{ "definition": { "data_sources": { "ds_083zujwS": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-yammer-availability", "service_id": "da-itsi-cp-m365-m365-yammer-availability" }, "name": "O365_Yammer_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-yammer-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_0RymRlVs": { "meta": { "kpi_id": "da-itsi-cp-m365-725a71f8dd373be182e37ce7", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual file share activity (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-725a71f8dd373be182e37ce7)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_0a7gzTjo": { "meta": { "kpi_id": "da-itsi-cp-m365-5bf5606cfaaf9f1e1906e0c7", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Phish not zapped because ZAP is disabled", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-5bf5606cfaaf9f1e1906e0c7)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_19eDLbgn_ds_6Er8tBuW_ds_MB73wN2g_ds_tZa7bJJY": { "name": "M_StayInformed_High", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"stayInformed\" severity=\"high\" | timechart dc(id)" }, "type": "ds.search" }, "ds_1grVt6E8": { "name": "GEO_LoginSuccessFail", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=AzureActiveDirectory Operation=UserLoggedIn OR Operation=UserLoginFailed\n|iplocation ActorIpAddress |stats count by Country | geom geo_countries featureIdField=Country" }, "type": "ds.search" }, "ds_1tgPt3mh": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-azuread-performance", "service_id": "da-itsi-cp-m365-m365-azuread-performance" }, "name": "O365_AzureAD_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-azuread-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_3uckpPxG": { "meta": { "kpi_id": "da-itsi-cp-m365-8523be4e51e4d22cd0adfc5f", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Tenant restricted from sending email", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-8523be4e51e4d22cd0adfc5f)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_4W0qIgiG": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-performance", "service_id": "da-itsi-cp-m365-m365-sharepoint-online-performance" }, "name": "O365_SharePoint_Online_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-sharepoint-online-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_5Fa6sA9o": { "meta": { "kpi_id": "da-itsi-cp-m365-0c81b2d51abae61cec0ef3f9", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Activity from infrequent country", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-0c81b2d51abae61cec0ef3f9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_6Er8tBuW_ds_MB73wN2g_ds_tZa7bJJY": { "name": "M_StayInformed_Normal", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"stayInformed\" severity=\"normal\" | timechart dc(id)" }, "type": "ds.search" }, "ds_6IyfamOT": { "meta": { "kpi_id": "da-itsi-cp-m365-70105ff25be7a7fa3667f158", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Activity performed by terminated user", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-70105ff25be7a7fa3667f158)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_6lonf6pu": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-teams-performance", "service_id": "da-itsi-cp-m365-m365-teams-performance" }, "name": "O365_Teams_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-teams-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_7c3Ve7MN": { "meta": { "kpi_id": "da-itsi-cp-m365-c1181e5da7c68badae4466e7", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Email messages containing malware removed after delivery", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-c1181e5da7c68badae4466e7)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_91frjQDi": { "meta": { "kpi_id": "da-itsi-cp-m365-e255403f15e56c7362f54c5a", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Ransomware activity", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e255403f15e56c7362f54c5a)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_A3bqtW6K": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-detection", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-detection)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_A9GJW0TB": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-detection", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-detection)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_APzAWCjg_ds_MB73wN2g_ds_tZa7bJJY": { "name": "M_PreventFixIssues_High", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"preventOrFixIssue\" severity=\"high\" | timechart dc(id)" }, "type": "ds.search" }, "ds_ChlhtDKE": { "meta": { "kpi_id": "da-itsi-cp-m365-78c060e47fa9f2064318598d", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Suspicious