homePath = $SPLUNK_DB/oswin/db
-thawedPath = $SPLUNK_DB/oswin/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[oswinsec]
-coldPath = $SPLUNK_DB/oswinsec/colddb
-homePath = $SPLUNK_DB/oswinsec/db
-thawedPath = $SPLUNK_DB/oswinsec/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[oswinscript]
-coldPath = $SPLUNK_DB/oswinscript/colddb
-homePath = $SPLUNK_DB/oswinscript/db
-thawedPath = $SPLUNK_DB/oswinscript/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[oswinperf]
-coldPath = $SPLUNK_DB/oswinperf/colddb
-homePath = $SPLUNK_DB/oswinperf/db
-thawedPath = $SPLUNK_DB/oswinperf/thaweddb
-frozenTimePeriodInSecs = 604800 
-#7 days
-
-[osnix]
-coldPath = $SPLUNK_DB/osnix/colddb
-homePath = $SPLUNK_DB/osnix/db
-thawedPath = $SPLUNK_DB/osnix/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[osnixsec]
-coldPath = $SPLUNK_DB/osnixsec/colddb
-homePath = $SPLUNK_DB/osnixsec/db
-thawedPath = $SPLUNK_DB/osnixsec/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[osnixscript]
-coldPath = $SPLUNK_DB/osnixscript/colddb
-homePath = $SPLUNK_DB/osnixscript/db
-thawedPath = $SPLUNK_DB/osnixscript/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[osnixperf]
-coldPath = $SPLUNK_DB/osnixperf/colddb
-homePath = $SPLUNK_DB/osnixperf/db
-thawedPath = $SPLUNK_DB/osnixperf/thaweddb
-frozenTimePeriodInSecs = 604800 
-#7 days
-
-# Network Indexes used for Splunk Security Essentials
-# If you have the sources, other standard indexes we recommend include:
-# netauth - for network authentication sources
-# netflow - for netflow data
-# netids - for dedicated IPS environments
-# netipam - for IPAM systems
-# netnlb - for non-web server load balancer data (e.g., DNS, SMTP, SIP, etc.)
-# netops - for general network system data (such as Cisco iOS non-netflow logs)
-# netvuln - for Network Vulnerability Data
-
-[netdns]
-coldPath = $SPLUNK_DB/netdns/colddb
-homePath = $SPLUNK_DB/netdns/db
-thawedPath = $SPLUNK_DB/netdns/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[mail]
-coldPath = $SPLUNK_DB/mail/colddb
-homePath = $SPLUNK_DB/mail/db
-thawedPath = $SPLUNK_DB/mail/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[netfw]
-coldPath = $SPLUNK_DB/netfw/colddb
-homePath = $SPLUNK_DB/netfw/db
-thawedPath = $SPLUNK_DB/netfw/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[netops]
-coldPath = $SPLUNK_DB/netops/colddb
-homePath = $SPLUNK_DB/netops/db
-thawedPath = $SPLUNK_DB/netops/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[netproxy]
-coldPath = $SPLUNK_DB/netproxy/colddb
-homePath = $SPLUNK_DB/netproxy/db
-thawedPath = $SPLUNK_DB/netproxy/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-[netvpn]
-coldPath = $SPLUNK_DB/netvpn/colddb
-homePath = $SPLUNK_DB/netvpn/db
-thawedPath = $SPLUNK_DB/netvpn/thaweddb
-frozenTimePeriodInSecs = 2592000
-#30 days
-
-
-# Splunk Security Essentials doesn't have examples of Application Security, 
-# but if you want to ingest those logs, here are the recommended indexes:
-# appwebint - Internal WebApp Access Logs
-# appwebext - External WebApp Access Logs
-# appwebintrp - Internal-facing Web App Load Balancers
-# appwebextrp - External-facing Web App Load Balancers
-# appwebcdn - CDN logs for your website
-# appdbserver - Database Servers
-# appmsgserver - Messaging Servers
-# appint - App Servers for internal-facing apps 
-# appext - App Servers for external-facing apps 
+# # Overview. Below you will find the basic indexes.conf settings for
+# # setting up your indexes in Splunk. We separate into different indexes 
+# # to allow for performance (in some cases) or data isolation in others. 
+# # All indexes come preconfigured with a relatively short retention period 
+# # that should work for everyone, but if you have more disk space, we 
+# # encourage (and usually see) longer retention periods, particularly 
+# # for security customers.
+
+# # Endpoint Indexes used for Splunk Security Essentials. 
+# # If you have the sources, other standard indexes we recommend include:
+# # epproxy - Local Proxy Activity
+
+# [epav]
+# coldPath = $SPLUNK_DB/epav/colddb
+# homePath = $SPLUNK_DB/epav/db
+# thawedPath = $SPLUNK_DB/epav/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [epfw]
+# coldPath = $SPLUNK_DB/epnet/colddb
+# homePath = $SPLUNK_DB/epnet/db
+# thawedPath = $SPLUNK_DB/epnet/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [ephids]
+# coldPath = $SPLUNK_DB/epmon/colddb
+# homePath = $SPLUNK_DB/epmon/db
+# thawedPath = $SPLUNK_DB/epmon/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [epintel]
+# coldPath = $SPLUNK_DB/epweb/colddb
+# homePath = $SPLUNK_DB/epweb/db
+# thawedPath = $SPLUNK_DB/epweb/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [oswin]
+# coldPath = $SPLUNK_DB/oswin/colddb
+# homePath = $SPLUNK_DB/oswin/db
+# thawedPath = $SPLUNK_DB/oswin/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [oswinsec]
+# coldPath = $SPLUNK_DB/oswinsec/colddb
+# homePath = $SPLUNK_DB/oswinsec/db
+# thawedPath = $SPLUNK_DB/oswinsec/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [oswinscript]
+# coldPath = $SPLUNK_DB/oswinscript/colddb
+# homePath = $SPLUNK_DB/oswinscript/db
+# thawedPath = $SPLUNK_DB/oswinscript/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [oswinperf]
+# coldPath = $SPLUNK_DB/oswinperf/colddb
+# homePath = $SPLUNK_DB/oswinperf/db
+# thawedPath = $SPLUNK_DB/oswinperf/thaweddb
+# frozenTimePeriodInSecs = 604800 
+# #7 days
+
+# [osnix]
+# coldPath = $SPLUNK_DB/osnix/colddb
+# homePath = $SPLUNK_DB/osnix/db
+# thawedPath = $SPLUNK_DB/osnix/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [osnixsec]
+# coldPath = $SPLUNK_DB/osnixsec/colddb
+# homePath = $SPLUNK_DB/osnixsec/db
+# thawedPath = $SPLUNK_DB/osnixsec/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [osnixscript]
+# coldPath = $SPLUNK_DB/osnixscript/colddb
+# homePath = $SPLUNK_DB/osnixscript/db
+# thawedPath = $SPLUNK_DB/osnixscript/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [osnixperf]
+# coldPath = $SPLUNK_DB/osnixperf/colddb
+# homePath = $SPLUNK_DB/osnixperf/db
+# thawedPath = $SPLUNK_DB/osnixperf/thaweddb
+# frozenTimePeriodInSecs = 604800 
+# #7 days
+
+# # Network Indexes used for Splunk Security Essentials
+# # If you have the sources, other standard indexes we recommend include:
+# # netauth - for network authentication sources
+# # netflow - for netflow data
+# # netids - for dedicated IPS environments
+# # netipam - for IPAM systems
+# # netnlb - for non-web server load balancer data (e.g., DNS, SMTP, SIP, etc.)
+# # netops - for general network system data (such as Cisco iOS non-netflow logs)
+# # netvuln - for Network Vulnerability Data
+
+# [netdns]
+# coldPath = $SPLUNK_DB/netdns/colddb
+# homePath = $SPLUNK_DB/netdns/db
+# thawedPath = $SPLUNK_DB/netdns/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [mail]
+# coldPath = $SPLUNK_DB/mail/colddb
+# homePath = $SPLUNK_DB/mail/db
+# thawedPath = $SPLUNK_DB/mail/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [netfw]
+# coldPath = $SPLUNK_DB/netfw/colddb
+# homePath = $SPLUNK_DB/netfw/db
+# thawedPath = $SPLUNK_DB/netfw/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [netops]
+# coldPath = $SPLUNK_DB/netops/colddb
+# homePath = $SPLUNK_DB/netops/db
+# thawedPath = $SPLUNK_DB/netops/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [netproxy]
+# coldPath = $SPLUNK_DB/netproxy/colddb
+# homePath = $SPLUNK_DB/netproxy/db
+# thawedPath = $SPLUNK_DB/netproxy/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+# [netvpn]
+# coldPath = $SPLUNK_DB/netvpn/colddb
+# homePath = $SPLUNK_DB/netvpn/db
+# thawedPath = $SPLUNK_DB/netvpn/thaweddb
+# frozenTimePeriodInSecs = 2592000
+# #30 days
+
+
+# # Splunk Security Essentials doesn't have examples of Application Security, 
+# # but if you want to ingest those logs, here are the recommended indexes:
+# # appwebint - Internal WebApp Access Logs
+# # appwebext - External WebApp Access Logs
+# # appwebintrp - Internal-facing Web App Load Balancers
+# # appwebextrp - External-facing Web App Load Balancers
+# # appwebcdn - CDN logs for your website
+# # appdbserver - Database Servers
+# # appmsgserver - Messaging Servers
+# # appint - App Servers for internal-facing apps 
+# # appext - App Servers for external-facing apps 

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/audit_report.js

@@ -0,0 +1,17 @@
+require.config({
+    paths: {
+        "DA-ITSI-CP-windows-dashboards": "../app/DA-ITSI-CP-windows-dashboards/js/DA-ITSI-CP-windows-dashboards",
+    },
+});
+require([
+    'DA-ITSI-CP-windows-dashboards/components/ldaprecordview',
+    'splunkjs/mvc/simplexml/ready!',
+    '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/jquery-3.5.0.min.js',
+], function(LDAPRecordView) {
+
+    var report = new LDAPRecordView({
+    	"id": "audit_report",
+    	"managerid": "audit_query",
+    	"el": $("#audit_report")
+    }).render();
+});

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/custom.css

@@ -0,0 +1,14 @@
+.windows-footer {
+	list-style: none;
+	margin: 0;
+	padding: 0;
+	margin-bottom: 15px;
+}
+
+.input-link {
+	margin-top: 25px;
+}
+
+.input-link a {
+	margin-left: 5px;
+}

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/customized_chart_preload.js

@@ -0,0 +1,8 @@
+require.config({
+    paths: {
+        "app": "../app"
+    }
+});
+require(['splunkjs/mvc/simplexml/ready!'], function(){
+    
+});

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/dns_performance.js

@@ -0,0 +1,18 @@
+require.config({
+    paths: {
+        "DA-ITSI-CP-windows-dashboards": "../app/DA-ITSI-CP-windows-dashboards/js/DA-ITSI-CP-windows-dashboards",
+    },
+});
+require([
+    'DA-ITSI-CP-windows-dashboards/components/dnsperformanceview',
+    'splunkjs/mvc/simplexml/ready!',
+    '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/jquery-3.5.0.min.js',
+
+], function(DNSPerformanceView) {
+
+    var report = new DNSPerformanceView({
+    	"id": "dns_performance_chart",
+    	"managerid": "dns_performance_query",
+    	"el": $("#dns_performance_chart")
+    }).render();
+});

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/html/infra_home.html

@@ -0,0 +1,122 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="utf-8" />
+  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+  <title>Overview</title>
+  <link rel="stylesheet" type="text/css" href="${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/bootstrap.min.css')}" />
+  <link rel="stylesheet" type="text/css"
+    href="${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/dashboard-simple-bootstrap.min.css')}" />
+  <link rel="stylesheet" type="text/css"
+    href="${make_url('/static/app/DA-ITSI-CP-windows-dashboards/landing_page.css')}" />
+</head>
+
+<body class="locale-en">
+  <header>
+    <a class="navSkip" href="#navSkip" tabindex="1">Screen reader users, click here to skip the navigation bar</a>
+    <div class="header splunk-header">
+      <div id="placeholder-splunk-bar">
+        <a href="${make_url('/app/launcher/home')}" class="brand"
+          title="splunk &gt; listen to your data">splunk<strong>&gt;</strong></a>
+      </div>
+      <div id="placeholder-app-bar"></div>
+    </div>
+    <a id="navSkip"></a>
+  </header>
+  <div class="dashboard-body container-fluid main-section-body">
+    <div class="dashboard-row" style="flex-grow: unset;">
+      <div class="dashboard-cell" style="display:none;" id="windows-container">
+        <div class="dashboard-panel">
+          <div class="dashboard-element">
+            <div class="panel-head">
+              <h1>Windows</h1>
+            </div>
+            <div class="panel-body">
+              <div class="launchpad icon-gauge-filler"> <a href="windows_operationsdashboard">Health</a>
+              </div>
+              <div class="launchpad icon-gauge-radial"> <a href="windows_performance">Resource Utilization</a>
+              </div>
+              <div class="launchpad icon-alert-circle"> <a href="windows_windowsupdate">Updates</a>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+      <div class="dashboard-cell" style="display:none;" id="ad-container">
+        <div class="dashboard-panel">
+          <div class="dashboard-element">
+            <div class="panel-head">
+              <h1>Active Directory</h1>
+            </div>
+            <div class="panel-body">
+              <div class="launchpad icon-gauge-filler"> <a href="ad_ops_topology">Health</a>
+              </div>
+              <div class="launchpad icon-lock"> <a href="ad_sec_logon_fail">Security</a>
+              </div>
+              <div class="launchpad icon-two-arrows-cycle"> <a href="ad_chg_users">Change Management</a>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  <!-- 
+      END LAYOUT
+      -->
+  <script src="${make_url('/config?autoload=1')}"></script>
+  <script src="${make_url('/static/js/i18n.js')}"></script>
+  <script src="${make_url('/i18ncatalog?autoload=1')}"></script>
+  <script src="${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/require.js')}"></script>
+
+  <script type="text/javascript">
+    // <![CDATA[
+    require.config({
+      paths: {
+        "common": "${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/common')}",
+        "DA-ITSI-CP-windows-dashboards": "${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/DA-ITSI-CP-windows-dashboards')}",
+        "swc-windows-cp": "${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/swc-windows-cp')}",
+      },
+      waitSeconds: 0,
+      baseUrl: "${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib')}",
+      urlArgs: "bust=897"
+    });
+
+
+    require([
+      '/static/app/DA-ITSI-CP-windows-dashboards/js/swc-windows-cp/index.js',
+      '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/jquery-3.5.0.min.js',
+    ],
+      function(
+        index      
+        ) {
+        const LayoutView = index.LayoutView;
+        //
+        // SPLUNK HEADER AND FOOTER
+        //
+
+        $('header').remove();
+        new LayoutView({
+          "hideAppBar": false,
+          "hideAppsList": false,
+          "hideChrome": false,
+          "hideSplunkBar": false,
+          "hideFooter": false,
+          "layout": "scrolling"
+        },{ tokens: true }).render().getContainerElement()
+          .appendChild($('.dashboard-body')[0]);
+
+        var width = parseInt(100.0 / 2) + '%';
+        $('#windows-container').show();
+        $('#windows-container').css('width', width);
+        $('#ad-container').show();
+        $('#ad-container').css('width', width);
+      }
+    );
+      // ]]>
+  </script>
+</body>
+
+</html>

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/html/windows_host_inventory.html

@@ -0,0 +1,176 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="utf-8" />
+  <meta http-equiv="X-UA-Compatible" content="IE=edge" />
+  <title>Host Inventory</title>
+  <link rel="stylesheet" type="text/css" href="${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/bootstrap.min.css')}" />
+  <link rel="stylesheet" type="text/css"
+    href="${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/dashboard-simple-bootstrap.min.css')}" />
+  <link rel="stylesheet" type="text/css"
+    href="${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/DA-ITSI-CP-windows-dashboards/custom.css')}" />
+  <link rel="stylesheet" type="text/css"
+    href="${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/DA-ITSI-CP-windows-dashboards/windows/HostInventory.css')}" />
+</head>
+
+<body class="simplexml locale-en">
+  <header>
+    <a class="navSkip" href="#navSkip" tabindex="1">Screen reader users, click here to skip the navigation bar</a>
+    <div class="header splunk-header">
+      <div id="placeholder-splunk-bar">
+        <a href="${make_url('/app/launcher/home')}" class="brand"
+          title="splunk &gt; listen to your data">splunk<strong>&gt;</strong></a>
+      </div>
+      <div id="placeholder-app-bar"></div>
+    </div>
+    <a id="navSkip"></a>
+  </header>
+  <div class="dashboard-body container-fluid main-section-body" data-role="main">
+    <h2>Host Inventory - Windows</h2>
+    <div class="divider"></div>
+    <div class="section-separator">
+      <div class="host-info-input">
+        <h5>Host Name: </h5>
+        <div>
+          <div id="host-filter"></div>
+        </div>
+        <div>
+          <div id="page-timepicker"></div>
+        </div>
+      </div>
+      <div style="clear: both" id="host-updating"></div>
+    </div>
+    <div class="dashboard-row section-separator" id="host-details-pane">
+      <div class="dashboard-cell">
+        <div class="dashboard-panel host-info-pane">
+          <table>
+            <tbody>
+              <tr>
+                <td class="title-cell">Computer name</td>
+                <td id="computer-name" class="value-cell">Unknown</td>
+                <td class="title-cell">Operating system version</td>
+                <td class="value-cell"><span id="os">Unknown</span> (<span id="os-arch">Unknown architecture</span>)
+                </td>
+              </tr>
+              <tr>
+                <td class="title-cell">Domain</td>
+                <td id="domain" class="value-cell">Unknown</td>
+                <td class="title-cell">Service pack</td>
+                <td id="service-pack" class="value-cell">Unknown</td>
+              </tr>
+              <tr>
+                <td class="title-cell">Hardware information</td>
+                <td class="value-cell"><span id="manufacturer">Unknown</span> <span id="model">(Unknown model)</span>
+                </td>
+                <td class="title-cell">Last installed update</td>
+                <td id="last-update" class="value-cell">Unknown</td>
+              </tr>
+            </tbody>
+          </table>
+          <div class="section-separator"></div>
+          <div class="section-separator"></div>
+          <table>
+            <tbody>
+              <tr>
+                <td class="title-cell">Processors</td>
+                <td id="processors-trend" class="value-cell">(No info on usage)</td>
+                <td class="title-cell">Installed memory (RAM)</td>
+                <td class="value-cell"><span id="total-ram">Unknown</span> MB Available memory:<span
+                    id="memory-trend">(No info)</span></td>
+              </tr>
+              <tr>
+                <td class="title-cell">Network</td>
+                <td id="network-trend" class="value-cell">(No info on usage)</td>
+                <td class="title-cell">Disk</td>
+                <td class="value-cell">
+                  <p>Disk space: <span id="total-disk">Unknown</span> MB (<span id="free-disk">Unknown</span> MB free)
+                  </p>
+                  <p>Reads: <span id="disk-read-trend">(No info on usage)</span> Writes: <span id="disk-write-trend">(No
+                      info on usage)</span></p>
+                </td>
+              </tr>
+              <tr>
+              </tr>
+            </tbody>
+          </table>
+        </div>
+      </div>
+    </div>
+    <div id="message-board">
+    </div>
+    <div class="dashboard-row section-separator" id="key-events-details-pane">
+      <div class="dashboard-cell" style="width: 100%">
+        <h5>Key Events (<span id="key-events-count"></span>)</h5>
+        <p id="key-events-updating"></p>
+      </div>
+      <div class="dashboard-cell" style="width: 30%">
+        <div class="dashboard-panel">
+          <div id="left-pane" class="key-events-pane">
+            <div id="no-key-events">None</div>
+            <ul id="key-events-list">
+            </ul>
+          </div>
+        </div>
+      </div>
+      <div class="dashboard-cell" style="width: 70%">
+        <div class="dashboard-panel">
+          <div id="right-pane" class="key-events-pane">
+            <div id="no-key-events">None</div>
+            <div id="key-event-details"></div>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  <!-- 
+      END LAYOUT
+      -->
+  <script src="${make_url('/config?autoload=1')}"></script>
+  <script src="${make_url('/static/js/i18n.js')}"></script>
+  <script src="${make_url('/i18ncatalog?autoload=1')}"></script>
+  <script src="${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/require.js')}"></script>
+  <script type="text/javascript">
+    // <![CDATA[
+    require.config({
+      paths: {
+        "common": "${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/common')}",
+        "DA-ITSI-CP-windows-dashboards": "${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/DA-ITSI-CP-windows-dashboards')}",
+        "swc-windows-cp": "${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/swc-windows-cp')}",
+      },
+      waitSeconds: 0,
+      baseUrl: "${make_url('/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib')}",
+      urlArgs: "bust=897"
+    });
+
+    require([
+      '/static/app/DA-ITSI-CP-windows-dashboards/js/swc-windows-cp/index.js',
+      'DA-ITSI-CP-windows-dashboards/windows/HostInventory',
+      '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/jquery-3.5.0.min.js'
+    ],function(
+      index,
+      HostInventory
+    ) {
+      //const mvc = index.SplunkjsMVC;
+      const LayoutView = index.LayoutView;
+      const splunkUtil = index.SplunkUtil;
+      var args = splunkUtil.queryStringToProp(window.location.search);
+
+      $('header').remove();
+      new LayoutView({
+        "hideAppBar": false,
+        "hideAppsList": false,
+        "hideChrome": false,
+        "hideSplunkBar": false,
+        "hideFooter": false,
+        "layout": "scrolling"
+      },{ tokens: true }).render().getContainerElement()
+        .appendChild($('.dashboard-body')[0]);
+
+      HostInventory.render(args);
+    });
+  </script>
+</body>
+
+</html>