inbox manipulation rule", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-78c060e47fa9f2064318598d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_CwNHa74t": { "meta": { "kpi_id": "da-itsi-cp-m365-4e404594ca7f78ca1d5d0ab4", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Suspicious email sending patterns detected", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-4e404594ca7f78ca1d5d0ab4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_DPVZeJmE": { "meta": { "kpi_id": "da-itsi-cp-m365-1b5f52a6ba5583b91bcb7ee6", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual file deletion activity (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-1b5f52a6ba5583b91bcb7ee6)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_FiQTjw0t": { "meta": { "kpi_id": "da-itsi-cp-m365-9fa342e6bd6fa0c75ecfd9e4", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Phish delivered because a user's Junk Mail Folder is disabled", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9fa342e6bd6fa0c75ecfd9e4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_FxISLgeA": { "meta": { "kpi_id": "da-itsi-cp-m365-53826bcd8ecfef46793dce12", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual administrative activity (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-53826bcd8ecfef46793dce12)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_GvG2lfFy": { "meta": { "kpi_id": "da-itsi-cp-m365-335970fbaba5102dfcc7001e", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - A potentially malicious URL click was detected", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-335970fbaba5102dfcc7001e)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_HCyL3oA6": { "meta": { "kpi_id": "da-itsi-cp-m365-7ca96b5a3c7a8582ea11f1b3", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - User restricted from sharing forms and collecting responses", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-7ca96b5a3c7a8582ea11f1b3)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_HdhuUeLu": { "meta": { "kpi_id": "da-itsi-cp-m365-439461d009e2f0ff6ecf39b9", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Multiple storage deletion activities", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-439461d009e2f0ff6ecf39b9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_HkHxV06x": { "meta": { "kpi_id": "da-itsi-cp-m365-3be36f063bddcaf8fc2cd0f9", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Multiple VM creation activities", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-3be36f063bddcaf8fc2cd0f9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_IyVRZOxX": { "meta": { "kpi_id": "da-itsi-cp-m365-cea39bad8b93e87524d52526", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Malware detection", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-cea39bad8b93e87524d52526)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_IzbYJAsR": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-powebi-availability", "service_id": "da-itsi-cp-m365-m365-powebi-availability" }, "name": "O365_PoweBI_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-powebi-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_JOW31gSa": { "meta": { "kpi_id": "da-itsi-cp-m365-7dd5b60d312252feaf09984f", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Tenant restricted from sending unprovisioned email", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-7dd5b60d312252feaf09984f)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_JptaDvdF": { "meta": { "kpi_id": "da-itsi-cp-m365-2ef1fa92d295f04314c86998", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Admin Submission Result Completed", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-2ef1fa92d295f04314c86998)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_JqDqXdyB": { "meta": { "kpi_id": "da-itsi-cp-m365-9de0cedd8cad34b312b6c607", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Phish delivered due to an IP allow policy", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9de0cedd8cad34b312b6c607)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_JtBldVTw_ds_PWYF5H9e_ds_tZa7bJJY": { "name": "Copy of M_PlanForChange_High", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"high\" | timechart dc(id)" }, "type": "ds.search" }, "ds_K8u5tNdp": { "meta": { "kpi_id": "da-itsi-cp-m365-b018769b1369129e8f467ab9", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Form flagged and confirmed as phishing", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-b018769b1369129e8f467ab9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_LCJDIgEA": { "meta": { "kpi_id": "da-itsi-cp-m365-308db1b4e0a8b93083d63189", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Creation