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/DA-ITSI-CP-windows-dashboards/WinfraConstants.js

@@ -0,0 +1,42 @@
+/*
+ * This file contains a collection of constants for use in the Winfra app's js files
+ */
+
+define([
+        '/static/app/DA-ITSI-CP-windows-dashboards/js/swc-windows-cp/index.js'
+        ],
+        function(index) {
+            const splunk_util = index.SplunkUtil;
+   var WinfraConstants = {
+       getAppName: function() { return 'itsi'; },
+       
+       getAppRestId: function() { return 'itsi'; },
+       
+       getDefaultSparklineSettings: function() {
+           return {
+               type: "line", 
+               lineColor: "#070", 
+               lineWidth: 1,
+               height: 30,
+               highlightSpotColor: null, 
+               minSpotColor: null, 
+               maxSpotColor: null, 
+               spotColor: '#070',
+               spotRadius: 2,
+               fillColor: null
+               };
+       },
+
+       getSplunkWebUrl: function(){
+           return (splunk_util.getConfigValue('MRSPARKLE_ROOT_PATH', '/') + '/')
+               .replace(/^(\/)+/, "$1")
+               .replace(/(\/)+$/, "$1");
+       },
+
+       getPerfmonPath: function() {
+           return WinfraConstants.getSplunkWebUrl() + 'app/itsi/search?';
+       }
+   };
+   
+   return WinfraConstants;
+});

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/DA-ITSI-CP-windows-dashboards/components/dnsperformanceview.js

@@ -0,0 +1,108 @@
+define(function(require, exports, module) {
+
+    require('/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/jquery-3.5.0.min.js');
+    require('/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/highcharts.js');
+    var _ = require('/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/underscore.js');
+    var SimpleSplunkView = require("splunkjs/mvc/simplesplunkview");
+    var LINE_NAME = "% Processor Time";
+    var DNSPerformanceView = SimpleSplunkView.extend({
+
+        className: "splunk-app-microsoft-dnsperformanceview",
+
+        output_mode: "json",
+
+        _highchart: null,
+
+        createView: function() {
+            return true;
+        },
+
+        formatData: function(data){
+        	return data;
+        },
+
+        updateView: function(viz, data) {
+            if (data.length == 0) {
+                return;
+            }
+
+            var areaName = '';
+
+            _.each(data, function(datum) {
+                _.each(_.keys(datum), function(key) {
+                    if (key !== LINE_NAME && key.indexOf('_') !== 0) {
+                        areaName = key;
+                    }
+                });
+            });
+
+            var lineData = [];
+            var areaData = [];
+
+            _.each(data, function(datum) {
+                if (!_.isUndefined(datum[LINE_NAME])) {
+                    lineData.push([
+                        Date.parse(datum._time),
+                        parseFloat(datum[LINE_NAME])
+                    ]);
+                }
+                if (!_.isUndefined(datum[areaName])) {
+                    areaData.push([
+                        Date.parse(datum._time),
+                        parseFloat(datum[areaName])
+                    ]);
+                }
+            });
+
+            if (this._highchart) {
+                this._highchart.destroy();
+            }
+            this.$el.empty();
+            this.$el.append('<div></div>');
+            this._highchart = new Highcharts.Chart({
+                chart: {
+                    renderTo: this.$('div')[0]
+                },
+                credits: {
+                    enabled: false
+                },
+                title: { text: "" },
+                xAxis: [{
+                    type: 'datetime',
+                    title: { text: "Time" }
+                }],
+                yAxis: [
+                    {
+                        title: { text: LINE_NAME },
+                        opposite: true,
+                        min: 0,
+                        max: 100
+                    },
+                    {
+                        title: { text: areaName }
+                    }
+                ],
+                
+                series: [
+                    {
+                        type: 'area',
+                        data: areaData,
+                        name: areaName,
+                        yAxis: 1
+                    },
+                    {
+                        type: 'line',
+                        data: lineData,
+                        name: LINE_NAME
+                    } 
+                ]
+            });
+        },
+        
+        getData: function(){
+            return this.resultsModel.data().results;
+        }
+
+    });
+    return DNSPerformanceView;
+});

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/DA-ITSI-CP-windows-dashboards/components/ldaprecordview.css

@@ -0,0 +1,31 @@
+.splunk-app-microsoft-ldaprecordview {
+	width: 			100%;
+	overflow-x:		scroll;
+}
+
+.splunk-app-microsoft-ldaprecordview div.oc {
+	width: 			100%;
+}
+
+.splunk-app-microsoft-ldaprecordview div.oc h3.title {
+	padding:		6px;
+	background:		#C7DBB9;
+	font:			italic bold 8pt/14pt Helvetica,sans-serif;
+}
+
+.splunk-app-microsoft-ldaprecordview div.oc div.content {
+	padding-left:	10px;
+	padding-right:	10px;
+	font:			black 10pt Arial,Helvetica,sans-serif;
+}
+
+.splunk-app-microsoft-ldaprecordview div.oc div.content div.attr div.attrname {
+	float:			left;
+	width:			30%;
+}
+
+.splunk-app-microsoft-ldaprecordview div.oc div.content div.attr div.attrval {
+	width:			70%;
+	white-space:	nowrap;
+	display:		inline-block;
+}

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/DA-ITSI-CP-windows-dashboards/custom.css

@@ -0,0 +1,61 @@
+ul.windows-footer {
+	margin:0;
+}
+
+ul.windows-footer li {
+	display:block;
+} 
+
+.clearfix {
+	clear:both;
+}
+
+.lister {
+    float:left;
+    width:298px;  
+}
+
+.lister li {
+	word-break: break-word;
+}
+
+.dashboard-cell.span-full {
+    width: 100%;
+}
+
+.dashboard-cell.span-half {
+    width: 50%;
+}
+
+/* Added for beta feedback and idea buttons */
+.dashboard-element.help,
+.dashboard-element.feedback {
+display: inline-block;
+float: left;
+width: 100% !important;
+font-size: 14px;
+line-height: 24px;
+min-height: 150px;
+}
+
+.dashboard-element.feedback .panel-head h1 {
+	padding-top: 30px;
+}
+
+.dashboard-element.feedback a.btn {
+margin-top: 8px;
+}
+
+.dashboard-panel.feedback:after {
+background-color: whiteSmoke;
+border: 1px solid #CCC;
+border-radius: 2px 0 2px 0;
+color: #9DA0A4;
+content: "Beta Testers";
+font-size: 12px;
+font-weight: bold;
+left: -1px;
+padding: 3px 7px;
+position: absolute;
+top: -1px;
+}

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/DA-ITSI-CP-windows-dashboards/windows/HostInventory.css

@@ -0,0 +1,88 @@
+.dashboard-panel {
+    padding: 10px;
+}
+
+.host-info-pane  {}
+
+.host-info-pane table {
+    empty-cells: show;
+    table-layout: fixed;
+    width: 100%;
+}
+
+.host-info-pane table td {
+    position: relative;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    min-height: 10px;
+}
+
+.host-info-pane table td:hover
+{
+    overflow: visible;
+    z-index: 1;
+}
+
+.host-info-pane table td.title-cell {
+    width: 15%;
+}
+
+.host-info-pane table td.value-cell {
+    width: 35%;
+}
+
+.key-events-pane ul {
+    width: 100%;
+    list-style-type: none;
+    list-style-position: outside;
+    margin: 0 0 0 0;
+    padding-left: 0;
+}
+
+.key-events-pane li {
+    overflow: hidden;
+    text-overflow: ellipsis;
+}
+
+.key-events-pane li:hover
+{
+    overflow: visible;
+    position: relative;
+    z-index: 1;
+    display: inline-block;
+}
+
+div.section-separator {
+    padding-top: 20px;
+}
+
+.chosen-item {
+    background-color: #eeeeee;
+}
+
+.key-events-pane {
+    height:300px;
+    overflow:scroll;
+}
+
+.key-event-title {
+    background-color: #eeeeee;
+    font-size: 12px;
+    padding-top: 10px;
+    padding-left: 5px;
+    text-overflow: ellipsis;
+}
+
+.field-name {
+    font-weight: lighter;
+}
+
+div.key-event-cell {
+    min-height: 20px;
+}
+
+.host-info-input>div{
+    display: inline-block;
+    vertical-align: top;
+    width: 200px;
+}

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/DA-ITSI-CP-windows-dashboards/windows/HostInventory.js

@@ -0,0 +1,711 @@
+/*
+ * This file contains the code to implement the host inventory page
+ */
+
+define([      
+    '/static/app/DA-ITSI-CP-windows-dashboards/js/swc-windows-cp/index.js',    
+    'common/SearchRunner',
+    'common/SearchDataHelpers',
+    'common/PageMessagesView',
+    'common/SyncTaskQueue',
+    'DA-ITSI-CP-windows-dashboards/WinfraConstants',
+    '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/underscore.js',  
+    '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/jquery-3.5.0.min.js',
+    '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/jquery.sparkline.js'
+],
+    function(
+        index,
+        SearchRunner,
+        SearchDataHelpers,
+        PageMessagesView,
+        SyncTaskQueue,
+        WinfraConstants,
+        _
+    ) {
+        const mvc = index.SplunkjsMVC;
+        const DropdownView = index.DropdownView;
+        const SearchManager = index.SearchManager;
+        const TimePickerView = index.TimePickerView;
+        var _keyEventDetailsMap = {};
+        var _lastEventIndex = 0;
+        var _getPerfmonDrilldownFunction = function(object,counter,instance) {
+            return function() {
+                var host = mvc.Components.getInstance('default').get('Host');
+                if (host && object && counter) {
+                    var paramsArray = [{
+                        'host': host,
+                        'object': object,
+                        'counter': counter,
+                        'instance': instance || '*'
+                    }];
+                    if(object==="Processor"){
+                    window.open(
+                        WinfraConstants.getPerfmonPath()
+                        + 'q=eventtype="perfmon_index_windows" eventtype="perfmon_windows" object="'+object+'" counter="%25 Processor Time" host="'+host+'" | stats sparkline(max(Value)) as UsageTrend by host'
+                    );
+                    }
+                    else {
+                        window.open(
+                            WinfraConstants.getPerfmonPath()
+                            + 'q=eventtype="perfmon_index_windows" eventtype="perfmon_windows" object="'+object+'" counter="'+counter+'" host="'+host+'" | stats sparkline(max(Value)) as UsageTrend by host'
+                        );
+                    }
+                }
+                else {
+                    // JIRA: for now when not all parameters are avaiable, we go to an
+                    // unpopulated perfmon page. This is because the behavior of the perfmon
+                    // page is undefined if there not all parameters are specified. The JIRA
+                    // to fix this is (TAG-8642), which is blocked on the JIRA to determine 
+                    // the right behavior in perfmon with missing parameters (TAG-8641)
+                    window.open(WinfraConstants.getPerfmonPath());
+                }
+            }
+        }
+
+        var HostInventory = {
+            _countActiveSearches: 0,
+
+            _searchDefinitions:
+                /*
+                 * Contains a array of definitions for each search on the page from which
+                 * fields for this page are populated. Schema:
+                 * 
+                 * search: search to run
+                 * callbacks: the different search results callback handlers for the search
+                 *      failureCallback
+                 *      dataCallback          
+                 */
+                [
+                    {
+                        'search': '\
+                        eventtype="windows_index_windows" eventtype="hostmon_windows" Type=Computer host="$Host$" \
+                        | stats latest(*) by host \
+                        ',
+                        'callbacks':
+                        {
+                            'failureCallback': function(message) {
+                                console.log(message);
+
+                                $('#computer-name').text('Unknown');
+                                $('#domain').text('Unknown');
+                                $('#manufacturer').text('Unknown');
+                                $('#model').text('(Unknown model)');
+                            },
+                            'dataCallback': function(resultFields,resultRows,additionalChecksFn) {
+                                if (resultRows.length > 1) {
+                                    console.log('Search for computer info returned more than one row unexpectedly, using only first row');
+                                }
+
+                                SearchDataHelpers.populateSearchBasedTextFields(
+                                    {
+                                        'latest(ComputerName)': '#computer-name',
+                                        'latest(Domain)': '#domain',
+                                        'latest(Manufacturer)': '#manufacturer',
+                                        'latest(Model)': '#model'
+                                    },
+                                    resultFields,
+                                    resultRows[0]
+                                );
+
+                                var messageBoard = new PageMessagesView('#message-board');
+
+                                messageBoard.clearAllMessages();
+
+                                var manufacturer = $('#manufacturer').text().toLowerCase();
+                                if (manufacturer.indexOf('vmware') > -1) {
+                                    var localSplunkd = mvc.createService({ 'app': 'system' });
+
+                                    localSplunkd.get(
+                                        'apps/local/DA-ITSI-CP-vmware-dashboards',
+                                        null,
+                                        function(error,appInfo) {
+                                            if ((_.isUndefined(error) || _.isNull(error)) &&
+                                                !_.isUndefined(appInfo) && !_.isNull(appInfo)) {
+
+                                                messageBoard.addMessage(
+                                                    'The host machine is running as a guest on VMWare platform. \
+                                                        <a href="/app/itsi/vm_detail" target="_blank" rel="noopener noreferrer"\
+                                                        >Click here</a> to lookup information about the host \
+                                                        in the Content Pack for VMware Dashboards and Reports. \
+                                                        <br><a href="https://docs.splunk.com/Documentation/CPVMwareDash/latest/CP/About"\
+                                                        target="_blank" rel="noopener noreferrer">Click here</a> \
+                                                        to learn more about the Content Pack for VMware Dashboards and Reports.',
+                                                    messageBoard.InfoMessageType,
+                                                    '#vmware-message'
+                                                );
+                                            }
+                                        }
+                                    );
+                                }
+                            }
+                        }
+                    },
+                    {
+                        'search': '\
+                        eventtype="windows_index_windows" eventtype="hostmon_windows" Type=OperatingSystem host="$Host$" \
+                        | stats latest(*) by host \
+                        | rename "latest(TotalPhysicalMemoryKB)" as TotalPhysicalMemoryKB \
+                        | eval TotalPhysicalMemoryMB = tostring(TotalPhysicalMemoryKB / 1024, "commas") \
+                        ',
+                        'callbacks':
+                        {
+                            'failureCallback': function(message) {
+                                console.log(message);
+
+                                $('#os').text('Unknown');
+                                $('#os-arch').text('Unknown architecture');
+                                $('#service-pack').text('Unknown');
+                                $('#total-ram').text('Unknown');
+                            },
+                            'dataCallback': function(resultFields,resultRows) {
+                                if (resultRows.length > 1) {
+                                    console.log('Search for OS info returned more than one row unexpectedly, using only first row');
+                                }
+
+                                SearchDataHelpers.populateSearchBasedTextFields(
+                                    {
+                                        'latest(OS)': '#os',
+                                        'latest(Architecture)': '#os-arch',
+                                        'latest(ServicePack)': '#service-pack',
+                                        'TotalPhysicalMemoryMB': '#total-ram'
+                                    },
+                                    resultFields,
+                                    resultRows[0]
+                                );
+                            }
+                        }
+                    },
+                    {
+                        'search': '\
+                        eventtype="windows_index_windows" eventtype="hostmon_windows" Type=Disk host="$Host$" \
+                        | where FileSystem != "CD-ROM" \
+                        | stats latest(TotalSpaceKB) as TotalSpaceKBPerDisk, \
+                            latest(FreeSpaceKB) as FreeSpaceKBPerDisk by host, Name \
+                        | stats sum(TotalSpaceKBPerDisk) as TotalDiskSpaceKB, \
+                            sum(FreeSpaceKBPerDisk) as FreeDiskSpaceKB by host \
+                        | eval TotalDiskSpaceMB = tostring(TotalDiskSpaceKB / 1024, "commas") \
+                        | eval FreeDiskSpaceMB = tostring(FreeDiskSpaceKB / 1024, "commas") \
+                        ',
+                        'callbacks':
+                        {
+                            'failureCallback': function(message) {
+                                console.log(message);
+
+                                $('#total-disk').text('Unknown');
+                                $('#free-disk').text('Unknown');
+                            },
+                            'dataCallback': function(resultFields,resultRows) {
+                                if (resultRows.length > 1) {
+                                    console.log('Search for disk info returned more than one row unexpectedly, using only first row');
+                                }
+
+                                SearchDataHelpers.populateSearchBasedTextFields(
+                                    {
+                                        'TotalDiskSpaceMB': '#total-disk',
+                                        'FreeDiskSpaceMB': '#free-disk'
+                                    },
+                                    resultFields,
+                                    resultRows[0]
+                                );
+                            }
+                        }
+                    },
+                    {
+                        'search': '\
+                        eventtype="Update_Successful_windows" host="$Host$" | \
+                        stats latest(signature) as Signature by host \
+                        ',
+                        'callbacks':
+                        {
+                            'failureCallback': function(message) {
+                                console.log(message);
+
+                                $('#last-update').text('Unknown');
+                            },
+                            'dataCallback': function(resultFields,resultRows) {
+                                if (resultRows.length > 1) {
+                                    console.log('Search for windows update info returned more than one row unexpectedly, using only first row');
+                                }
+
+                                SearchDataHelpers.populateSearchBasedTextFields(
+                                    {
+                                        'Signature': '#last-update'
+                                    },
+                                    resultFields,
+                                    resultRows[0]
+                                );
+                            }
+                        }
+                    },
+                    {
+                        'search': '\
+                        eventtype="perfmon_index_windows" eventtype="perfmon_windows" object="Network Interface" \
+                            counter="Bytes Total/sec" \
+                            host="$Host$" \
+                        | stats sparkline(max(Value)) as UsageTrend by host \
+                        ',
+                        'drilldown': {
+                            domid: 'network-trend',
+                            args: ['Network Interface','Bytes Total/sec',null]
+                        },
+                        'callbacks':
+                        {
+                            'failureCallback': function(message) {
+                                console.log(message);
+
+                                $('#network-trend').empty();
+                                $('#network-trend').text('(No info on usage)');
+                            },
+                            'dataCallback': function(resultFields,resultRows) {
+                                if (resultRows.length > 1) {
+                                    console.log('Search for network usage returned more than one row unexpectedly, using only first row');
+                                }
+
+                                SearchDataHelpers.populateSearchBasedSparklineFields(
+                                    {
+                                        'UsageTrend': '#network-trend'
+                                    },
+                                    resultFields,
+                                    resultRows[0],
+                                    WinfraConstants.getDefaultSparklineSettings()
+                                );
+                            }
+                        }
+                    },
+                    {
+                        'search': '\
+                        eventtype="perfmon_index_windows" eventtype="perfmon_windows" object="Processor" \
+                            counter="% Processor Time" host="$Host$" \
+                        | stats sparkline(max(Value)) as UsageTrend by host \
+                        ',
+                        'drilldown': {
+                            domid: 'processors-trend',
+                            args: ['Processor','% Processor Time','_Total']
+                        },
+                        'callbacks':
+                        {
+                            'failureCallback': function(message) {
+                                console.log(message);
+
+                                $('#processors-trend').empty();
+                                $('#processors-trend').text('(No info on usage)');
+                            },
+                            'dataCallback': function(resultFields,resultRows) {
+                                if (resultRows.length > 1) {
+                                    console.log('Search for processor usage returned more than one row unexpectedly, using only first row');
+                                }
+
+                                SearchDataHelpers.populateSearchBasedSparklineFields(
+                                    {
+                                        'UsageTrend': '#processors-trend'
+                                    },
+                                    resultFields,
+                                    resultRows[0],
+                                    WinfraConstants.getDefaultSparklineSettings()
+                                );
+                            }
+                        }
+                    },
+                    {
+                        'search': '\
+                        eventtype="perfmon_index_windows" eventtype="perfmon_windows" object="Memory" \
+                            counter="Available Bytes" host="$Host$" \
+                        | stats sparkline(max(Value)) as UsageTrend by host \
+                        ',
+                        'drilldown': {
+                            domid: 'memory-trend',
+                            args: ['Memory','Available Bytes','0']
+                        },
+                        'callbacks':
+                        {
+                            'failureCallback': function(message) {
+                                console.log(message);
+
+                                $('#memory-trend').empty();
+                                $('#memory-trend').text('(No info on usage)');
+                            },
+                            'dataCallback': function(resultFields,resultRows) {
+                                if (resultRows.length > 1) {
+                                    console.log('Search for memory usage returned more than one row unexpectedly, using only first row');
+                                }
+
+                                SearchDataHelpers.populateSearchBasedSparklineFields(
+                                    {
+                                        'UsageTrend': '#memory-trend'
+                                    },
+                                    resultFields,
+                                    resultRows[0],
+                                    WinfraConstants.getDefaultSparklineSettings()
+                                );
+                            }
+                        }
+                    },
+                    {
+                        'search': '\
+                        eventtype="perfmon_index_windows" eventtype="perfmon_windows" object="LogicalDisk" \
+                            counter="Disk Reads/sec" host="$Host$" \
+                        | stats sparkline(max(Value)) as UsageTrend by host \
+                        ',
+                        'drilldown': {
+                            domid: 'disk-read-trend',
+                            args: ['LogicalDisk','Disk Reads/sec','_Total']
+                        },
+                        'callbacks':
+                        {
+                            'failureCallback': function(message) {
+                                console.log(message);
+
+                                $('#disk-read-trend').empty();
+                                $('#disk-read-trend').text('(no info on read usage)');
+                            },
+                            'dataCallback': function(resultFields,resultRows) {
+                                if (resultRows.length > 1) {
+                                    console.log('Search for disk read usage returned more than one row unexpectedly, using only first');
+                                }
+
+                                SearchDataHelpers.populateSearchBasedSparklineFields(
+                                    {
+                                        'UsageTrend': '#disk-read-trend'
+                                    },
+                                    resultFields,
+                                    resultRows[0],
+                                    WinfraConstants.getDefaultSparklineSettings()
+                                );
+                            }
+                        }
+                    },
+                    {
+                        'search': '\
+                        eventtype="perfmon_index_windows" eventtype="perfmon_windows" object="LogicalDisk" \
+                            counter="Disk Writes/sec" host="$Host$" \
+                        | stats sparkline(max(Value)) as UsageTrend by host, counter \
+                        ',
+                        'drilldown': {
+                            domid: 'disk-write-trend',
+                            args: ['LogicalDisk','Disk Writes/sec','_Total']
+                        },
+                        'callbacks':
+                        {
+                            'failureCallback': function(message) {
+                                console.log(message);
+
+                                $('#disk-write-trend').empty();
+                                $('#disk-write-trend').text('(no info on write usage)');
+                            },
+                            'dataCallback': function(resultFields,resultRows) {
+                                if (resultRows.length > 1) {
+                                    console.log('Search for disk write usage returned more than one row unexpectedly, using only first');
+                                }
+
+                                SearchDataHelpers.populateSearchBasedSparklineFields(
+                                    {
+                                        'UsageTrend': '#disk-write-trend'
+                                    },
+                                    resultFields,
+                                    resultRows[0],
+                                    WinfraConstants.getDefaultSparklineSettings()
+                                );
+                            }
+                        }
+                    },
+                    {
+                        'search': 'tag="Key_Events_On_Hosts" host="$Host$" | sort -_time | table Accessing_User, Account_Domain, Account_Name, Authentication_Package, Caller_Process_ID, Caller_Process_Name, Change_Reason, Caller_Computer_Name, Caller_Domain, Caller_Logon_ID, Caller_Machine_Name, Caller_User_Name, Change_Type, Client_Address, Client_Domain, Client_Logon_ID, Client_Machine_Name, Client_User_Name, Cmdlet, Description, Domain, Error_Code, EventCode, EventCodeDescription, EventData_Xml, EventID, EventRecordID, Eventcode, Failure_Information, Failure_Reason, Group_Domain, Group_Name, Group_Type_Change, HotFixID, Image_File_Name, IpAddress, IpPort, Impersonation_Level, LogonType, LogName, Logon_Account, Logon_ID, Logon_GUID, Logon_Process, Member_Name, Message, New_Account_Name, New_Domain, OpCode, Process_ID, Process_Name, Primary_Domain, Primary_User_Name, PrivilegeList, RenderingInfo_Xml, Security_ID, SourceName, Source_Network_Address, Source_Workstation, State, Status, SubStatus, Sub_Status, SubjectDomainName, SubjectLogonId, SubjectUserName, Supplied_Realm_Name, TaskCategory, Ticket_Encryption_Type, Ticket_Options, ,Transited_Services, TargetDomainName, TargetServerName, TargetUserName, Target_Account_ID, action, Target_Account_Name, Target_Domain, Target_Server_Name, Target_User_Name, TokenElevationType, Token_Elevation_Type, dest, dest_nt_domain, dest_nt_host, dst_nt_domain, event_id, Type, User, User_ID, User_Name, Workstation, Workstation_Name, _time, member_dn, member_id, member_nt_domain, name, package, package_title, object, privilege, privilege_id, product, package_message, package_title, recipient, recipients, remote_endpoint, sender, severity, severity_id, signature, signature_id, signature_message, status, vendor, vendor_privilege, vendor_status',
+                        'callbacks':
+                        {
+                            'failureCallback': function(message) {
+                                console.log('Search for key events returned failure: ' + message);
+                                $('#key-events-updating').text('');
+                                $('#key-events-count').text('0');
+                            },
+                            'dataCallback': function(resultFields,resultRows) {
+                                if (resultRows.length < 1) {
+                                    console.log('Search for key events returned no results');
+                                    $('#left-pane #no-key-events').show();
+                                    $('#right-pane #no-key-events').show();
+                                }
+
+                                $('#key-events-count').text(resultRows.length);
+
+                                $('#left-pane #no-key-events').hide();
+                                $('#right-pane #no-key-events').hide();
+
+                                // Display each key event as a list item in left pane
+                                // and show details of a picked list item as detailed
+                                // view for the event in the right pane
+
+                                _.each(resultRows,function(resultRow,rIndex) {
+
+                                    // Define an id for the html element to be added
+                                    // for the event in both left and right pane.
+                                    // Since both panes use the same id for same event,
+                                    // identifying the events is simplified
+                                    var eventElId = 'key-event-' + _lastEventIndex;
+
+                                    $('#key-events-list').append(
+                                        '<li id="' + eventElId + '"></li>'
+                                    );
+
+                                    // Define the click handler for the event on the left pane
+                                    // which must show the corresponding event on the right pane
+                                    $('#key-events-list li#' + eventElId).on('click',function() {
+                                        $('#key-events-list li').removeClass('chosen-item');
+
+                                        $('#key-event-details').html(
+                                            _keyEventDetailsMap[eventElId]
+                                        );
+                                        $(this).addClass('chosen-item');
+                                    });
+
+                                    var isFirstFieldInRow = true;
+                                    var searchFields = '';
+                                    var rowTitle = '';
+                                    var eventDetails = '<table><tbody>';
+
+                                    // Display each field of the event for detailed view
+                                    _.each(resultFields,function(resultField,fIndex) {
+                                        var fieldDisplayValue = (
+                                            _.isNull(resultRow[fIndex]) ||
+                                            _.isUndefined(resultRow[fIndex])
+                                        ) ? '' : resultRow[fIndex];
+                                        if (fieldDisplayValue != "") {
+                                            if (isFirstFieldInRow) {
+                                                eventDetails += '<tr>';
+                                            }
+
+                                            var fieldDisplayName = SearchDataHelpers.makeDisplayNameFromResultField(resultField);
+
+                                            eventDetails += ' \
+												<td><div class="key-event-cell">' +
+                                                '<span class="field-name">' +
+                                                fieldDisplayName + ': \
+														</span>' + fieldDisplayValue +
+                                                '</div></td>';
+
+                                            if (!isFirstFieldInRow) {
+                                                eventDetails += '</tr>';
+                                            }
+                                            // Display two fields per row - so alternate every time we add a field
+                                            isFirstFieldInRow = !isFirstFieldInRow;
+
+                                            // Concoct an event title
+                                            // If result field is certain special fields, 
+                                            // display their values as title for the event, 
+                                            // since there is no single field that
+                                            // can act as a real title
+                                            var potentialTitleFields = [
+                                                'signature',
+                                                'status',
+                                                'LogName',
+                                                'SourceName',
+                                                'EventCode',
+                                                'Cmdlet',
+                                                'CmdletError',
+                                                'Error'
+                                            ];
+
+                                            if (_.contains(potentialTitleFields,resultField) &&
+                                                !_.isUndefined(fieldDisplayValue) &&
+                                                !_.isNull(fieldDisplayValue) &&
+                                                fieldDisplayValue.length > 0) {
+                                                if (rowTitle.length > 0) {
+                                                    rowTitle += ', ';
+                                                }
+                                                if (searchFields.length > 0) {
+                                                    searchFields += ' AND ';
+                                                }
+                                                rowTitle += fieldDisplayName + ': ' + fieldDisplayValue;
+                                                searchFields += resultField + '%3D%22' + fieldDisplayValue + '%22';
+                                            }
+                                        }
+                                    });
+                                    eventDetails += '</tbody></table></div>';
+                                    // Apply the concocted title for the row
+                                    if (rowTitle.length < 1) {
+                                        rowTitle = 'Key event #' + _lastEventIndex;
+                                    }
+
+                                    $('#key-events-list li#' + eventElId).text(rowTitle);
+
+                                    var eventDetailsHtml = '<div id="' + eventElId + '"> \
+                                        <div> \
+                                            <h5 id="key-event-title" class="key-event-title">' +
+                                        rowTitle + '</h5> \
+                                        </div>' + eventDetails;
+                                    var url = document.location.href.replace("windows_host_inventory","search");
+                                    var hostName = mvc.Components.getInstance("default",{ create: true }).get('Host');
+                                    var earliest = mvc.Components.getInstance("default",{ create: true }).get('page_earliest_time');
+                                    var latest = mvc.Components.getInstance("default",{ create: true }).get('page_latest_time');
+
+                                    url = url + '?q=search%20tag%3D%22Key_Events_On_Hosts%22%20host%3D%22' + hostName + '%22%20%28' + searchFields + '%29%20%7C%20sort%20-_time&display.page.search.mode=verbose&earliest=' + earliest + '&latest=' + latest + ''
+
+                                    eventDetailsHtml += '<tr style="margin-top:10px"><a target=_blank rel="noopener noreferrer" href=" ' + url + '">View results</a></tr>'
+
+                                    if (_lastEventIndex === 0) {
+                                        $('#key-events-list li#' + eventElId).addClass('chosen-item');
+                                        $('#key-event-details').html(eventDetailsHtml);
+                                    }
+
+                                    _keyEventDetailsMap[eventElId] = eventDetailsHtml;
+
+                                    _lastEventIndex++;
+                                });
+
+                                $('#key-events-updating').text('Search for key events has completed');
+                            }
+                        }
+                    }
+                ],
+
+            _searchQueue: new SyncTaskQueue(),
+
+            render: function(args) {
+                var that = this;
+
+
+                this._tokens = mvc.Components.getInstance("default",{ create: true });
+
+                this.populateSearchFields();
+                this._hostsSearchManager = new SearchManager(
+                    {
+                        autostart: true,
+                        search: '\
+                        eventtype="windows_index_windows" eventtype="hostmon_windows" Type=OperatingSystem \
+                        | stats latest(ComputerName) as ComputerName by host \
+                        ',
+                        earliest_time: '0',
+                        latest_time: 'now',
+                        preview: true,
+                        cancelOnUnload: true,
+                        cache: false
+                    },
+                    { tokens: true }
+                ).startSearch();
+
+                this._hostDropdown = new DropdownView({
+                    id: 'host-index',
+                    managerid: this._hostsSearchManager.id,
+                    labelField: 'ComputerName',
+                    valueField: 'host',
+                    showClearButton: false,
+                    value: mvc.tokenSafe('$Host$'),
+                    default: args.host,
+                    el: $("#host-filter")
+                }).render();
+
+                this._timePickerView = (new TimePickerView({
+                    el: $('#page-timepicker')
+                })).render();
+
+                this._timePickerView.on('change',function() {
+                    that._tokens.set('page_earliest_time',that._timePickerView.val()['earliest_time']);
+                    that._tokens.set('page_latest_time',that._timePickerView.val()['latest_time']);
+                });
+
+                this._timePickerView.val({
+                    earliest_time: args.earliest_time || '-24h',
+                    latest_time: args.latest_time || 'now'
+                });
+
+                _.each(_.filter(this._searchDefinitions,function(definition) { return _.has(definition,'drilldown'); }),
+                    function(definition) {
+                        $('#' + definition.drilldown.domid)
+                            .on('click','canvas',_getPerfmonDrilldownFunction.apply(null,definition.drilldown.args));
+                    });
+            },
+
+            populateSearchFields: function() {
+                var that = this;
+
+                _.each(this._searchDefinitions,function(searchDefinition,index) {
+                    that._searchQueue.enqueue(
+                        'Search to populate Host Inventory fields',
+                        that.runSearch,
+                        [searchDefinition,that],
+                        null, // default timeout
+                        that.searchTimeoutHandler,
+                        [searchDefinition]
+                    );
+                });
+            },
+
+            runSearch: function(taskRunner,searchDefinition,that) {
+                // This function is invoked by the SyncTaskRunner in the SyncTaskQueue
+                // It implements the actual running of each single search for this page 
+                // and updating the content on the page to reflect the results
+
+                searchDefinition['searchManager'] = new SearchManager(
+                    {
+                        autostart: true,
+                        search: searchDefinition['search'],
+                        earliest_time: mvc.tokenSafe("$page_earliest_time$"),
+                        latest_time: mvc.tokenSafe('$page_latest_time$'),
+                        preview: true,
+                        cancelOnUnload: true,
+                        cache: false
+                    },
+                    { tokens: true }
+                );
+
+                searchDefinition['searchRunner'] = new SearchRunner(
+                    searchDefinition['searchManager'],
+                    null,
+                /* search fail handler */ function(message) {
+                        searchDefinition['callbacks']['failureCallback'](message);
+
+                        if (message.indexOf('The search returned error "Search is waiting for input...".' === 0)) {
+                            // Search is waiting on input
+                            taskRunner.markCompleted();
+                        }
+                    },
+                /* search results handler */ function(data) {
+                        var rowCount = data.rows.length;
+
+                        if (rowCount > 0) {
+                            searchDefinition['callbacks']['dataCallback'](
+                                data.fields,
+                                data.rows,
+                                that._doAdditionalChecks
+                            );
+
+                            taskRunner.markCompleted();
+                        } // else search completion would be handled
+                    },
+                /* search start handler */ function() {
+                        // Be resilient to more events per search in processing this counter
+                        that._countActiveSearches = that._countActiveSearches >= 0 ? that._countActiveSearches + 1 : 0;
+                        $('#host-updating').text('Searching for host information ...');
+                        $('#key-events-updating').text('Searching for key events on the host ...');
+                        $('#key-events-list').empty();
+                        $('#key-event-details').empty();
+                        $('#left-pane #no-key-events').show();
+                        $('#right-pane #no-key-events').show();
+                        $('#key-events-count').text('0');
+                        _lastEventIndex = 0;
+                    },
+                /* search progress handler */ function(isSearchDone,properties) {
+                        if (isSearchDone) {
+                            if (properties.content.eventCount === 0) {
+                                searchDefinition['callbacks']['failureCallback'](
+                                    'No results found for search: "' + properties.name
+                                );
+                            } //else results would have been rendered
+
+                            if (--that._countActiveSearches < 1) {
+                                $('#host-updating').text('Search for host information has completed');
+                            }
+
+                            taskRunner.markCompleted();
+                        }
+                    }
+                );
+
+                searchDefinition['searchRunner'].runSearch();
+            },
+
+            searchTimeoutHandler: function(searchDefinition) {
+                searchDefinition['callbacks']['failureCallback']('Search has timed out. Search: "' + searchDefinition['search'] + '"');
+            }
+        };
+
+        return HostInventory;
+    });

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/common/Class.js

@@ -0,0 +1,29 @@
+/*
+ * Class is an abstraction to define classes and inheritance based on the
+ * classes. It is a lightweight prototype chaining based inheritance abstraction.
+ * 
+ *  It is highly recommended to keep this implementation as simple as possible
+ *  and only use classes in our apps when there is a demand for it. In regular
+ *  cases use the conventional JS methodology. Examples for necessary conditions
+ *  for using classes are: UnitTestBase class that all unit tests could extend from,
+ *  generic classes like SyncTaskRunner that are implementation that may be extended
+ *  for specific implementations in different scenarios, when multiple instances of an
+ *  are to be created for a use case like two SyncTaskQueues.
+ */
+
+define(function() {
+    var Class = {
+        makeClass: function(classFn) {
+            return classFn.prototype;
+        },
+        
+        makeInheritedClass: function(baseClass, subClassFn) {
+            subClassFn.prototype = new baseClass(); 
+            subClassFn.prototype.constructor = subClassFn;
+            
+            return subClassFn.prototype;
+        }
+    };
+    
+    return Class;
+});