of forwarding/redirect rule", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-308db1b4e0a8b93083d63189)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_M7cfBfKD": { "meta": { "kpi_id": "da-itsi-cp-m365-e3d64fcd5f4743eae1c4fa18", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Email messages containing phish URLs removed after delivery", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e3d64fcd5f4743eae1c4fa18)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_MB73wN2g_ds_tZa7bJJY": { "name": "M_PreventFixIssues_Normal", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"preventOrFixIssue\" severity=\"normal\" | timechart dc(id)" }, "type": "ds.search" }, "ds_MXJZLvxK": { "meta": { "kpi_id": "da-itsi-cp-m365-f1dd06f3514cabf98288559d", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Misleading OAuth app name", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-f1dd06f3514cabf98288559d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_Mw0eQtbg": { "meta": { "kpi_id": "da-itsi-cp-m365-34b5cb3b724026b9e1e052d0", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Suspicious Email Forwarding Activity", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-34b5cb3b724026b9e1e052d0)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_NbOuEYe0": { "meta": { "kpi_id": "da-itsi-cp-m365-00d20a88bad4d66da569d8cd", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Admin triggered manual investigation of email", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-00d20a88bad4d66da569d8cd)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_OFBAMaHl": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365", "service_id": "da-itsi-cp-m365-m365" }, "name": "O365 - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_OSmztg8T": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-teams-availability", "service_id": "da-itsi-cp-m365-m365-teams-availability" }, "name": "O365_Teams_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-teams-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_OiYe7Yx4": { "meta": { "kpi_id": "da-itsi-cp-m365-ee6e4dad771d573ea72ebde5", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual file download (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-ee6e4dad771d573ea72ebde5)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_P9Fmc8jM": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-powerbi-performance", "service_id": "da-itsi-cp-m365-m365-powerbi-performance" }, "name": "O365_PowerBI_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-powerbi-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_PPUj5qKV": { "meta": { "kpi_id": "da-itsi-cp-m365-e2bcc3f70d857a221996dfae", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual impersonated activity (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e2bcc3f70d857a221996dfae)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_PWYF5H9e_ds_tZa7bJJY": { "name": "M_PlanForChange_High", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"high\" | timechart dc(id)" }, "type": "ds.search" }, "ds_QKp1TbC8": { "name": "STATS_LoginSuccess", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=AzureActiveDirectory Operation=UserLoggedIn" }, "type": "ds.search" }, "ds_R5D2vp8g": { "meta": { "kpi_id": "da-itsi-cp-m365-039b43cf4c7fc3823a5989b5", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - eDiscovery search started or exported", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-039b43cf4c7fc3823a5989b5)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_S23nHPQl": { "meta": { "kpi_id": "da-itsi-cp-m365-d9f19da945babcdba8476088", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Remediation action taken by admin on emails or URL or sender", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-d9f19da945babcdba8476088)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_S4JkpLcw": { "meta": { "kpi_id": "da-itsi-cp-m365-e068b071c2ab0484b8e0088b", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Preview: Multiple Power BI report sharing activities", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e068b071c2ab0484b8e0088b)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_SWoWEcgq": { "meta": { "kpi_id": "da-itsi-cp-m365-39d7e3fb2f19c99fff964f71", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Risky sign-in", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-39d7e3fb2f19c99fff964f71)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_SeTDp3tf": { "meta": { "kpi_id": "da-itsi-cp-m365-5c246ff1644c8289b88e1e00", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Multiple failed login