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/common/PageMessagesView.js

@@ -0,0 +1,65 @@
+/* 
+ * The PageMessagesView is a wrapper to display errors on a page
+ */
+
+define([
+        'common/Class',
+        '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/underscore.js',
+        '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/jquery-3.5.0.min.js'
+        ],
+        function(
+            Class,
+            _
+            ) {
+
+    var PageMessagesView = function(pageSel) {
+        this._pageSel = pageSel; 
+        this._messagesPaneSel = this._pageSel + ' #page-messages-view';
+    };
+    
+    var PageMessagesViewClass = Class.makeClass(PageMessagesView);
+        
+    PageMessagesViewClass.addMessage = function(message, messageType, messageId) {
+        if (!$(this._messagesPaneSel).length) {
+            $(this._pageSel).prepend(' \
+                <div id="page-messages-view"> \
+                </div>'
+                );
+        }
+        
+        $(this._messagesPaneSel).show();
+        
+        if (_.isUndefined(messageType) || _.isNull(messageType)) {
+            messageType = PageMessagesViewClass.InfoMessageType;
+        }
+        
+        var messageIdPart = !_.isUndefined(messageId) && !_.isNull(messageId) ?
+            'id="' + messageId + '"' : '';
+        
+        $(this._messagesPaneSel).append(' \
+            <div class="alert ' + messageType + ' page-message" ' + messageIdPart + 
+                ' style="border-color: #a62f2f; border-style: solid; border-width: 1px;"> \
+                <i class="icon-alert" style="font-size: 24px; padding-left: 5px"> </i> \
+                <p>' + message + '</p> \
+            </div>'
+            );
+        return this;
+    };
+    
+    PageMessagesViewClass.clearMessage = function(messageId) {
+        $(this._messagesPaneSel).find('#' + messageId).remove();
+        return this;
+    };
+        
+    PageMessagesViewClass.clearAllMessages = function() {
+        $(this._messagesPaneSel).hide();
+        $(this._messagesPaneSel).empty();
+        return this;
+    };
+    
+    PageMessagesViewClass.InfoMessageType = 'alert-info';
+    PageMessagesViewClass.WarningMessageType = 'alert-warning';
+    PageMessagesViewClass.ErrorMessageType = 'alert-error';
+    
+    return PageMessagesView;
+});

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/common/SearchDataHelpers.js

@@ -0,0 +1,85 @@
+/*
+ * This file contains helper methods that could be used in the app pages
+ * to manipulate data returned from searches
+ */
+
+define(['/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/underscore.js', '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/jquery-3.5.0.min.js'], function(_) {
+    var SearchDataHelpers = {
+        /*
+         * Given a map of fields to html selectors (in fieldsToElSelsMap), search fields
+         * returned from running a search (in searchFields), a row returned in the result
+         * set of a search (in searchRow) and a html renderer function (in elRenderer) that
+         * does specific action to convert result from the search to the html selector
+         * specified element, this function extracts the values for the fields from the
+         * row and invokes the renderer resulting in the values from a search row
+         * being populated to different html elements
+         */
+        populateSearchBasedFields: function(fieldsToElSelsMap, searchFields, searchRow, elRenderer) {
+            _.each(searchFields, function(fieldName, index) {
+                var elSel = fieldsToElSelsMap[fieldName];
+                if (!_.isUndefined(elSel) && !_.isNull(elSel)) {
+                    elRenderer(elSel, searchRow[index]);
+                }
+            });
+        },
+    
+        /*
+         * This is a specialization of populateSearchBasedFields to specifically
+         * extract and display search results as sparklines in the html elements
+         */
+        populateSearchBasedSparklineFields: function(fieldsToSparklineSelsMap, searchFields, searchRow, sparklineSettings) {
+            this.populateSearchBasedFields(
+                fieldsToSparklineSelsMap,
+                searchFields,
+                searchRow,
+                function(sparklineSel, sparklineData) {
+                    $(sparklineSel).empty();
+                    
+                    var sparks = _.isArray(sparklineData) ? 
+                        _.map(sparklineData.slice(1), function(value) {
+                            return (value && parseFloat(value)) || 0; 
+                        }) : [];
+
+                    $(sparklineSel).sparkline(
+                        sparks,
+                        sparklineSettings
+                        );
+                 }
+                );
+        },
+        
+        /*
+         * This is a specialization of populateSearchBasedFields to specifically
+         * extract and display search results as texts in the html elements
+         */
+        populateSearchBasedTextFields: function(fieldsToTextSelsMap, searchFields, searchRow) {
+            this.populateSearchBasedFields(
+                fieldsToTextSelsMap,
+                searchFields,
+                searchRow,
+                function(textSel, textValue) {
+                    $(textSel).text(textValue);
+                }
+                );
+        },
+        
+        makeDisplayNameFromResultField: function(resultFieldName) {
+            // Convert all _ in field name to spaces
+            // Capitalize first character of each word part
+            var nameParts = resultFieldName.replace('_', ' ').split(' ');
+            
+            var displayNameParts = _.map(nameParts, function(namePart) {
+                if (/^[a-z]/.test(namePart)) {
+                    var firstChar = namePart[0].toUpperCase();
+                    return firstChar + namePart.substr(1);
+                } else {
+                    return namePart;
+                }
+            });
+            
+            return displayNameParts.join(' ');
+        }
+    }
+    
+    return SearchDataHelpers;
+});

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/common/SearchRunner.js

@@ -0,0 +1,150 @@
+/* 
+ * The SearchRunner is a wrapper to run searches via the core search manager that
+ * encapsulates the event handlers to ensure search manager events are handled uniformly
+ */
+
+define([
+        'common/Class',
+        '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/underscore.js'
+        ],
+        function(
+            Class,
+            _
+            ) {
+    var SearchRunner = function(
+        searchManager,
+        resultsModel,
+        failureCallback,
+        successCallback,
+        startCallback,
+        progressCallback
+        ) {
+        this.checkValidProperty(searchManager);
+        this.checkValidProperty(failureCallback);
+        this.checkValidProperty(successCallback);
+        this.checkValidProperty(startCallback);
+        this.checkValidProperty(progressCallback);
+        
+        if (_.isUndefined(resultsModel) || _.isNull(resultsModel)) {
+            resultsModel = searchManager.data('preview', {
+                count: 0,
+                offset: 0
+            });
+        }
+        
+        this.checkValidProperty(resultsModel);
+        
+        this._searchManager = searchManager;
+        this._resultsModel = resultsModel;
+        this._failureCallback = failureCallback;
+        this._successCallback = successCallback;
+        this._startCallback = startCallback;
+        this._progressCallback = progressCallback;
+    }
+    
+    var SearchRunnerClass = Class.makeClass(SearchRunner);
+        
+    SearchRunnerClass.runSearch = function(deferRun) {
+        var that = this;
+        
+        this._searchManager.on(
+            "search:cancelled",
+            function() {
+                that._failureCallback(
+                    'The search got cancelled.' + 
+                    ' Search string is: "' +  that._searchManager.settings.get('search') + '"'
+                    );
+            },
+            this
+            );
+        
+        this._searchManager.on(
+            "search:error",
+            function(message, error) {
+                var errorMessage = 'The search returned error "' + message + '".';
+                    
+                if (!_.isUndefined(error) && !_.isNull(error)) {
+                    errorMessage += 'Detailed error: "' + error.error +
+                        '(' + error.status + ') - ' + error.data.messages[0].text + '"';
+                }
+                
+                that._failureCallback(
+                    errorMessage + ' Search string is: "' +  that._searchManager.settings.get('search') + '"'
+                    );
+            },
+            this
+            );
+        
+        this._searchManager.on(
+            "search:fail",
+            function(state, job) {
+                that._failureCallback(
+                    'The search failed with error "' +  state.content.messages[0].text + '".' +
+                    ' Search string is: "' +  that._searchManager.settings.get('search') + '"'
+                    );
+            },
+            this
+            );
+        
+        this._searchManager.on(
+            "search:start",
+            function() {
+                that._startCallback();
+            },
+            this
+            );
+        
+        this._searchManager.on(
+            "search:progress",
+            function(properties) {
+                that._progressCallback(properties.content.isDone, properties);
+            },
+            this
+            );
+        
+        this._searchManager.on(
+            "search:done",
+            function(properties) {
+                that._progressCallback(properties.content.isDone, properties);
+            },
+            this
+            );
+        
+        this._resultsModel.on(
+            "error",
+            function(message, error) {
+                var errorMessage = 'The search returned error "' + message + '".';
+                
+                if (!_.isUndefined(error) && !_.isNull(error)) {
+                    errorMessage += 'Detailed error: "' + error.error +
+                        '(' + error.status + ') - ' + error.data.messages[0].text + '"';
+                }
+                
+                that._failureCallback(
+                    errorMessage + ' Search string is: "' +  that._searchManager.settings.get('search') + '"'
+                    );
+            },
+            this
+            );
+        
+        this._resultsModel.on(
+            "data",
+            function() {
+                that._successCallback(this._resultsModel.data());
+            },
+            this
+            );
+        
+        if (_.isUndefined(deferRun) || _.isNull(deferRun) || deferRun === true) {
+            this._searchManager.startSearch();
+        }
+    }
+    
+    SearchRunnerClass.checkValidProperty = function(property) {
+        if (_.isUndefined(property) || _.isNull(property)) {
+            throw property + ' is invalid';
+        }
+    }
+    
+    return SearchRunner;
+});

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/common/SyncTaskQueue.js

@@ -0,0 +1,66 @@
+/* 
+ * The SyncTaskQueue is a task serializer queue to enable queueing tasks to be run
+ * synchronously.
+ */
+
+define([
+        'common/Class',
+        'common/SyncTaskRunner',
+        '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/underscore.js'
+        ],
+        function(
+            Class,
+            SyncTaskRunner,
+            _
+            ) {
+    var SyncTaskQueue = function() {
+        var that = this;
+        
+        this._taskQueue = [];
+        this._currentTask = null;
+        
+        this._waitHandle = setInterval(
+            function() {
+                if (
+                    (_.isNull(that._currentTask) || that._currentTask.hasCompleted()) &&
+                    that._taskQueue.length > 0
+                    ) {
+                    that._currentTask = that._taskQueue.shift();
+                    that._currentTask.start();
+                }
+            },
+            200
+            );
+    }
+    
+    var SyncTaskQueueClass = Class.makeClass(SyncTaskQueue);
+        
+    /*
+     * taskLabel - a label for the task to enqueue
+     * taskFn - the function to execute for the task
+     *          the signature for the function is:
+     *          function(taskRunner, <any array of arguments passed in as taskFnArgs>)
+     * taskFnArgs - array of arguments to the task. Note that this array will
+     *              not contain the taskRunner but the rest of the arguments
+     *              specific to the function
+     * timeout - optional timeout for the task in ms
+     * timeoutFn - a timeout handler with the signature
+     *             function(<any array of arguments passed in as timeoutFnArgs>)
+     * timeoutFnArgs - array of arguments to the timeout handler 
+     */
+    SyncTaskQueueClass.enqueue = function(
+        taskLabel,
+        taskFn,
+        taskFnArgs,
+        timeout,
+        timeoutFn,
+        timeoutFnArgs
+        ) {
+        this._taskQueue.push(
+            new SyncTaskRunner(taskLabel, taskFn, taskFnArgs, timeout, timeoutFn, timeoutFnArgs)
+            );
+    }
+    
+    return SyncTaskQueue;
+});
+        

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/js/common/SyncTaskRunner.js

@@ -0,0 +1,114 @@
+/* 
+ * The SyncTaskRunner is a task serializer to enable running tasks synchronously.
+ * It takes as input a function to run a task, executes it and waits for completion.
+ * The SyncTaskRunner defines a markCompleted function to call back into to indicate
+ * task completion.
+ */
+
+define([
+        'common/Class',
+        '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/underscore.js'
+        ],
+        function(
+            Class,
+            _
+            ) {
+    /*
+     * taskLabel - a label for the task to enqueue
+     * taskFn - the function to execute for the task
+     *          the signature for the function is:
+     *          function(taskRunner, <any array of arguments passed in as taskFnArgs>)
+     * taskFnArgs - array of arguments to the task. Note that this array will
+     *              not contain the taskRunner but the rest of the arguments
+     *              specific to the function
+     * timeout - optional timeout for the task in ms
+     * timeoutFn - a timeout handler with the signature
+     *             function(<any array of arguments passed in as timeoutFnArgs>)
+     * timeoutFnArgs - array of arguments to the timeout handler
+     */
+    var SyncTaskRunner = function(
+        taskLabel,
+        taskFn,
+        taskFnArgs,
+        timeout /* in ms */,
+        timeoutFn,
+        timeoutFnArgs
+        ) {
+        this._taskCompleted = false;
+        
+        if (_.isUndefined(taskFn) || _.isNull(taskFn) || !_.isFunction(taskFn)) {
+            throw('Invalid task passed to SyncTaskRunner');
+        } else {
+            this._taskFn = taskFn;
+            
+            this._taskFnArgs = taskFnArgs;
+            // First argument to the function is the runner so it could invoke markCompleted
+            this._taskFnArgs.unshift(this);
+            
+            this._taskLabel = taskLabel;
+        }
+        
+        if (_.isUndefined(timeout) || _.isNull(timeout)) {
+            this._timeout = 600000; // 10 minutes in ms
+        } else {
+            if (_.isNumber(timeout)) {
+                this._timeout = timeout;
+            } else {
+                throw('Invalid timeout passed to SyncTaskRunner. Please specify a number in ms');
+            }
+        }
+        
+        if (_.isUndefined(timeoutFn) || _.isNull(timeoutFn) || !_.isFunction(timeoutFn)) {
+            throw('Invalid timeout handler passed to SyncTaskRunner');
+        } else {
+            this._timeoutFn = timeoutFn;
+            this._timeoutFnArgs = timeoutFnArgs;
+        }
+        
+        this._waitHandle = null;
+    }
+    
+    var SyncTaskRunnerClass = Class.makeClass(SyncTaskRunner);
+        
+    SyncTaskRunnerClass.start = function() {
+        var that = this;
+        
+        if (this._taskCompleted) {
+            throw('The task ' + this._taskLabel + ' has already completed');
+        }
+        
+        this._taskFn.apply(this, this._taskFnArgs);
+        
+        this._waitHandle = setInterval(
+            function() {
+                if (that._taskCompleted) {
+                    clearInterval(that._waitHandle);
+                }
+            },
+            200
+            );
+        
+        this._timeoutHandle = setTimeout(
+            function() {
+                that.markCompleted();
+                that._timeoutFn.apply(that, that._timeoutFnArgs);
+            },
+            this._timeout
+            );
+    }
+    
+    /*
+     * This function MUST be called by the task when done otherwise the task will timeout.
+     */
+    SyncTaskRunnerClass.markCompleted = function() {
+        this._taskCompleted = true;
+        clearTimeout(this._timeoutHandle);
+    }
+    
+    SyncTaskRunnerClass.hasCompleted = function() {
+        return this._taskCompleted;
+    }
+    
+    return SyncTaskRunner;
+});
+        

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/landing_page.css

@@ -0,0 +1,69 @@
+.launchpad {
+    padding-left: 10px;
+    padding-bottom: 30px;
+    font-size: 20px;
+    padding-top: 30px;
+}
+.launchpad a {
+    font-size: 16px;
+    color: #666;
+    display: inline-block;
+    position: relative;
+    top: -1px;
+}
+.dashboard-element {
+    padding-left: 8px;
+}
+.dashboard-element h1 {
+    font-size: 24px;
+    font-weight: 200;
+    margin: 0;
+    padding: 5px 10px;
+}
+.dashboard-element.help {
+    display: inline-block;
+    float: left;
+    width: 33%;
+    font-size: 14px;
+    line-height: 24px;
+}
+.dashboard-element.help a {
+    color: #527AB4;
+}
+.dashboard-cell {
+    margin-top: 10px;
+}
+.panel-head h3 {
+    padding-top: 16px;
+}
+.panel-body {
+    padding: 0 18px 15px 18px;
+}
+.launchpad {
+    padding-left: 0px;
+    padding-bottom: 5px;
+    color: #666;
+}
+.panel-head h1 {
+    font-size: 24px;
+    color: #666;
+    font-weight: 200;
+    padding-top: 15px;
+}
+.chartlabel h5 {
+    font-size: 13px;
+    margin: 4px 8px 0 9px;
+    color: #555;
+}
+div.chartlabel.left {
+    float: left;
+}
+div.chartlabel.right {
+    float: right;
+}
+.no-padding {
+    padding: 0;
+}
+#sankey-user-accesses {
+    height: 300px;
+}

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/manage_multiple_dropdowns.js

@@ -0,0 +1,81 @@
+require([
+	'splunkjs/mvc',
+	'splunkjs/mvc/simplexml/ready!',
+	], function (mvc) {
+	var defaultTokenModel = mvc.Components.get("default");
+	var submitTokenModel = mvc.Components.get("submitted");
+	var hostNameSearch = mvc.Components.getInstance("host_search_id");
+	defaultTokenModel.unset("form.multidropdown_host");
+	var hostCondition = "";
+
+	defaultTokenModel.on("change:form.multidropdown_forest", function() {
+		emptyRemainingToken(defaultTokenModel, "forest");
+	});
+	defaultTokenModel.on("change:form.multidropdown_site", function() {
+		emptyRemainingToken(defaultTokenModel, "site");
+	});
+	defaultTokenModel.on("change:form.multidropdown_domaindnsname", function() {
+		emptyRemainingToken(defaultTokenModel, "domain");
+	});
+	defaultTokenModel.on("change:form.multidropdown_host", function() {
+		fillRemainingToken(defaultTokenModel, submitTokenModel, defaultTokenModel.get("form.multidropdown_host"));
+	});
+  
+	hostNameSearch.on('search:done', function (properties) {
+		var searchData = hostNameSearch.data("results");
+		searchData.on("data", function () {
+			var rows = searchData.data().rows;
+			var hostList = rows.map(function(value,index) { return value[0]; });
+			hostCondition = generateHostCondition(hostList);
+		});
+	});
+
+	function generateHostCondition(rows){
+		var hostConditionLocal = "(";
+		for (i=0; i < rows.length; i++){
+			hostConditionLocal += "host=\"" +rows[i]+ "\"";
+			if(i != rows.length - 1){
+				hostConditionLocal += " OR "
+			}
+		}
+		hostConditionLocal += ")";
+	
+		return hostConditionLocal;
+	}
+	
+	function emptyRemainingToken(defaultTokenModel, filter){
+		switch (filter)
+			{
+				case "forest": defaultTokenModel.unset("form.multidropdown_site");
+				break;
+            
+				case "site": defaultTokenModel.unset("form.multidropdown_domaindnsname");
+				break;
+            
+				default:  defaultTokenModel.unset("form.multidropdown_host");
+			}
+
+	}
+	function fillRemainingToken(defaultTokenModel, submitTokenModel, selectedItem){
+		if(selectedItem != null){
+			if(selectedItem.indexOf("*")>-1){
+				submitTokenModel.set("multidropdown_host_token", hostCondition);
+				defaultTokenModel.set("multidropdown_host_token", hostCondition);
+			}
+			else{
+				if(selectedItem.length == 0){
+					submitTokenModel.unset("multidropdown_host_token");
+					defaultTokenModel.unset("multidropdown_host_token");
+				}
+				else{
+					submitTokenModel.set("multidropdown_host_token", generateHostCondition(selectedItem));
+					defaultTokenModel.set("multidropdown_host_token", generateHostCondition(selectedItem));
+				}
+			}
+		}
+		else{
+			submitTokenModel.unset("multidropdown_host_token");
+			defaultTokenModel.unset("multidropdown_host_token");
+		}
+	}
+});

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/table_decoration.css

@@ -0,0 +1,40 @@
+td.icon {
+    text-align: center;
+}
+td.icon i {
+    font-size: 21px;
+    text-shadow: 1px 1px #aaa;
+}
+td.icon .False {
+    color: #E53935;
+}
+td.icon .True {
+    color: #66BB6A;
+}
+
+.icon-inline i {
+    font-size: 18px;
+    margin-left: 5px;
+}
+.icon-inline i.icon-alert-circle {
+    color: #ef392c;
+}
+.icon-inline i.icon-alert {
+    color: #ff9c1a;
+}
+.icon-inline i.icon-check {
+    color: #5fff5e;
+}
+
+div[id^='decorated_table'] table tr td {
+    text-align: left;;
+}
+
+div[id^='decorated_table'] table thead {
+    display: none;
+}
+
+div[id^='decorated_table'] table tr td:first-child{
+    font-weight: bold;
+    color: #333;
+}

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/table_decoration.js

@@ -0,0 +1,35 @@
+require([
+    'splunkjs/mvc',
+    'splunkjs/mvc/tableview',
+    '/static/app/DA-ITSI-CP-windows-dashboards/js/common/contrib/underscore.js',
+    'splunkjs/mvc/simplexml/ready!'
+], function(mvc, TableView, _) {
+    var ICONS = {
+        False: 'x',
+        True: 'check',
+    };
+    var tables = ['decorated_table', 'topology_table'];
+
+    var RangeMapIconRenderer = TableView.BaseCellRenderer.extend({
+        canRender: function(cell) {
+            return ['True', 'False'].indexOf(cell.value) > -1;
+        },
+        render: function($td, cell) {
+            if (ICONS.hasOwnProperty(cell.value)) {
+                icon = ICONS[cell.value];
+                let element = _.template('<i class="icon-<%-icon%> <%- value %>" title="<%- value %>"></i>')({
+                    icon: icon,
+                    value: cell.value
+                });
+                $td.addClass('icon').html(element);
+            }
+        }
+    });
+
+    _.each(tables, function(table) {
+        if (!mvc.Components.get(table)){return;}
+        mvc.Components.get(table).getVisualization(function(tableView){
+            tableView.addCellRenderer(new RangeMapIconRenderer());
+        });
+    });
+});

deployment-apps/DA-ITSI-CP-windows-dashboards/appserver/static/windows_overview.css

@@ -0,0 +1,11 @@
+.single.splunk-view .panel-head h3{
+	visibility: hidden;
+}
+
+.single.splunk-view:nth-child(1) .panel-head h3{
+	visibility:visible;
+}
+
+tspan.single-result-unit {
+	font-size: 0.5em;
+}

deployment-apps/DA-ITSI-CP-windows-dashboards/bin/runsavedsearches_winfra.py

@@ -0,0 +1,110 @@
+import json
+import os
+import splunk.rest as rest
+import splunk.entity as entity
+import splunk.Intersplunk as intersplunk
+import logging
+from splunk.clilib.bundle_paths import make_splunkhome_path
+from six.moves.urllib.parse import quote
+
+app_name = "DA-ITSI-ContentLibrary"
+owner = 'nobody'
+CONF_WEB = 'configs/conf-web'
+url = "https://{}/servicesNS/nobody/DA-ITSI-ContentLibrary/saved/searches/{}/dispatch"
+
+# setup the logger
+def setup_logger():
+    """
+    Set up a logger with a rotating file handler for the search command.
+
+    Returns:
+        logging.Logger: A configured logger instance.
+    """
+    logger = logging.getLogger("windows_log_handler")
+    logger.propagate = False  # Prevent the log messages from being duplicated in the python.log file
+    logger.setLevel(logging.DEBUG)
+
+    file_handler = logging.handlers.RotatingFileHandler(make_splunkhome_path(['var', 'log',
+      'splunk', 'windows_runsavedsearches.log']), maxBytes=5000000, backupCount=1)
+    file_handler.setFormatter(logging.Formatter('%(asctime)s %(levelname)s %(lineno)d %(message)s'))
+
+    logger.addHandler(file_handler)
+
+    return logger
+
+logger = setup_logger()
+
+lookupSavedSearches = ["WinApp_Lookup_Build_Perfmon - Update - Server", 
+                      "WinApp_Lookup_Build_Printmon - Update",
+                      "WinApp_Lookup_Build_Netmon - Update - Server",
+                      "WinApp_Lookup_Build_Hostmon_Process - Update - Detail",
+                      "WinApp_Lookup_Build_Hostmon_FS - Update - Detail",
+                      "WinApp_Lookup_Build_Hostmon_Machine - Update - Detail",
+                      "WinApp_Lookup_Build_Hostmon - Update - Server",
+                      "WinApp_Lookup_Build_Event - Update - Server",
+                      "ActiveDirectory: Update Computer Lookup",
+                      "ActiveDirectory: Update User Lookup",
+                      "ActiveDirectory: Update Group Lookup",
+                      "ActiveDirectory: Update GPO Lookup",
+                      "SiteInfo_Lookup_Update",
+                      "tHostInfo_Lookup_Update",
+                      "HostToDomain_Lookup_Update",
+                      "DomainSelector_Lookup"
+                      ]
+output = []
+
+def getsessionkey():
+    '''
+        Get the Session Key
+    '''
+    results, dummyresults, settings = intersplunk.getOrganizedResults()
+    session_key = settings['sessionKey']
+    return session_key
+
+def fillLookup(splunkd_uri, session_key):
+  '''
+        Run savesearches to fill Host, Database, User Subject lookup
+  '''
+
+  for savedSearch in lookupSavedSearches:
+    try:
+      access_collection_url = url.format(splunkd_uri, quote(savedSearch))
+      response, content = rest.simpleRequest(
+            access_collection_url,
+            sessionKey=session_key,
+            method='POST',
+            raiseAllErrors=True,
+            postargs={"trigger_actions": "1"}
+          )
+      output.append({'savedSearch' : savedSearch, 'status' : response.status})
+    except Exception as e:
+        import traceback
+        stack = traceback.format_exc()
+        logger.error(str(stack))
+        output.append({'savedSearch' : savedSearch, 'status' : str(e)})
+  logger.info(output)
+
+def main():
+    try:
+      session_key = getsessionkey()
+      splunkd_uri = entity.getEntity(
+                      CONF_WEB,
+                      'settings',
+                      sessionKey=session_key,
+                      namespace=app_name,
+                      owner=owner
+                  ).get('mgmtHostPort', '127.0.0.1:8089')
+      logger.info("Filling lookup with savedsearches result")
+      fillLookup(splunkd_uri, session_key)
+      intersplunk.outputResults(output)
+    except Exception as e:
+      import traceback
+      stack = traceback.format_exc()
+      logger.error(str(stack))
+      errorMsg = intersplunk.generateErrorResults(
+                "Something went wrong. Try again later\n Error : Traceback: " + str(stack)
+                )
+      intersplunk.outputResults(errorMsg)
+
+if __name__ == "__main__":
+    main()

deployment-apps/DA-ITSI-CP-windows-dashboards/default/app.conf

@@ -0,0 +1,16 @@
+[install]
+build = 1
+
+[ui]
+is_visible = 0
+label = Content Pack for Windows Dashboards and Reports
+
+[launcher]
+author = Splunk, Inc.
+description = The Content Pack for Windows Dashboards and Reports gives you deep visibility into the health and performance of your Microsoft Windows Server and Active Directory environments.
+version = 1.2.2
+
+[package]
+id = DA-ITSI-CP-windows-dashboards
+check_for_updates = false
+show_upgrade_notification = false

deployment-apps/DA-ITSI-CP-windows-dashboards/default/collections.conf

@@ -0,0 +1,93 @@
+[ActiveDirectory_GPOs]
+enforceTypes = false
+profilingEnabled = false
+accelerated_fields.distinguishedName = { "distinguishedName" : 1 }
+accelerated_fields.objectGUID = { "objectGUID" : 1 }
+
+[ActiveDirectory_Groups]
+enforceTypes = false
+profilingEnabled = false
+accelerated_fields.distinguishedName = { "distinguishedName" : 1 }
+accelerated_fields.objectGUID = { "objectGUID" : 1 }
+
+[ActiveDirectory_Computers]
+enforceTypes = false
+profilingEnabled = false
+accelerated_fields.distinguishedName = { "distinguishedName" : 1 }
+accelerated_fields.objectGUID = { "objectGUID" : 1 }
+
+[ActiveDirectory_Users]
+enforceTypes = false
+profilingEnabled = false
+accelerated_fields.distinguishedName = { "distinguishedName" : 1 }
+accelerated_fields.objectGUID = { "objectGUID" : 1 }
+
+# Converted from csv
+[MsftApps-MigratedLookups]
+enforceTypes = false
+profilingEnabled = false
+
+[DomainSelector_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[SiteInfo_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[DomainList_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[tHostInfo_collection]
+enforceTypes = false
+profilingEnabled = false
+
+
+[windows_event_details_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[windows_event_system_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[windows_hostmon_system_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[windows_netmon_details_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[windows_netmon_system_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[windows_perfmon_details_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[windows_perfmon_system_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[windows_printmon_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[windows_hostmon_machine_details_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[windows_hostmon_fs_details_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[windows_hostmon_process_details_collection]
+enforceTypes = false
+profilingEnabled = false
+
+[windows_hostmon_services_details_collection]
+enforceTypes = false
+profilingEnabled = false

deployment-apps/DA-ITSI-CP-windows-dashboards/default/commands.conf

@@ -0,0 +1,5 @@
+[runsavedsearcheswinfra]
+filename = runsavedsearches_winfra.py 
+python.version = python3
+type = python
+passauth = true 

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_audit_computer.xml

@@ -0,0 +1,82 @@
+<form script="customized_chart_preload.js,audit_report.js" version="1.1">
+  <label>Computer Audit - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="ldaprecord.nt_domain" searchWhenChanged="true">
+      <label>Account Domain</label>
+      <search>
+        <query>| inputlookup DomainSelector | eval nt_domain=DomainNetBIOSName | dedup nt_domain | search nt_domain !="" | table nt_domain</query>
+      </search>
+      <fieldForLabel>nt_domain</fieldForLabel>
+      <fieldForValue>nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="text" token="ldaprecord.computer" searchWhenChanged="true">
+      <label>Computer Account</label>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <search id="audit_query">
+        <query>| ldapsearch domain=$ldaprecord.nt_domain$ search="(&amp;(objectclass=computer)(|(cn=$ldaprecord.computer$)(sAMAccountName=$ldaprecord.computer$)))" |fields *</query>
+        <latest>$Time.latest$</latest>
+      </search>
+      <html>
+        <div id="audit_report"/>
+      </html>
+    </panel>
+    <panel>
+      <table>
+        <title>Group Membership - Computer</title>
+        <search>
+          <query>|ldapsearch domain=$ldaprecord.nt_domain$ search="(objectclass=group)" attrs="cn,description,primaryGroupToken"|eval joiner=mvappend(dn,primaryGroupToken)|rename dn as groupDN,cn as groupName,primaryGroupToken as primaryGroupID|table groupDN,groupName,primaryGroupID,joiner|mvexpand joiner|join type=inner joiner [ldapsearch domain=$ldaprecord.nt_domain$ search="(&amp;(objectclass=computer)(|(cn=$ldaprecord.computer$)(sAMAccountName=$ldaprecord.computer$)))" attrs="memberOf,primaryGroupID"|eval joiner=mvappend(memberOf,primaryGroupID)|table joiner|mvexpand joiner]|dedup groupDN|table groupDN,groupName,primaryGroupID|sort primaryGroupID</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>IP Address History</title>
+        <search>
+          <query>eventtype=msad-successful-computer-logons user="$ldaprecord.computer$" dest_nt_domain="$ldaprecord.nt_domain$"|table _time,host,src_ip|dedup consecutive=T src_ip|lookup SiteInfo host|table _time,src_ip,Site</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Failed Logon Activity - Computer</title>
+        <search>
+          <query>eventtype=msad-failed-computer-logons|rename User_ID as userSid|join type=inner userSid [ldapsearch domain=$ldaprecord.nt_domain$ search="(&amp;(objectclass=computer)(|(cn=$ldaprecord.computer$)(sAMAccountName=$ldaprecord.computer$)))" attrs="objectSid"|eval userSid="%{"+objectSid+"}"|fields userSid]|stats min(_time) as mintime,max(_time) as maxtime,count by src_ip,signature|`ip-to-host`|`fix-localhost`|eval mintime=strftime(mintime,"%F %T")|eval maxtime=strftime(maxtime,"%F %T")|rename mintime as "Earliest",maxtime as "Latest",src_host as Workstation,src_ip as "IP Address", signature as "Reason"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_audit_gpo.xml

@@ -0,0 +1,67 @@
+<form script="customized_chart_preload.js,audit_report.js" version="1.1">
+  <label>Group Policy Audit - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="ldaprecord.nt_domain" searchWhenChanged="true">
+      <label>Account Domain</label>
+      <search>
+        <query>| inputlookup DomainSelector | eval nt_domain=DomainNetBIOSName | dedup nt_domain | search nt_domain !="" | table nt_domain</query>
+      </search>
+      <fieldForLabel>nt_domain</fieldForLabel>
+      <fieldForValue>nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="text" token="ldaprecord.gpobject" searchWhenChanged="true">
+      <label>Group Policy Name</label>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <search id="audit_query">
+        <query>|ldapsearch domain=$ldaprecord.nt_domain$ search="(&amp;(objectclass=groupPolicyContainer)(|(cn=$ldaprecord.gpobject$)(displayName=$ldaprecord.gpobject$)))"|fields *</query>
+        <latest>$Time.latest$</latest>
+      </search>
+      <html>
+        <div id="audit_report"/>
+      </html>
+    </panel>
+    <panel>
+      <table>
+        <title>Linked Containers</title>
+        <search>
+          <query>|ldapsearch domain=$ldaprecord.nt_domain$ search="(&amp;(objectclass=groupPolicyContainer)(|(cn=$ldaprecord.gpobject$)(displayName=$ldaprecord.gpobject$)))" attrs="displayName,cn,versionNumber"|join type=outer cn [ldapsearch domain=$ldaprecord.nt_domain$ search="(gPLink=*)" attrs="distinguishedName,gPLink"|where isnotnull(gPLink)|rex field=gPLink max_match=10 "\\[LDAP://(CN|cn)=(?&lt;cn&gt;[^,]+),"|table cn,distinguishedName|mvexpand cn|mvcombine distinguishedName|eval lc=mvjoin(distinguishedName,"###")|fields cn,lc]|eval linkedContainers=split(lc,"###")|table linkedContainers|mvexpand linkedContainers|rename linkedContainers as "Linked Containers"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Group Policy - Changes</title>
+        <search>
+          <query>`audit-gpo-changes($ldaprecord.nt_domain$)`|search (displayName="$ldaprecord.gpobject$" OR cn="$ldaprecord.gpobject$")|table _time,adminuser|rename adminuser as "Administrator"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_audit_group.xml

@@ -0,0 +1,74 @@
+<form script="customized_chart_preload.js,audit_report.js" version="1.1">
+  <label>Group Audit - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="ldaprecord.nt_domain" searchWhenChanged="true">
+      <label>Account Domain</label>
+      <search>
+        <query>| inputlookup DomainSelector | eval nt_domain=DomainNetBIOSName | dedup nt_domain | search nt_domain !="" | table nt_domain</query>
+      </search>
+      <fieldForLabel>nt_domain</fieldForLabel>
+      <fieldForValue>nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="text" token="ldaprecord.groupName" searchWhenChanged="true">
+      <label>Group Name</label>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <search id="audit_query">
+        <query>| ldapsearch domain="$ldaprecord.nt_domain$" search="(&amp;(objectclass=group)(cn=$ldaprecord.groupName$))"|fields *</query>
+        <latest>$Time.latest$</latest>
+      </search>
+      <html>
+        <div id="audit_report"/>
+      </html>
+    </panel>
+    <panel>
+      <table>
+        <title>Full Group Membership</title>
+        <search>
+          <query>| ldapsearch domain="$ldaprecord.nt_domain$" search="(&amp;(objectclass=group)(cn=$ldaprecord.groupName$))"|fields * |ldapgroup domain="$ldaprecord.nt_domain$" |`split-ldapgroup`|table member_name,member_domain,member_type|sort member_name|rename member_name as "Username",member_domain as "Domain",member_type as "Membership Type" | search (Username !="" OR member_domain !="" OR Domain !="")</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.user=$row.Username$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Recent Membership Changes</title>
+        <search>
+          <query>`group-changes-for-group("$ldaprecord.nt_domain$","$ldaprecord.groupName$")`</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_audit_ou.xml

@@ -0,0 +1,38 @@
+<form script="customized_chart_preload.js,audit_report.js" version="1.1">
+  <label>Organizational Unit Audit - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="ldaprecord.nt_domain" searchWhenChanged="true">
+      <label>Account Domain</label>
+      <search>
+        <query>| inputlookup DomainSelector | eval nt_domain=DomainNetBIOSName | dedup nt_domain | search nt_domain !="" | table nt_domain</query>
+      </search>
+      <fieldForLabel>nt_domain</fieldForLabel>
+      <fieldForValue>nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="text" token="ldaprecord.ouobject" searchWhenChanged="true">
+      <label>Organizational Unit Name</label>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <search id="audit_query">
+        <query>|ldapsearch domain=$ldaprecord.nt_domain$ search=&quot;(&amp;(objectclass=organizationalUnit)(ou=$ldaprecord.ouobject$))&quot;|rex field=gPLink max_match=10 &quot;\[(?&lt;gpoLink&gt;[^\]]+)\]&quot;|rename gpoLink as gPLink|fields *</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <html>
+        <div id="audit_report"/>
+      </html>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_audit_user.xml