attempts", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-5c246ff1644c8289b88e1e00)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_SmgYba2K": { "meta": { "kpi_id": "da-itsi-cp-m365-005c3f1e83457829d81f00f6", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Malware campaign detected after delivery", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-005c3f1e83457829d81f00f6)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_Spsqbzoa": { "meta": { "kpi_id": "da-itsi-cp-m365-ff3e9770c49ed7a45ffe3b84", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Phish delivered due to an ETR override", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-ff3e9770c49ed7a45ffe3b84)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_TwYKtIyo": { "meta": { "kpi_id": "da-itsi-cp-m365-9f412f2ba47006224e7f1bbb", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Unusual increase in email reported as phish", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9f412f2ba47006224e7f1bbb)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_UPaPYxm6": { "meta": { "kpi_id": "da-itsi-cp-m365-35a40df6a4b5a4d655cf4066", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Email reported by user as malware or phish", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-35a40df6a4b5a4d655cf4066)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_V4TbdOXR": { "meta": { "kpi_id": "da-itsi-cp-m365-33f7d1dfed53a52c8b23d636", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Suspicious OAuth app file download activities", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-33f7d1dfed53a52c8b23d636)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_Y6IwBvGD": { "meta": { "kpi_id": "da-itsi-cp-m365-9a98c6411cf1054c3ad37c23", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Form blocked due to potential phishing attempt", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9a98c6411cf1054c3ad37c23)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_YnDq7wLF": { "name": "SV_service_degradation", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceDegradation\" | dedup id | timechart count" }, "type": "ds.search" }, "ds_bHGWKEHp": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-exchange-performance", "service_id": "da-itsi-cp-m365-m365-exchange-performance" }, "name": "O365_Exchange_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-exchange-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_cKi7WOpX": { "meta": { "kpi_id": "da-itsi-cp-m365-4ecdcf1629fe1dbda1e73b2c", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Email sending limit exceeded", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-4ecdcf1629fe1dbda1e73b2c)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_cfGSE4oD": { "meta": { "kpi_id": "da-itsi-cp-m365-b2e7e08b7c45daa9d2d1ffcf", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Malware campaign detected in SharePoint and OneDrive", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-b2e7e08b7c45daa9d2d1ffcf)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_cplJ88yB": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-management", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-management)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_diArV7Gu": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365", "service_id": "da-itsi-cp-m365-m365" }, "name": "O365 - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_eqcIwRxM": { "meta": { "kpi_id": "da-itsi-cp-m365-94bdd447b34e462623ba7ad8", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Impossible travel", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-94bdd447b34e462623ba7ad8)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_fFgWwN2t": { "meta": { "kpi_id": "da-itsi-cp-m365-d201d46cdda4083443f8b146", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Preview: Suspicious change of CloudTrail logging service", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-d201d46cdda4083443f8b146)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_gOcfSjLP": { "meta": { "kpi_id": "da-itsi-cp-m365-e62b37aeba6eb6910d9b3fb4", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Preview: Suspicious Power BI report sharing", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e62b37aeba6eb6910d9b3fb4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_hEomd24i": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-management", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-management)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_iDvy3I5y": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-availability", "service_id": "da-itsi-cp-m365-m365-sharepoint-online-availability" }, "name": "O365_SharePoint_Online_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-sharepoint-online-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_iMkpBdOw": { "meta": { "kpi_id": "da-itsi-cp-m365-dbd94f6bbdc658d6b777efc1", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual addition of credentials to an OAuth app", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-dbd94f6bbdc658d6b777efc1)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_kEmJGZGh": { "meta": { "kpi_id": "da-itsi-cp-m365-a5b963ff18821c61b301f437", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - User restricted from sending email", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-a5b963ff18821c61b301f437)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_lmnRgCPJ": { "meta": { "kpi_id": "da-itsi-cp-m365-b48c41aca99df54f077082c3", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Multiple delete VM activities", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-b48c41aca99df54f077082c3)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_m6nQCit8": { "meta": { "kpi_id": "da-itsi-cp-m365-1179499a9bbe188261dc59b6", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Data exfiltration to unsanctioned apps", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-1179499a9bbe188261dc59b6)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_mQ9gLHEF": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-onedrive-availability", "service_id": "da-itsi-cp-m365-m365-onedrive-availability" }, "name": "O365_OneDrive_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-onedrive-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_mtIXHc7y": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-exchange-availability", "service_id": "da-itsi-cp-m365-m365-exchange-availability" }, "name": "O365_Exchange_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-exchange-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_n7Kbwg3j": { "meta": { "kpi_id": "da-itsi-cp-m365-2c1ee3c3072dc1a59d92d9c9", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Activity from anonymous IP addresses", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-2c1ee3c3072dc1a59d92d9c9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_nSJVmBZI": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-azuread-availability", "service_id": "da-itsi-cp-m365-m365-azuread-availability" }, "name": "O365_AzureAD_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-azuread-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_ncxoJa95": { "meta": { "kpi_id": "da-itsi-cp-m365-2fd6695634044151e6a32eee", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Successful exact data match upload", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-2fd6695634044151e6a32eee)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_pFzL0388": { "meta": { "kpi_id": "da-itsi-cp-m365-badccea130915197605e1250", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Failed exact data match upload", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-badccea130915197605e1250)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_pdohGLDI": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-yammer-performance", "service_id": "da-itsi-cp-m365-m365-yammer-performance" }, "name": "O365_Yammer_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-yammer-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_pkkMijtJ": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-security", "service_id": "da-itsi-cp-m365-m365-security" }, "name": "O365_Security - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-security)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_qI2sr98f": { "meta": { "kpi_id": "da-itsi-cp-m365-bc3fd6b828df45db7cf1c41c", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Suspicious email deletion activity (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-bc3fd6b828df45db7cf1c41c)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_qf5Odg58": { "name": "SV_service_interruption", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceInterruption\" | dedup id | timechart count" }, "type": "ds.search" }, "ds_sOuC6KP0": { "meta": { "kpi_id": "da-itsi-cp-m365-27c1e7c5de9f8f8f9259d2f5", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Suspicious inbox forwarding", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-27c1e7c5de9f8f8f9259d2f5)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_sWtjDtCY": { "meta": { "kpi_id": "da-itsi-cp-m365-af1f6fffe44ddaa3242707ad", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Malware campaign detected and blocked", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-af1f6fffe44ddaa3242707ad)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_t0kZ7Eme": { "name": "SV_investigating", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"investigating\" | dedup