@@ -0,0 +1,83 @@
+<form script="customized_chart_preload.js,audit_report.js" version="1.1" >
+  <label>User Audit - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="ldaprecord.nt_domain" searchWhenChanged="true">
+      <label>Account Domain</label>
+      <search>
+        <query>| inputlookup DomainSelector | eval nt_domain=DomainNetBIOSName | dedup nt_domain | search nt_domain !="" | table nt_domain</query>
+      </search>
+      <fieldForLabel>nt_domain</fieldForLabel>
+      <fieldForValue>nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="text" token="ldaprecord.user" searchWhenChanged="true">
+      <label>User Account</label>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+		<search id="audit_query">
+        	<query>|ldapsearch domain=$ldaprecord.nt_domain$ search="(sAMAccountName=$ldaprecord.user$)"|fields *</query>
+        	<latest>$Time.latest$</latest>
+      	</search>
+      <html>
+        <div id="audit_report"/>
+      </html>
+    </panel>
+    <panel>
+      <table>
+        <title>Group Membership - User</title>
+        <search>
+          <query>|ldapsearch domain=$ldaprecord.nt_domain$ search="(objectclass=group)" attrs="cn,description,primaryGroupToken"|eval joiner=mvappend(dn,primaryGroupToken)|rename dn as groupDN,cn as groupName,primaryGroupToken as primaryGroupID|table groupDN,groupName,primaryGroupID,joiner|mvexpand joiner|join type=inner joiner [ldapsearch domain=$ldaprecord.nt_domain$ search="(sAMAccountName=$ldaprecord.user$)" attrs="memberOf,primaryGroupID"|eval joiner=mvappend(memberOf,primaryGroupID)|table joiner|mvexpand joiner]|dedup groupDN|table groupDN,groupName,primaryGroupID|sort primaryGroupID</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_group?form.ldaprecord.nt_domain=$ldaprecord.nt_domain$&form.ldaprecord.groupName=$row.groupName$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Account Lockout Activity - User</title>
+        <search>
+          <query>eventtype=msad-account-lockout-windows user="$ldaprecord.user$" dest_nt_domain="$ldaprecord.nt_domain$" | eval src_nt_host=if(isnull(src_nt_host),host,src_nt_host) | eval lockout=if(EventCode==644 OR EventCode==4740,"Yes","No") | stats latest(_time) as time,latest(src_nt_host) as host,latest(lockout) as lockedout by dest_nt_domain,user | search lockedout="Yes" | eval ltime=strftime(time,"%c") | table ltime,dest_nt_domain,user,host | rename ltime as "Lockout Time",dest_nt_domain as "Domain",user as "Account Locked Out", host as "Workstation" </query>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Failed Logon Activity - User</title>
+        <search>
+          <query>`lockouts-for-user($ldaprecord.nt_domain$,$ldaprecord.user$)`|rename mintime as "Earliest",maxtime as "Latest",src as Workstation,src_ip as "IP Address", signature as "Reason"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_chg_assets.xml

@@ -0,0 +1,127 @@
+<form version="1.1">
+  <label>Computer Changes - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="multiselect" token="multidropdown_forest" searchWhenChanged="true">
+      <label>Forest</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector`  |dedup ForestName | sort ForestName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>ForestName</fieldForLabel>
+      <fieldForValue>ForestName</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>ForestName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_site" searchWhenChanged="true">
+      <label>Site</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$|dedup Site|sort Site</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>Site</fieldForLabel>
+      <fieldForValue>Site</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>Site="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_domaindnsname" searchWhenChanged="true">
+      <label>Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$|dedup DomainDNSName|sort DomainDNSName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>DomainDNSName</fieldForLabel>
+      <fieldForValue>DomainDNSName</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>DomainDNSName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_host" searchWhenChanged="true">
+      <label>Server</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$ $multidropdown_domaindnsname$|dedup host|sort host</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>host="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="dropdown" token="select58" searchWhenChanged="true">
+      <label>Computer Name</label>
+      <search>
+        <query>eventtype=msad-computer-changes $multidropdown_host$ |eval computer=dest_nt_domain."\\".user|eval adminuser=src_nt_domain."\\".src_user|`msad-changed-attributes`|eval msad_action=lower(msad_action)|fields * | dedup computer|sort computer</query>
+      <earliest>0</earliest>
+      <latest></latest>
+      </search>
+      <fieldForLabel>computer</fieldForLabel>
+      <fieldForValue>computer</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <choice value="*">All</choice>
+    </input>
+    <input type="dropdown" token="select56" searchWhenChanged="true">
+      <label>Administrator</label>
+      <search>
+        <query>eventtype=msad-computer-changes $multidropdown_host$ |eval computer=dest_nt_domain."\\".user|eval adminuser=src_nt_domain."\\".src_user|`msad-changed-attributes`|eval msad_action=lower(msad_action)|fields * | dedup adminuser|sort adminuser</query>
+      <earliest>0</earliest>
+      <latest></latest>
+      </search>
+      <fieldForLabel>adminuser</fieldForLabel>
+      <fieldForValue>adminuser</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <choice value="*">All</choice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Computer Account Changes - Computer Audit</title>
+        <search>
+          <query>eventtype=msad-computer-changes $multidropdown_host$ |eval computer=dest_nt_domain."\\".user|eval adminuser=src_nt_domain."\\".src_user|`msad-changed-attributes`|eval msad_action=lower(msad_action)|fields * | search computer=$select58|s$ adminuser=$select56|s$|table _time,adminuser,msad_action,computer,MSADChanges|rename adminuser as "Administrator",msad_action as "Action", computer as "Computer Name", MSADChanges as "Changes"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_chg_gpo.xml

@@ -0,0 +1,65 @@
+<form version="1.1">
+  <label>Group Policy Changes - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select73" searchWhenChanged="true">
+      <label>Account Domain</label>
+      <search>
+        <query>eventtype=msad-ad-access Object_Type=groupPolicyContainer | dedup src_nt_domain | sort src_nt_domain</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="dropdown" token="select72" searchWhenChanged="true">
+      <label>Administrator</label>
+      <search>
+        <query>eventtype=msad-ad-access Object_Type=groupPolicyContainer src_nt_domain="$select73$" | dedup src_user | sort src_user</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>src_user</fieldForLabel>
+      <fieldForValue>src_user</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="dropdown" token="select74" searchWhenChanged="true">
+      <label>Group Policy Name</label>
+      <search>
+        <query>eventtype=msad-ad-access Object_Type=groupPolicyContainer src_nt_domain="$select73$" src_user="$select72$" | eval cn="{".Object_Name_Guid."}" | join cn [ | ldapsearch domain="$select73$" search="(&amp;(objectclass=groupPolicyContainer)(CN=*))" attrs="displayName,cn" ] | dedup displayName | sort displayName</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>displayName</fieldForLabel>
+      <fieldForValue>displayName</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+      <choice value="*">All</choice>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Group Policy Edits</title>
+        <search>
+          <query>eventtype=msad-ad-access Object_Type=groupPolicyContainer src_nt_domain="$select73$" src_user="$select72$" | stats latest(_time) as _time by src_nt_domain,src_user,host,session_id,Object_Name_Guid | eval cn="{".Object_Name_Guid."}" | join cn [| ldapsearch domain="$select73$" search="(&amp;(objectclass=groupPolicyContainer)(CN=*))" attrs="displayName,cn" ] | search displayName="$select74$" | table _time,src_nt_domain,src_user,displayName|rename src_nt_domain as "Domain",src_user as "Administrator", displayName as "Group Policy Name"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_chg_groupchange.xml

@@ -0,0 +1,194 @@
+<form version="1.1">
+  <label>Group Changes - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="multiselect" token="multidropdown_forest" searchWhenChanged="true">
+      <label>Forest</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector`  |dedup ForestName | sort ForestName</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>ForestName</fieldForLabel>
+      <fieldForValue>ForestName</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>ForestName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_site" searchWhenChanged="true">
+      <label>Site</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$|dedup Site|sort Site</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>Site</fieldForLabel>
+      <fieldForValue>Site</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>Site="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_domaindnsname" searchWhenChanged="true">
+      <label>Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$|dedup DomainDNSName|sort DomainDNSName</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>DomainDNSName</fieldForLabel>
+      <fieldForValue>DomainDNSName</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>DomainDNSName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_host" searchWhenChanged="true">
+      <label>Server</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$ $multidropdown_domaindnsname$|dedup host|sort host</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>host="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="dropdown" token="select90" searchWhenChanged="true">
+      <label>Group</label>
+      <search>
+        <query>(eventtype=msad-group-changes OR eventtype=msad-groupmembership-changes) $multidropdown_host$ NOT src_nt_domain="NT AUTHORITY"|fillnull value="*" member_id|eval adminuser=src_nt_domain."\\".src_user|stats count by adminuser,user_group,member_id,MSADGroupClass,MSADGroupType|fields * | dedup user_group|sort user_group</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>user_group</fieldForLabel>
+      <fieldForValue>user_group</fieldForValue>
+      <choice value="*">All</choice>
+      <initialValue>*</initialValue>
+      <default>*</default>
+    </input>
+    <input type="dropdown" token="select96" searchWhenChanged="true">
+      <label>Group Scope</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>(eventtype=msad-group-changes OR eventtype=msad-groupmembership-changes) $multidropdown_host$ NOT src_nt_domain="NT AUTHORITY"|fillnull value="*" member_id|eval adminuser=src_nt_domain."\\".src_user|stats count by adminuser,user_group,member_id,MSADGroupClass,MSADGroupType|fields * | dedup MSADGroupType|sort MSADGroupType</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>MSADGroupType</fieldForLabel>
+      <fieldForValue>MSADGroupType</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="dropdown" token="select94" searchWhenChanged="true">
+      <label>Group Class</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>(eventtype=msad-group-changes OR eventtype=msad-groupmembership-changes) $multidropdown_host$ NOT src_nt_domain="NT AUTHORITY"|fillnull value="*" member_id|eval adminuser=src_nt_domain."\\".src_user|stats count by adminuser,user_group,member_id,MSADGroupClass,MSADGroupType|fields * | dedup MSADGroupClass|sort MSADGroupClass</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>MSADGroupClass</fieldForLabel>
+      <fieldForValue>MSADGroupClass</fieldForValue>
+      <default>*</default>
+    </input>
+    <input type="dropdown" token="select88" searchWhenChanged="true">
+      <label>Administrator</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>(eventtype=msad-group-changes OR eventtype=msad-groupmembership-changes) $multidropdown_host$ NOT src_nt_domain="NT AUTHORITY"|fillnull value="*" member_id|eval adminuser=src_nt_domain."\\".src_user|stats count by adminuser,user_group,member_id,MSADGroupClass,MSADGroupType|fields * | dedup adminuser|sort adminuser</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>adminuser</fieldForLabel>
+      <fieldForValue>adminuser</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="dropdown" token="select92" searchWhenChanged="true">
+      <label>Member</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>eventtype=msad-groupmembership-changes $multidropdown_host$ NOT src_nt_domain="NT AUTHORITY"|fillnull value="*" member|eval adminuser=src_nt_domain."\\".src_user|stats count by adminuser,user_group,member,MSADGroupClass,MSADGroupType|fields * | dedup member|sort member</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>member</fieldForLabel>
+      <fieldForValue>member</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Group Changes</title>
+        <search>
+          <query>eventtype=msad-group-changes $multidropdown_host$ user_group="$select90$" MSADGroupType="$select96$" MSADGroupClass="$select94$"|eval adminuser=src_nt_domain."\\".src_user|search adminuser=$select88|s$|table _time,adminuser,msad_action,MSADGroupClass,MSADGroupType,src_nt_domain,user_group|rename adminuser as "Administrator",msad_action as "Action",user_group as "Group", MSADGroupClass as "Type", MSADGroupType as "Scope",src_nt_domain as "Domain"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">20</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_group?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.groupName=$row.Group$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Membership Changes</title>
+        <search>
+          <query>eventtype=msad-groupmembership-changes $multidropdown_host$ user_group="$select90$" MSADGroupType="$select96$" MSADGroupClass="$select94$" member="$select92$" | eval adminuser=src_nt_domain."\\".src_user | search adminuser=$select88|s$ | table _time,adminuser,MSADGroupClass,MSADGroupType,src_nt_domain,user_group,msad_action,member | rename adminuser as "Administrator",MSADGroupClass as "Type",MSADGroupType as "Scope",src_nt_domain as "Domain",user_group as "Group",msad_action as "Action",member as "Member"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">20</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_group?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.groupName=$row.Group$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_chg_users.xml

@@ -0,0 +1,116 @@
+<form script="manage_multiple_dropdowns.js" version="1.1">
+  <label>User Record Changes - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="multiselect" token="multidropdown_forest" searchWhenChanged="true" id="forest_name">
+      <label>Forest</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector`  |dedup ForestName | sort ForestName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>ForestName</fieldForLabel>
+      <fieldForValue>ForestName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>ForestName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+     <input type="multiselect" token="multidropdown_site" searchWhenChanged="true" id="site_name">
+      <label>Site</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$|dedup Site|sort Site</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>Site</fieldForLabel>
+      <fieldForValue>Site</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>Site="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_domaindnsname" searchWhenChanged="true" id="domain_dns_name">
+      <label>Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$|dedup DomainDNSName|sort DomainDNSName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>DomainDNSName</fieldForLabel>
+      <fieldForValue>DomainDNSName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>DomainDNSName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_host" searchWhenChanged="true" id="host_name">
+      <label>Server</label>
+      <choice value="*">All</choice>
+      <search id="host_search_id">
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$ $multidropdown_domaindnsname$|dedup host|sort host</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>host="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="text" token="textbox111" searchWhenChanged="true">
+      <label>Account User</label>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Security-Relevant Changes</title>
+        <search>
+          <query>eventtype=msad-user-changes $multidropdown_host$ user="$textbox111$" | eval adminuser=src_nt_domain."\\\\".src_user|eval dest_user_subject=dest_nt_domain."\\\\".user | `msad-changed-attributes` | table _time,adminuser,msad_action,dest_user_subject,MSADChanges | rename adminuser as "Administrator",msad_action as "Action",dest_user_subject as "Target User",MSADChanges as "Changes"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Directory Record Changes</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=admon objectClass="*person*" NOT objectClass="*computer*" sAMAccountName="$textbox111$" $multidropdown_host$|dedup distinguishedName,uSNChanged|rex field=_raw "(?ms)Additional Details:\\s*[\\r\\n]+(?&lt;MSADChangedAttributes&gt;.*)"|`msad-changed-attributes`|table _time,sAMAccountName,MSADChanges|where mvcount(MSADChanges)&gt;0</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_ops_dc_status.xml

@@ -0,0 +1,100 @@
+<form stylesheet="table_decoration.css" script="table_decoration.js" version="1.1">
+  <label>DC Status - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select118" searchWhenChanged="true">
+      <label>Domain Controller</label>
+      <search>
+        <query>|inputlookup DomainSelector|stats count by host|table host|sort host</query>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table id="decorated_table">
+        <title>Domain Controller Status</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dc-health host="$select118$" |head 1|lookup SchemaVersionName SchemaVersion|fields * | eval Server=DomainNetBIOSName + "\\\\" + Server, Domain=DomainNetBIOSName + "\\\\" + DomainDNSName, Forest=ForestName, "Operating System"=OperatingSystem, "Service Pack"=ServicePack, "OS Version"=OSVersion, "Global Catalog"=GlobalCatalog, "Master Roles"=split(FSMORoles," "), "Highest USN"=HighestUSN, "Schema Version"=SchemaVersion, "Services Running"=split(ServicesRunning, ","), "Services Not Running"=split(ServicesNotRunning, ","), "SYSVOL is Shared"="SYSVOLShare", "Registered in DNS"=DNSRegister | table Server Domain Site Forest "Operating System" "Service Pack", "OS Version" "Global Catalog", RODC, "Highest USN", "Schema Version" "Services Running" "Services Not Running" "SYSVOL is Shared" "Registered in DNS" | transpose</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">false</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">100</option>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Directory Services Performance</title>
+        <search>
+          <query>eventtype=perfmon_index_windows eventtype=perfmon-ntds host="$select118$" `dc-health-perfmon-list`|stats sparkline(avg(Value),1m) as "Average", avg(Value) as "Average Value" by counter|sort counter|rename counter as "Performance Counter"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_performance?form.select232=$select118$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Replication Performance</title>
+        <search>
+          <query>eventtype=perfmon_index_windows eventtype=perfmon-ntds host="$select118$" `rep-health-perfmon-list`|stats sparkline(avg(Value),1m) as "Average", avg(Value) as "Average Value" by counter|sort counter|rename counter as "Performance Counter"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_performance?form.select232=$select118$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Anomalous Events - DC Status</title>
+        <search>
+          <query>eventtype=msad-anomalous-events host="$select118$"|lookup EventCodes EventCode,LogName OUTPUTNEW desc|eval desc=if(isnull(desc),"Unknown EventCode",desc)|stats count as Count by Type,EventCode,LogName,desc | rename desc as Description</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            search?q=eventtype=msad-anomalous-events host="$select118$" Type="$row.Type$" EventCode="$row.EventCode$" LogName="$row.LogName$"
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_ops_dns_performance.xml

@@ -0,0 +1,46 @@
+<form script="customized_chart_preload.js,dns_performance.js" version="1.1">
+  <label>DNS Performance - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="ActiveDirectory.DNSPerformance.Host" searchWhenChanged="true">
+      <label>Server</label>
+      <search>
+        <query>eventtype=perfmon_index_windows eventtype=perfmon-dns|stats count by host,counter | dedup host | sort host</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="dropdown" token="ActiveDirectory.DNSPerformance.Counter" searchWhenChanged="true">
+      <label>Counter</label>
+      <search>
+        <query>eventtype=perfmon_index_windows eventtype=perfmon-dns host="$ActiveDirectory.DNSPerformance.Host$" |stats count by host,counter | dedup counter | sort counter</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <fieldForLabel>counter</fieldForLabel>
+      <fieldForValue>counter</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <search id="dns_performance_query">
+        <query>eventtype=perfmon_index_windows eventtype=perfmon-dns host="$ActiveDirectory.DNSPerformance.Host$" counter="$ActiveDirectory.DNSPerformance.Counter$"|timechart avg(Value) as "$ActiveDirectory.DNSPerformance.Counter$"|join _time [search eventtype=perfmon_index_windows eventtype=perfmon host="$ActiveDirectory.DNSPerformance.Host$" object=Processor counter="% Processor Time"|timechart avg(Value) as "% Processor Time"]</query>
+        <earliest>$Time.earliest$</earliest>
+        <latest>$Time.latest$</latest>
+      </search>
+      <html>
+        <div id="dns_performance_chart"/>
+      </html>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_ops_dns_server_status.xml

@@ -0,0 +1,100 @@
+<form stylesheet="table_decoration.css" script="table_decoration.js" version="1.1">
+  <label>DNS Server Status - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select135" searchWhenChanged="true">
+      <label>DNS Server</label>
+      <search>
+        <query>eventtype=msad_index_windows eventtype=msad-dns-health|stats count by host|table host|sort host</query>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-24h@h</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table id="decorated_table">
+        <title>DNS Server Status</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dns-health | search source=Powershell host="$select135$" |tail 1| eval "DNS Name"=Name, "Operating System"=OperatingSystem, "Service Pack"=ServicePack, "OS Version"=OSVersion, "Directory Available"=DsAvailable, "Auto Reverse Zones"=if(DisableAutoReverseZones="False", "True", "False"), "Auto Cache Update"=AutoCacheUpdate, Recursion=if(NoRecursion="False", "True", "False"), "Round Robin"=RoundRobin, "Local Net Priority"=LocalNetPriority, "Strict File Parsing"=StrictFileParsing, "Loose Wildcards"=LooseWildcarding, "Bind Secondaries"=BindSecondaries, "Write Authoritive NS"= WriteAuthorityNS, "Secure Responses"=SecureResponses, "Allow Disjoint Networks"=DisjointNets, "Enable EDNS Probes"=EnableEDnsProbes, "Is A Slave"=IsSlave, "Services Running"=split(ServicesRunning, ","), "Services Not Running"=split(ServicesNotRunning, ",") | table Server "DNS Name" "Operating System" "Service Pack" "OS Version" "Directory Available" "Auto Reverse Zones" "Auto Cache Update" Recursion "Round Robin" "Local Net Priority" "Strict File Parsing" "Loose Wildcards" "Bind Secondaries" "Write Authoritive NS" "Secure Responses" "Allow Disjoint Networks" "Enable EDNS Probes" "Is A Slave" "Services Running" "Services Not Running" | transpose</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">100</option>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Query Performance</title>
+        <search>
+          <query>eventtype=perfmon_index_windows eventtype=perfmon-dns host="$select135$" `dns-query-perfmon-list`|stats sparkline(avg(Value),1m) as "Average", avg(Value) as "Average Value" by counter|sort counter|rename counter as "Performance Counter"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_performance?form.select232=$select135$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Recursion Performance</title>
+        <search>
+          <query>eventtype=perfmon_index_windows eventtype=perfmon-dns host="$select135$" `dns-recursion-perfmon-list`|stats sparkline(avg(Value),1m) as "Average", avg(Value) as "Average Value" by counter|sort counter|rename counter as "Performance Counter"</query>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_performance?form.select232=$select135$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Anomalous Events - DNS Server Status</title>
+        <search>
+          <query>eventtype=msad-dns-events host="$select135$" | lookup EventCodes EventCode,LogName OUTPUTNEW desc | eval desc=if(isnull(desc),"Unknown EventCode",desc) | stats count as Count by Type,EventCode,LogName,desc | rename desc as Description</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            search?q=eventtype=msad-dns-events host="$select135$" Type="$row.Type$" EventCode="$row.EventCode$" LogName="$row.LogName$"
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_ops_dns_status.xml

@@ -0,0 +1,78 @@
+<form version="1.1">
+  <label>DNS Status - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>DNS Servers - Status</title>
+        <search>
+          <query>eventtype=perfmon_index_windows eventtype=perfmon-dns counter="Total Query Received/sec"|stats sparkline(avg(Value),1m) as "Average Queries/sec" by host|join host [search eventtype=msad_index_windows eventtype=msad-dns-zoneinfo|stats values(Zone) as zz by host|eval zz=mvjoin(zz,";")|table host,zz]|join host [search eventtype=msad_index_windows eventtype=msad-dns-health|stats last(OperatingSystem) as "Operating System",last(ServicePack) as "Service Pack",last(ProcsOK) as ProcsOK by host]|eval Zones=split(zz,";")|table host,ProcsOK,Zones,"Operating System","Service Pack","Average Queries/sec"|sort -ProcsOK</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_ops_dns_server_status?form.select135=$row.host$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>DNS Zones</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dns-zoneinfo|eval Breakdown="A:".A.", AAAA:".AAAA.", CNAME:".CNAME.", HINFO:".HINFO.", MX:".MX.", NS:".NS.", SOA:".SOA.", SRV:".SRV.", TXT:".TXT|dedup host,Zone|stats values(host) as "DNS Servers",values(TotalRecords) as "Total Records",values(Breakdown) as Breakdown by Zone</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_ops_dns_zoneinfo?form.select152=$row.Zone$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Anomalous Events - DNS Status</title>
+        <search>
+          <query>eventtype=msad-dns-events|lookup EventCodes EventCode,LogName OUTPUTNEW desc|eval desc=if(isnull(desc),"Unknown EventCode",desc)|stats count by host,Type,EventCode,LogName,desc</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            search?q=eventtype=msad-dns-events host="$row.host$" Type="$row.Type$" EventCode="$row.EventCode$" LogName="$row.LogName$"
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_ops_dns_zoneinfo.xml

@@ -0,0 +1,62 @@
+<form version="1.1">
+  <label>DNS Zone Information - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select152" searchWhenChanged="true">
+      <label>DNS Zone</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>eventtype=msad_index_windows eventtype=msad-dns-zoneinfo|stats count by Zone|table Zone|sort Zone</query>
+      </search>
+      <fieldForLabel>Zone</fieldForLabel>
+      <fieldForValue>Zone</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Zone Settings</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dns-zoneinfo Zone="$select152$"|tail 1|table Zone,Aging,AllowUpdate,AutoCreated,AvailForScavengeTime,Caption,DsIntegrated,ForwarderSlave,ForwarderTimeout,NoRefreshInterval,RefreshInterval,Paused,Reverse,Shutdown,Status|transpose | rename column as Properties, "row 1" as Value</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">100</option>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>DNS Servers - Zone</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dns-zoneinfo Zone="$select152$"|dedup host|table host,A,AAAA,CNAME,HINFO,MX,NS,SOA,SRV,TXT,TotalRecords</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_ops_dns_server_status?form.select135=$row.host$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_ops_domain_status.xml

@@ -0,0 +1,67 @@
+<form version="1.1">
+  <label>Domain Status - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select159" searchWhenChanged="true">
+      <label>Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|inputlookup DomainSelector|stats count by DomainNetBIOSName | dedup DomainNetBIOSName|sort DomainNetBIOSName</query>
+      </search>
+      <fieldForLabel>DomainNetBIOSName</fieldForLabel>
+      <fieldForValue>DomainNetBIOSName</fieldForValue>
+      <initialValue>*</initialValue>
+      <default>*</default>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Sites</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dc-health DomainNetBIOSName="$select159$"|dedup host|fields * | stats count by Site|table Site</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_ops_site_status?form.select199=$row.Site$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Domain Controllers</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dc-health DomainNetBIOSName="$select159$"|dedup host|fields * | table host,Site,Enabled|sort host|rename host as "Server"</query>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_ops_dc_status?form.select118=$row.Server$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_ops_healthissues.xml

@@ -0,0 +1,125 @@
+<form script="manage_multiple_dropdowns.js" version="1.1">
+  <label>Health Issues - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="multiselect" token="multidropdown_forest" searchWhenChanged="true" id="forest_name">
+      <label>Forest</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector`  |dedup ForestName | sort ForestName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>ForestName</fieldForLabel>
+      <fieldForValue>ForestName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>ForestName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_site" searchWhenChanged="true" id="site_name">
+      <label>Site</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$|dedup Site|sort Site</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>Site</fieldForLabel>
+      <fieldForValue>Site</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>Site="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_domaindnsname" searchWhenChanged="true" id="domain_dns_name">
+      <label>Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$|dedup DomainDNSName|sort DomainDNSName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>DomainDNSName</fieldForLabel>
+      <fieldForValue>DomainDNSName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>DomainDNSName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_host" searchWhenChanged="true" id="host_name">
+      <label>Server</label>
+      <choice value="*">All</choice>
+      <search id="host_search_id">
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$ $multidropdown_domaindnsname$|dedup host|sort host</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>host="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-24h@h</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Outages</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dc-health $multidropdown_forest$ $multidropdown_site$ $multidropdown_domaindnsname$ $multidropdown_host$|eval ok=if(ProcsOK=="False" OR DNSRegister=="False" OR SYSVOLShare=="False",0,1)|streamstats sum(ok) as trx_id by host|where ok=0|stats first(_time) as end, last(_time) as start,       min(ProcsOK) as ProcsOK, min(DNSRegister) as DNSRegister, min(SYSVOLShare) as SYSVOLShare by trx_id, host|eval duration=round(end-start)|eval "Start Time"=strftime(start,"%c")|eval "Duration (Approx)"=tostring(duration,"duration") + " - " + tostring(duration + 5*60,"duration")|rename host as "Host", ProcsOK as "Services", DNSRegister as "DNS Registration", SYSVOLShare as "SYSVOL Shared"|table "Start Time", "Duration (Approx)", "Host", "Services", "DNS Registration", "SYSVOL Shared"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_ops_dc_status?form.select118=$row.Host$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Anomalous Events - Health</title>
+        <search>
+          <query>eventtype=msad-anomalous-events $multidropdown_host$|lookup EventCodes EventCode,LogName OUTPUTNEW desc|eval desc=if(isnull(desc),"Unknown EventCode",desc)|stats count by host,Type,EventCode,LogName,desc</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            search?q=eventtype=msad-anomalous-events host="$row.host$" Type="$row.Type$" EventCode="$row.EventCode$" LogName="$row.LogName$"
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_ops_replication.xml

@@ -0,0 +1,131 @@
+<form script="manage_multiple_dropdowns.js" version="1.1">
+  <label>Replication Issues - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="multiselect" token="multidropdown_forest" searchWhenChanged="true" id="forest_name">
+      <label>Forest</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector`  |dedup ForestName | sort ForestName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>ForestName</fieldForLabel>
+      <fieldForValue>ForestName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>ForestName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_site" searchWhenChanged="true" id="site_name">
+      <label>Site</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$|dedup Site|sort Site</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>Site</fieldForLabel>
+      <fieldForValue>Site</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>Site="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_domaindnsname" searchWhenChanged="true" id="domain_dns_name">
+      <label>Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$|dedup DomainDNSName|sort DomainDNSName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>DomainDNSName</fieldForLabel>
+      <fieldForValue>DomainDNSName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>DomainDNSName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+     <input type="multiselect" token="multidropdown_host" searchWhenChanged="true" id="host_name">
+      <label>Server</label>
+      <choice value="*">All</choice>
+       <search id="host_search_id">
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$ $multidropdown_domaindnsname$|dedup host|sort host</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>host="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="dropdown" token="select192" searchWhenChanged="true">
+      <label>Naming Context</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>eventtype=msad_index_windows eventtype=msad-rep-health $multidropdown_host$|stats count by naming_context</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>naming_context</fieldForLabel>
+      <fieldForValue>naming_context</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Replication Agreements</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-rep-health $multidropdown_host$ naming_context="$select192$"|dedup host,src_host,naming_context|table naming_context,src_host,host,transport,LastAttemptedSync,Result|rename naming_context as "Context",src_host as "Source",host as "Destination",transport as "Transport",LastAttemptedSync as "Last Attempted Sync",Result as "Error Code"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Replication Health Errors</title>
+        <search>
+          <query>eventtype=msad-rep-errors $multidropdown_host$|lookup EventCodes EventCode,LogName OUTPUTNEW desc|eval desc=if(isnull(desc),"Unknown EventCode",desc)|stats count by host,Type,EventCode,LogName,desc</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            search?q=eventtype=msad-rep-errors host="$row.host$" Type="$row.Type$" EventCode="$row.EventCode$" LogName="$row.LogName$"
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_ops_site_status.xml

@@ -0,0 +1,143 @@
+<form version="1.1">
+  <label>Site Status - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select_forestname" searchWhenChanged="true">
+      <label>Forest Name</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|inputlookup DomainSelector|stats count by ForestName,Site,DomainNetBIOSName |dedup ForestName|sort ForestName</query>
+      </search>
+      <fieldForLabel>ForestName</fieldForLabel>
+      <fieldForValue>ForestName</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="dropdown" token="select199" searchWhenChanged="true">
+      <label>Site Name</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|inputlookup DomainSelector|stats count by ForestName,Site,DomainNetBIOSName | search ForestName="$select_forestname$"|dedup Site|sort Site</query>
+      </search>
+      <fieldForLabel>Site</fieldForLabel>
+      <fieldForValue>Site</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="dropdown" token="select201" searchWhenChanged="true">
+      <label>Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|inputlookup DomainSelector|stats count by ForestName,Site,DomainNetBIOSName| search ForestName="$select_forestname$" Site="$select199$"|dedup DomainNetBIOSName|sort DomainNetBIOSName</query>
+      </search>
+      <fieldForLabel>DomainNetBIOSName</fieldForLabel>
+      <fieldForValue>DomainNetBIOSName</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domains in Site</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dc-health ForestName="$select_forestname$" Site="$select199$"|dedup host|fields * |table DomainDNSName,DomainNetBIOSName|dedup DomainDNSName|sort -DomainDNSName|eval  "Domain Name"=DomainDNSName, "NetBIOS Name"=DomainNetBIOSName</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <fields>"Domain Name", "NetBIOS Name"</fields>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_ops_domain_status?form.select159=$row.DomainNetBIOSName$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Domain Controllers in Site</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dc-health ForestName="$select_forestname$" Site="$select199$"|dedup host|fields * |table host,DCWeight|dedup host|sort -host|eval "Domain Controller"=host, "Weight"=DCWeight</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <fields>"Domain Controller", Weight</fields>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_ops_dc_status?form.select118=$row.host$
+            ]]>
+          </link>
+        </drilldown>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Subnets in Site</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-subnetinfo ForestName="$select_forestname$" Site="$select199$"|dedup Name|table Name,Location</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Site Links</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-sitelinkinfo ForestName="$select_forestname$" Site="$select199$"|dedup Name|eval ReplicationInterval=tostring(ReplicationIntervalSecs,"duration")|table Name,TransportType,Cost,ReplicationInterval,Site|rename Name as "Site Link", TransportType as "Type", ReplicationInterval as "Replication Interval", Site as "Contained Sites"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <chart>
+        <title>Target Weighting</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dc-health ForestName="$select_forestname$" Site="$select199$" DomainNetBIOSName="$select201$"|stats avg(DCWeight) by host|sort host</query>
+        </search>
+        <option name="charting.chart">column</option>
+      </chart>
+    </panel>
+    <panel>
+      <chart>
+        <title>Actual Weighting</title>
+        <search>
+          <query>eventtype=msad-successful-computer-logons|stats count by host|join type=inner host [search eventtype=msad_index_windows eventtype=msad-dc-health ForestName="$select_forestname$" Site="$select199$" DomainNetBIOSName="$select201$"|dedup host|fields host]|table host,count|rename count as "Computer Logons"|sort host</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="charting.chart">column</option>
+      </chart>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_ops_subnet_affinity.xml

@@ -0,0 +1,29 @@
+<form version="1.1">
+  <label>Subnet Affinity Problems - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Subnet Affinity Problems</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-subnet-affinity|stats count by host,src_domain,src_host,src_ip|sort -count|table host,src_domain,src_host,src_ip|rename host as "Reporting Host", src_domain as "Reporting Domain", src_host as "Problem Host", src_ip as "Problem IP"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_ops_topology.xml

@@ -0,0 +1,120 @@
+<form stylesheet="table_decoration.css" version="1.1">
+  <label>Active Directory Overview - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="multiselect" token="multidropdown_forest" searchWhenChanged="true">
+      <label>Forest</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector`  |dedup ForestName | sort ForestName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>ForestName</fieldForLabel>
+      <fieldForValue>ForestName</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>ForestName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_site" searchWhenChanged="true">
+      <label>Site</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$|dedup Site|sort Site</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>Site</fieldForLabel>
+      <fieldForValue>Site</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>Site="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_domaindnsname" searchWhenChanged="true">
+      <label>Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$|dedup DomainDNSName|sort DomainDNSName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>DomainDNSName</fieldForLabel>
+      <fieldForValue>DomainDNSName</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>DomainDNSName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_host" searchWhenChanged="true">
+      <label>Server</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$ $multidropdown_domaindnsname$|dedup host|sort host</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>host="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table id="topology_table">
+        <title>Topology Report</title>
+        <search>
+          <query>eventtype=msad_index_windows eventtype=msad-dc-health $multidropdown_forest$ $multidropdown_site$ $multidropdown_domaindnsname$ $multidropdown_host$ |eval DomainNetBIOSName=upper(DomainNetBIOSName)|eval DomainDNSName=lower(DomainDNSName)|dedup host,DomainDNSName|sort ForestName,Site,DomainDNSName,host|eval DomainTitle="Forest: ".ForestName." (".ForestLevel."), Domain: ".DomainNetBIOSName."\\\\".DomainDNSName." (".DomainLevel.")", "Master Roles"=split(FSMORoles," "), Host=host, "Operating System"=OperatingSystem, Version=OSVersion, "Global Catalog"=GlobalCatalog, Services=ProcsOK, "DNS Registration"=DNSRegister, "SYSVOL Shared"=SYSVOLShare| dedup Host | table Host, Enabled, Site, "Operating System", Version, "Master Roles", "Global Catalog", RODC, Services, "DNS Registration", "SYSVOL Shared"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="count">10</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="drilldown">cell</option>
+        <option name="refresh.display">progressbar</option>
+        <option name="rowNumbers">false</option>
+        <option name="wrap">true</option>
+        <format type="color" field="Enabled">
+          <colorPalette type="map">{"False":#E53934,"True":#66BB69}</colorPalette>
+        </format>
+        <format type="color" field="Global Catalog">
+          <colorPalette type="map">{"False":#E53934,"True":#66BB69}</colorPalette>
+        </format>
+        <format type="color" field="RODC">
+          <colorPalette type="map">{"False":#AED4E5,"True":#AED4E5}</colorPalette>
+        </format>
+        <format type="color" field="Services">
+          <colorPalette type="map">{"False":#E53934,"True":#66BB69}</colorPalette>
+        </format>
+        <format type="color" field="DNS Registration">
+          <colorPalette type="map">{"False":#E53934,"True":#66BB69}</colorPalette>
+        </format>
+        <format type="color" field="SYSVOL Shared">
+          <colorPalette type="map">{"False":#E53934,"True":#66BB69}</colorPalette>
+        </format>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_performance.xml

@@ -0,0 +1,52 @@
+<form version="1.1">
+  <label>Performance - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select232" searchWhenChanged="true">
+      <label>Server</label>
+      <search>
+        <query>eventtype=perfmon_index_windows eventtype=perfmon|stats count by host,object,counter |dedup host|sort host</query>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="dropdown" token="select234" searchWhenChanged="true">
+      <label>Object</label>
+      <search>
+        <query>eventtype=perfmon_index_windows eventtype=perfmon|stats count by host,object,counter | search host="$select232$"|dedup object|sort object</query>
+      </search>
+      <fieldForLabel>object</fieldForLabel>
+      <fieldForValue>object</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="dropdown" token="select236" searchWhenChanged="true">
+      <label>Counter</label>
+      <search>
+        <query>eventtype=perfmon_index_windows eventtype=perfmon|stats count by host,object,counter | search host="$select232$" object="$select234$"|dedup counter|sort counter</query>
+      </search>
+      <fieldForLabel>counter</fieldForLabel>
+      <fieldForValue>counter</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <chart>
+        <title>Directory Performance Metrics</title>
+        <search>
+          <query>eventtype=perfmon_index_windows eventtype=perfmon host="$select232$" object="$select234$" counter="$select236$"|fillnull value="Total" instance|timechart avg(Value) by instance</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="charting.chart">column</option>
+      </chart>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_sec_admin_audit.xml

@@ -0,0 +1,158 @@
+<form version="1.1">
+  <label>Administrator Audit - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select242" searchWhenChanged="true">
+      <label>Account Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>eventtype=msad-admin-audit NOT src_nt_domain="NT AUTHORITY"|stats count by src_user,src_nt_domain |dedup src_nt_domain|sort src_nt_domain</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="dropdown" searchWhenChanged="true" token="ldap_src_nt_domain">
+      <label>Sa-ldapsearch Domain</label>
+      <search>
+        <query>index=_internal | head 1 | eval ldap_domain = if("$select242$" == "*", "default", "$select242$") | table ldap_domain | dedup ldap_domain | sort ldap_domain</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <selectFirstChoice>true</selectFirstChoice>
+      <fieldForLabel>ldap_domain</fieldForLabel>
+      <fieldForValue>ldap_domain</fieldForValue>
+    </input>
+    <input type="dropdown" token="select244" searchWhenChanged="true">
+      <label>Administrator</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>eventtype=msad-admin-audit NOT src_nt_domain="NT AUTHORITY"|stats count by src_user,src_nt_domain | search src_nt_domain="$select242$"|dedup src_user|sort src_user</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>src_user</fieldForLabel>
+      <fieldForValue>src_user</fieldForValue>
+      <default>*</default>
+      <initialValue>*</initialValue>
+    </input>
+    <input type="time" token="Time">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Administrator Logons</title>
+        <search>
+          <query>eventtype=msad-successful-user-logons dest_nt_domain="$select242$" user="$select244$"|rename src as src_ip|`ip-to-host`|`fix-localhost`|lookup SiteInfo host|dedup consecutive=t Site,src_nt_host,src_ip|table _time,Site,src_nt_host,src_ip|rename src_nt_host as Workstation,src_ip as "IP Address"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Account Unlock Actions</title>
+        <search>
+          <query>eventtype=msad-account-unlock msad_action="Unlocked" src_nt_domain="$select242$" src_user="$select244$"|where isnotnull(user)|table _time,msad_action,user,dest_nt_domain|rename msad_action as "Action",user as "Username",dest_nt_domain as "Domain"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.user=$row.Username$
+          ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>User Administrative Changes</title>
+        <search>
+          <query>eventtype=msad-user-changes src_nt_domain="$select242$" src_user="$select244$"|where isnotnull(user)|`msad-changed-attributes`|table _time,msad_action,user,dest_nt_domain,MSADChanges|rename msad_action as "Action",user as "Username",dest_nt_domain as "Domain",MSADChanges as "Changes"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.user=$row.Username$
+          ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Group Membership Changes</title>
+        <search>
+          <query>eventtype=msad-groupmembership-changes src_nt_domain="$select242$" src_user="$select244$"|table _time,msad_action,dest_nt_domain,user_group,member_id|rename msad_action as "Action",dest_nt_domain as "Domain", user_group as "Group",member_id as "Member"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_group?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.groupName=$row.Group$
+          ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Group Policy Changes</title>
+        <search>
+          <query>eventtype=msad-ad-access src_nt_domain="$select242$" src_user="$select244$" Object_Type="groupPolicyContainer"|eval srch="CN={" . Object_Name_Guid . "}"|transaction maxspan=5m session_id,host,srch|table _time,srch,src_nt_domain|ldapfilter domain="$ldap_src_nt_domain$" search="($$srch$$)" attrs=displayName|table _time,displayName|rename displayName as "Group Policy"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Computer Account Changes - Admin Audit</title>
+        <search>
+          <query>eventtype=msad-computer-changes src_nt_domain="$select242$" src_user="$select244$"|eval dest_host=dest_nt_domain."\\\\".user|`msad-changed-attributes`|table _time,action,dest_host,MSADChanges|rename action as Action,dest_host as "Workstation", MSADChanges as "Changes"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_sec_logon_anomalies.xml

@@ -0,0 +1,147 @@
+<form script="manage_multiple_dropdowns.js" version="1.1">
+  <label>Anomalous Logons - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="multiselect" token="multidropdown_forest" searchWhenChanged="true" id="forest_name">
+      <label>Forest</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector`  |dedup ForestName | sort ForestName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>ForestName</fieldForLabel>
+      <fieldForValue>ForestName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>ForestName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_site" searchWhenChanged="true" id="site_name">
+      <label>Site</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$|dedup Site|sort Site</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>Site</fieldForLabel>
+      <fieldForValue>Site</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>Site="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_domaindnsname" searchWhenChanged="true" id="domain_dns_name">
+      <label>Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$|dedup DomainDNSName|sort DomainDNSName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>DomainDNSName</fieldForLabel>
+      <fieldForValue>DomainDNSName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>DomainDNSName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+      <input type="multiselect" token="multidropdown_host" searchWhenChanged="true" id="host_name">
+      <label>Server</label>
+      <choice value="*">All</choice>
+       <search id="host_search_id">
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$ $multidropdown_domaindnsname$|dedup host|sort host</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>host="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Users logging in from more than one Site</title>
+        <search>
+          <query>eventtype=msad-successful-user-logons NOT (user="SYSTEM" OR user="LOCAL SERVICE" OR user="NETWORK SERVICE" OR src_nt_domain="-") $multidropdown_host$|lookup SiteInfo host|fields * |stats dc(Site) as sitecount,values(Site) as Sites by user,src_nt_domain|where sitecount&gt;1|sort user,src_nt_domain|table user,src_nt_domain,Sites|rename user as "Username",src_nt_domain as "Domain"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.user=$row.Username$
+          ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Logons from Multiple Workstations</title>
+        <search>
+          <query>eventtype=msad-successful-user-logons NOT (user="SYSTEM" OR user="LOCAL SERVICE" OR user="NETWORK SERVICE" OR src_nt_domain="-") $multidropdown_host$|lookup SiteInfo host|fields * | search (Logon_Type=2 OR Logon_Type=3 OR Logon_Type=10) src_ip!="-"|`ip-to-host`|`fix-localhost`|stats dc(src_host) as hostcount,values(src_host) as Workstations by user,src_nt_domain|where hostcount&gt;1|sort user,src_nt_domain|table user,src_nt_domain,Workstations|rename user as "Username",src_nt_domain as "Domain"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.user=$row.Username$
+          ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Attempted Access to Disabled or Expired Accounts</title>
+        <search>
+          <query>eventtype=msad-disabled-logons $multidropdown_host$|lookup SiteInfo host|stats count by user,dest_nt_domain,src_ip,Site|`ip-to-host`|`fix-localhost`|rename user as "Username",dest_nt_domain as "Domain",src_ip as "IP Address",src_host as "Workstation"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.user=$row.Username$
+          ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_sec_logon_fail.xml

@@ -0,0 +1,171 @@
+<form script="manage_multiple_dropdowns.js" version="1.1">
+  <label>Failed Logons - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="multiselect" token="multidropdown_forest" searchWhenChanged="true" id="forest_name">
+      <label>Forest</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector`  |dedup ForestName | sort ForestName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>ForestName</fieldForLabel>
+      <fieldForValue>ForestName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>ForestName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_site" searchWhenChanged="true" id="site_name">
+      <label>Site</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$|dedup Site|sort Site</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>Site</fieldForLabel>
+      <fieldForValue>Site</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>Site="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_domaindnsname" searchWhenChanged="true" id="domain_dns_name">
+      <label>Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$|dedup DomainDNSName|sort DomainDNSName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>DomainDNSName</fieldForLabel>
+      <fieldForValue>DomainDNSName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>DomainDNSName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_host" searchWhenChanged="true" id="host_name">
+      <label>Server</label>
+      <choice value="*">All</choice>
+       <search id="host_search_id">
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$ $multidropdown_domaindnsname$|dedup host|sort host</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>host="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <chart>
+        <title>Failed Logons over Time</title>
+        <search>
+           <query>eventtype=msad-failed-user-logons $multidropdown_host$|fields _time,signature,src_ip,src_host,src_nt_host,src_nt_domain,user,Logon_Type |timechart count by signature</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="charting.chart">column</option>
+      </chart>
+    </panel>
+    <panel>
+      <table>
+        <title>Failed Logons by IP Address</title>
+        <search>
+          <query>eventtype=msad-failed-user-logons $multidropdown_host$|fields _time,signature,src_ip,src_host,src_nt_host,src_nt_domain,user,Logon_Type |`ip-to-host`|`fix-localhost`|stats count by src_nt_host,src_ip|sort -count|rename src_nt_host as "Workstation",src_ip as "IP Address"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <chart>
+        <title>Failed Logons by Reason</title>
+        <search>
+          <query>eventtype=msad-failed-user-logons $multidropdown_host$|fields _time,signature,src_ip,src_host,src_nt_host,src_nt_domain,user,Logon_Type |stats count by signature</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="charting.chart">column</option>
+      </chart>
+    </panel>
+    <panel>
+      <table>
+        <title>Failed Logons by Username</title>
+        <search>
+          <query>eventtype=msad-failed-user-logons $multidropdown_host$|fields _time,signature,src_ip,src_host,src_nt_host,src_nt_domain,user,Logon_Type | `ip-to-host`|stats count by user,src_nt_domain|sort -count|rename user as "Username", src_nt_domain as "Domain"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.user=$row.Username$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <chart>
+        <title>Failed Logons by Logon Type</title>
+        <search>
+          <query>eventtype=msad-failed-user-logons $multidropdown_host$|fields _time,signature,src_ip,src_host,src_nt_host,src_nt_domain,user,Logon_Type |lookup LogonTypeName Logon_Type OUTPUTNEW Logon_TypeName|stats count by Logon_TypeName</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="charting.chart">column</option>
+      </chart>
+    </panel>
+    <panel>
+      <table>
+        <title>Users Failing to Logon from Multiple IPs</title>
+        <search>
+          <query>eventtype=msad-failed-user-logons $multidropdown_host$|fields _time,signature,src_ip,src_host,src_nt_host,src_nt_domain,user,Logon_Type |`ip-to-host`|`fix-localhost`|stats count by user,src_nt_domain,src_host,src_nt_host|stats count as nips by user,src_nt_domain|where nips&gt;1|sort -nips|rename nips as "# Workstations", user as Username, src_nt_domain as "Domain"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.user=$row.Username$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_sec_user_utilization.xml

@@ -0,0 +1,152 @@
+<form script="manage_multiple_dropdowns.js" version="1.1">
+  <label>User Overview - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="multiselect" token="multidropdown_forest" searchWhenChanged="true" id="forest_name">
+      <label>Forest</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector`  |dedup ForestName | sort ForestName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>ForestName</fieldForLabel>
+      <fieldForValue>ForestName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>ForestName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="multiselect" token="multidropdown_site" searchWhenChanged="true" id="site_name">
+      <label>Site</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$|dedup Site|sort Site</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>Site</fieldForLabel>
+      <fieldForValue>Site</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>Site="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+      <input type="multiselect" token="multidropdown_domaindnsname" searchWhenChanged="true" id="domain_dns_name">
+      <label>Domain</label>
+      <choice value="*">All</choice>
+      <search>
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$|dedup DomainDNSName|sort DomainDNSName</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>DomainDNSName</fieldForLabel>
+      <fieldForValue>DomainDNSName</fieldForValue>
+      <initialValue>*</initialValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>DomainDNSName="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+     <input type="multiselect" token="multidropdown_host" searchWhenChanged="true" id="host_name">
+      <label>Server</label>
+      <choice value="*">All</choice>
+      <search id="host_search_id">
+        <query>|`domain-selector` | search $multidropdown_forest$ $multidropdown_site$ $multidropdown_domaindnsname$|dedup host|sort host</query>
+        <earliest>0</earliest>
+        <latest></latest>
+      </search>
+      <fieldForLabel>host</fieldForLabel>
+      <fieldForValue>host</fieldForValue>
+      <delimiter> OR </delimiter>
+      <valuePrefix>host="</valuePrefix>
+      <prefix>(</prefix>
+      <suffix>)</suffix>
+      <valueSuffix>"</valueSuffix>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <chart>
+        <title>Logons over Time</title>
+        <search>
+          <query>(eventtype=msad-successful-user-logons OR eventtype=msad-failed-user-logons) dest_nt_domain!="NT AUTHORITY" $multidropdown_host$ |fillnull value="255" Logon_Type|lookup LogonTypeName Logon_Type|eval user_subject=dest_nt_domain."\\\\".user|fields * |eval x=1|timechart per_minute(x) by Logon_TypeName</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="charting.chart">column</option>
+      </chart>
+    </panel>
+    <panel>
+      <table>
+        <title>Top Users by Successful Logons</title>
+        <search>
+          <query>(eventtype=msad-successful-user-logons OR eventtype=msad-failed-user-logons) dest_nt_domain!="NT AUTHORITY" $multidropdown_host$ |fillnull value="255" Logon_Type|lookup LogonTypeName Logon_Type|eval user_subject=dest_nt_domain."\\\\".user|fields * |search eventtype=msad-successful-user-logons|top user,dest_nt_domain|rename user as "Username",dest_nt_domain as "Domain"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.user=$row.Username$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+  <row>
+    <panel>
+      <table>
+        <title>Locked Accounts</title>
+        <search>
+          <query>eventtype=msad-account-lockout-windows $multidropdown_host$ | eval src_nt_host=if(isnull(src_nt_host),host,src_nt_host) | eval lockout=if(EventCode==644 OR EventCode==4740,"Yes","No") | stats latest(_time) as time,latest(src_nt_host) as host,latest(lockout) as lockedout by dest_nt_domain,user | search lockedout="Yes" | eval ltime=strftime(time,"%c") | table ltime,dest_nt_domain,user,host | rename ltime as "Lockout Time",dest_nt_domain as "Domain",user as "Account Locked Out", host as "Workstation"</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <fields>"Lockout Time", "Domain", "Account Locked Out", "Workstation"</fields>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$row.Domain$&form.ldaprecord.user=$row.Account Locked Out$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+    <panel>
+      <table>
+        <title>Top Authenticating Workstations</title>
+        <search>
+          <query>(eventtype=msad-successful-user-logons OR eventtype=msad-failed-user-logons) dest_nt_domain!="NT AUTHORITY" $multidropdown_host$ |fillnull value="255" Logon_Type|lookup LogonTypeName Logon_Type|eval user_subject=dest_nt_domain."\\\\".user|fields * |search eventtype=msad-successful-user-logons|top src_nt_host|rename src_nt_host as Workstation</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_active.xml

@@ -0,0 +1,45 @@
+<form version="1.1">
+  <label>Domain Accounts: Active - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: Active</title>
+        <search>
+          <query>`secrpt-active-users($select321$)`</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.Full Name$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_all.xml

@@ -0,0 +1,37 @@
+<form version="1.1">
+  <label>Domain Accounts: All - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: All</title>
+        <search>
+          <query>|`secrpt-all-users($select321$)`</query>
+          <earliest>0</earliest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">50</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_deleted.xml

@@ -0,0 +1,45 @@
+<form version="1.1">
+  <label>Domain Accounts: Deleted - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: Deleted</title>
+        <search>
+          <query>`secrpt-deleted-users($select321$)`</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.Deleted User$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_disabled.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Domain Accounts: Disabled - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: Disabled</title>
+        <search>
+          <query>|`secrpt-disabled-users($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">50</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_inactive.xml

@@ -0,0 +1,45 @@
+<form version="1.1">
+  <label>Domain Accounts: Inactive - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: Inactive</title>
+        <search>
+          <query>|`secrpt-inactive-users($select321$)`</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_new.xml

@@ -0,0 +1,45 @@
+<form version="1.1">
+  <label>Domain Accounts: New - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: New</title>
+        <search>
+          <query>`secrpt-new-users($select321$)`</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.Added User$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_noexpiry.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Domain Accounts: Non-Expiring - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: Non-Expiring</title>
+        <search>
+          <query>|`secrpt-users-that-dont-expire($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">50</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_nomanager.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Domain Accounts: No Manager - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts:  No Manager</title>
+        <search>
+          <query>|`secrpt-users-with-no-manager($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_nopasswd.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Domain Accounts: Password Not Required - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: Password Not Required</title>
+        <search>
+          <query>|`secrpt-users-that-dont-require-password($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">50</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_nopasswdexpiry.xml

@@ -0,0 +1,45 @@
+<form version="1.1">
+  <label>Domain Accounts: No Password Expiry - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: No Password Expiry</title>
+        <search>
+          <query>|`secrpt-users-whose-password-doesnt-expire($select321$)`</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_passwdtooold.xml

@@ -0,0 +1,45 @@
+<form version="1.1">
+  <label>Domain Accounts: Password Too Old - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts:  Password Too Old</title>
+        <search>
+          <query>|`secrpt-users-password-too-old($select321$)`</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_sensitive.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Domain Accounts: Sensitive - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts:  Sensitive</title>
+        <search>
+          <query>|`secrpt-sensitive-users($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_smartcard_notreq.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Domain Accounts: Smartcard Not Required - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: Smartcard Not Required</title>
+        <search>
+          <query>|`secrpt-users-no-smartcard-required($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">50</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_smartcard_req.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Domain Accounts: Smartcard Required - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: Smartcard Required</title>
+        <search>
+          <query>|`secrpt-users-smartcard-required($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">50</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_account_unused.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Domain Accounts: Unused - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Domain Accounts: Unused</title>
+        <search>
+          <query>|`secrpt-unused-users($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">50</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_user?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.user=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_computer_active.xml

@@ -0,0 +1,45 @@
+<form version="1.1">
+  <label>Computers: Active - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Computers: Active</title>
+        <search>
+          <query>`secrpt-active-computers($select321$)`</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_computer?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.computer=$row.Computer$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_computer_all.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Computers: All - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Computers: All</title>
+        <search>
+          <query>|`secrpt-all-computers($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">50</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_computer?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.computer=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_computer_alldc.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Computers: All Domain Controllers - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Computers: All Domain Controllers</title>
+        <search>
+          <query>|`secrpt-all-domain-controllers($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">row</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">50</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_computer?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.computer=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_computer_deleted.xml

@@ -0,0 +1,45 @@
+<form version="1.1">
+  <label>Computers: Deleted - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Computers: Deleted</title>
+        <search>
+          <query>`secrpt-deleted-computers($select321$)`</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="count">10</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="drilldown">cell</option>
+        <option name="rowNumbers">false</option>
+        <option name="wrap">true</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_computer?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.computer=$row.Deleted Computer$
+            ]]>
+          </link>
+		    </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_computer_disabled.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Computers: Disabled - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Computers: Disabled</title>
+        <search>
+          <query>|`secrpt-disabled-computers($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_computer?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.computer=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_computer_inactive.xml

@@ -0,0 +1,45 @@
+<form version="1.1">
+  <label>Computers: Inactive - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Computers: Inactive</title>
+        <search>
+          <query>|`secrpt-inactive-computers($select321$)`</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="count">10</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="drilldown">cell</option>
+        <option name="rowNumbers">false</option>
+        <option name="wrap">true</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_computer?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.computer=$row.Computer$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_computer_new.xml

@@ -0,0 +1,45 @@
+<form version="1.1">
+  <label>Computers: New - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+    <input type="time" token="Time" searchWhenChanged="true">
+      <label></label>
+      <default>
+        <earliest>-15m</earliest>
+        <latest>now</latest>
+      </default>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Computers: New</title>
+        <search>
+          <query>`secrpt-new-computers($select321$)`</query>
+          <earliest>$Time.earliest$</earliest>
+          <latest>$Time.latest$</latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_computer?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.computer=$row.Added Computer$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>

deployment-apps/DA-ITSI-CP-windows-dashboards/default/data/ui/views/ad_secrpt_computer_nomanager.xml

@@ -0,0 +1,38 @@
+<form version="1.1">
+  <label>Computers: No Manager - Windows</label>
+  <fieldset submitButton="false" autoRun="true">
+    <input type="dropdown" token="select321" searchWhenChanged="true">
+      <label>Domain</label>
+      <search>
+        <query>|`ad-domains` |dedup src_nt_domain|sort src_nt_domain</query>
+      </search>
+      <fieldForLabel>src_nt_domain</fieldForLabel>
+      <fieldForValue>src_nt_domain</fieldForValue>
+      <selectFirstChoice>true</selectFirstChoice>
+    </input>
+  </fieldset>
+  <row>
+    <panel>
+      <table>
+        <title>Computers: No Manager</title>
+        <search>
+          <query>|`secrpt-unmanaged-computers($select321$)`</query>
+          <earliest>0</earliest>
+          <latest></latest>
+        </search>
+        <option name="wrap">true</option>
+        <option name="rowNumbers">false</option>
+        <option name="drilldown">cell</option>
+        <option name="dataOverlayMode">none</option>
+        <option name="count">10</option>
+        <drilldown target="_blank">
+          <link>
+            <![CDATA[
+            ad_audit_computer?form.ldaprecord.nt_domain=$select321$&form.ldaprecord.computer=$row.cn$
+            ]]>
+          </link>
+        </drilldown>
+      </table>
+    </panel>
+  </row>
+</form>