id | timechart count" }, "type": "ds.search" }, "ds_t8tkHKBL": { "meta": { "kpi_id": "da-itsi-cp-m365-6977aee5803a6401e3eeb079", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Malicious OAuth app consent", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-6977aee5803a6401e3eeb079)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_tZa7bJJY": { "name": "M_PlanForChange_Normal", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"normal\" | timechart dc(id)" }, "type": "ds.search" }, "ds_vNZD8LDw": { "name": "SV_service_restored", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceRestored\" | dedup id | timechart count" }, "type": "ds.search" }, "ds_vjtep4Mt": { "meta": { "kpi_id": "da-itsi-cp-m365-6543fc19e5b43a24acb4f9e1", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Email messages containing malicious file removed after delivery\u200b", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-6543fc19e5b43a24acb4f9e1)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_vtjODuQ4": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-onedrive-performance", "service_id": "da-itsi-cp-m365-m365-onedrive-performance" }, "name": "O365_OneDrive_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-onedrive-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_wManXMy2": { "meta": { "kpi_id": "da-itsi-cp-m365-9da46ed16abfd5cbaedb709a", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Leaked credentials", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9da46ed16abfd5cbaedb709a)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_xe6ZHJYv": { "meta": { "kpi_id": "da-itsi-cp-m365-fbf479a0530fe57af9776410", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - MIP AutoLabel simulation completed", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-fbf479a0530fe57af9776410)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_xizAFB3w": { "meta": { "kpi_id": "da-itsi-cp-m365-de58bc9bbc4768406116b8c4", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Misleading publisher name for an OAuth app", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-de58bc9bbc4768406116b8c4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_y7c2PMC0": { "meta": { "kpi_id": "da-itsi-cp-m365-494e7910f769e401e422bd22", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Malware not zapped because ZAP is disabled", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-494e7910f769e401e422bd22)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_yZUQHbXW": { "meta": { "kpi_id": "da-itsi-cp-m365-3add69e6499e96fbff2fe40d", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Activity from suspicious IP addresses", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-3add69e6499e96fbff2fe40d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_ziNb4LvN": { "meta": { "kpi_id": "da-itsi-cp-m365-dcd5a864c27b4f1b0f4e6dcf", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - Email messages containing malicious URL removed after delivery\u200b", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-dcd5a864c27b4f1b0f4e6dcf)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" } }, "defaults": { "dataSources": { "global": { "options": { "queryParameters": { "earliest": "$global_time.earliest$", "latest": "$global_time.latest$" }, "refresh": "$global_refresh_rate$", "refreshType": "delay" } } } }, "description": "", "inputs": { "input_global_refresh_rate": { "data_sources": {}, "options": { "defaultValue": "300s", "items": [ { "label": "1 Minute", "value": "60s" }, { "label": "5 Minutes", "value": "300s" }, { "label": "30 Minutes", "value": "1800s" }, { "label": "1 Hour", "value": "3600s" }, { "label": "24 Hours", "value": "86400s" } ], "token": "global_refresh_rate" }, "title": "Global Refresh Rate", "type": "input.dropdown" }, "input_global_trp": { "data_sources": {}, "options": { "defaultValue": "-24h@h, now", "token": "global_time" }, "title": "Global Time Range", "type": "input.timerange" } }, "layout": { "global_inputs": [ "input_global_trp", "input_global_refresh_rate" ], "options": { "background_color": "#FFFFFF", "background_image": { "size_type": "contain", "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-o365-background", "x": 0.0, "y": 0.0 }, "display": "auto-scale", "height": 1080.0, "show_title_and_description": true, "width": 1920.0 }, "structure": [ { "item": "viz_e07npRtT", "position": { "from": { "x": 4, "y": 64 }, "to": { "x": 496, "y": 64 } }, "type": "line" }, { "item": "viz_GqEHllzp", "position": { "from": { "x": 504, "y": 64 }, "to": { "x": 985, "y": 64 } }, "type": "line" }, { "item": "viz_pXzllOTn", "position": { "from": { "x": 992, "y": 64 }, "to": { "x": 1477, "y": 64 } }, "type": "line" }, { "item": "viz_SO7qXdVQ", "position": { "from": { "x": 1486, "y": 64 }, "to": { "x": 1915, "y": 65 } }, "type": "line" }, { "item": "viz_A7qtMRVE", "position": { "from": { "x": 1488, "y": 174 }, "to": { "x": 1917, "y": 175 } }, "type": "line" }, { "item": "viz_zF9Wj4Db", "position": { "from": { "x": 994, "y": 265 }, "to": { "x": 1479, "y": 265 } }, "type": "line" }, { "item": "viz_fGYSmSBO", "position": { "from": { "x": 506, "y": 303 }, "to": { "x": 987, "y": 303 } }, "type": "line" }, { "item": "viz_PbbrPMyo", "position": { "from": { "x": 1488, "y": 294 }, "to": { "x": 1917, "y": 295 } }, "type": "line" }, { "item": "viz_4DWqvA8O", "position": { "from": { "x": -6, "y": 526 }, "to": { "x": 486, "y": 526 } }, "type": "line" }, { "item": "viz_druTJqGo", "position": { "from": { "x": -4, "y": 764 }, "to": { "x": 488, "y": 764 } }, "type": "line" }, { "item": "viz_1iiLDkYH", "position": { "from": { "x": 501, "y": 525 }, "to": { "x": 982, "y": 525 } }, "type": "line" }, { "item": "viz_DOLGDqRS", "position": { "from": { "x": 503, "y": 676 }, "to": { "x": 984, "y": 676 } }, "type": "line" }, { "item": "viz_Q7m8dKqi", "position": { "from": { "x": 499, "y": 785 }, "to": { "x": 980, "y": 785 } }, "type": "line" }, { "item": "viz_zRota3sv", "position": { "from": { "x": 996, "y": 526 }, "to": { "x": 1477, "y": 526 } }, "type": "line" }, { "item": "viz_M291DEZJ", "position": { "from": { "x": 501, "y": 895 }, "to": { "x": 982, "y": 895 } }, "type": "line" }, { "item": "viz_MhpOv3aw", "position": { "h": 690, "w": 420, "x": 1490, "y": 350 }, "type": "block" }, { "item": "viz_J6KwDTd8", "position": { "h": 140, "w": 140, "x": 1500, "y": 360 }, "type": "block" }, { "item": "viz_nIrV6Ji9", "position": { "h": 140, "w": 140, "x": 1500, "y": 360 }, "type": "block" }, { "item": "viz_xXeloVvu", "position": { "h": 50, "w": 102, "x": 1520, "y": 500 }, "type": "block" }, { "item": "viz_kUriycSm", "position": { "h": 90, "w": 110, "x": 1510, "y": 560 }, "type": "block" }, { "item": "viz_6dWLMKtj", "position": { "h": 50, "w": 300, "x": 1490, "y": 670 }, "type": "block" }, { "item": "viz_iv6RxEqP", "position": { "h": 30, "w": 300, "x": 0, "y": 0 }, "type": "block" }, { "item": "viz_zJNts59u", "position": { "h": 40, "w": 30, "x": 1490, "y": 790 }, "type": "block" }, { "item": "viz_Msnfwxsk", "position": { "h": 30, "w": 30, "x": 1490, "y": 830 }, "type": "block" }, { "item": "viz_JCCVvLNl", "position": { "h": 40, "w": 40, "x": 1487, "y": 750 }, "type": "block" }, { "item": "viz_knrg7InH", "position": { "h": 30, "w": 30, "x": 1490, "y": 870 }, "type": "block" }, { "item": "viz_f1nnmVoq", "position": { "h": 30, "w": 30, "x": 1490, "y": 910 }, "type": "block" }, { "item": "viz_HLeZ2fmX", "position": { "h": 39, "w": 120, "x": 1590, "y": 710 }, "type": "block" }, { "item": "viz_X5QKAF37", "position": { "h": 39, "w": 120, "x": 1760, "y": 710 }, "type": "block" }, { "item": "viz_yOaoYAxD", "position": { "h": 40, "w": 170, "x": 1550, "y": 750 }, "type": "block" }, { "item": "viz_UwnHVqVF", "position": { "h": 40, "w": 170, "x": 1550, "y": 790 }, "type": "block" }, { "item": "viz_iwFY6Ssb", "position": { "h": 40, "w": 170, "x": 1550, "y": 830 }, "type": "block" }, { "item": "viz_flBLmnqx", "position": { "h": 40, "w": 170, "x": 1550, "y": 870 }, "type": "block" }, { "item": "viz_bUafuQtj", "position": { "h": 40, "w": 170, "x": 1720, "y": 910 }, "type": "block" }, { "item": "viz_lpsEPULV", "position": { "h": 40, "w": 170, "x": 1720, "y": 870 }, "type": "block" }, { "item": "viz_faHkI0RF", "position": { "h": 40, "w": 170, "x": 1720, "y": 830 }, "type": "block" }, { "item": "viz_Qnh2MTYs", "position": { "h": 40, "w": 170, "x": 1720, "y": 790 }, "type": "block" }, { "item": "viz_uHMieKhH", "position": { "h": 40, "w": 170, "x": 1720, "y": 750 }, "type": "block" }, { "item": "viz_NOE2ckl3", "position": { "h": 40, "w": 170, "x": 1720, "y": 950 }, "type": "block" }, { "item": "viz_bPHMNgGr", "position": { "h": 40, "w": 170, "x": 1550, "y": 950 }, "type": "block" }, { "item": "viz_EjMvfKEx", "position": { "h": 32, "w": 34, "x": 1490, "y": 950 }, "type": "block" }, { "item": "viz_yXyIxA4f", "position": { "h": 50, "w": 300, "x": 0, "y": 80 }, "type": "block" }, { "item": "viz_o7uaQZLl", "position": { "h": 40, "w": 170, "x": 1550, "y": 910 }, "type": "block" }, { "item": "viz_fFKPc8bn", "position": { "h": 39, "w": 280, "x": 230, "y": 40 }, "type": "block" }, { "item": "viz_5E8nKEXP", "position": { "h": 40, "w": 170, "x": 310, "y": 70 }, "type": "block" }, { "item": "viz_NbXQU8FX", "position": { "h": 50, "w": 310, "x": 0, "y": 120 }, "type": "block" }, { "item": "viz_kywMljXX", "position": { "h": 40, "w": 170, "x": 310, "y": 110 }, "type": "block" }, { "item": "viz_eeCzp2Ul", "position": { "h": 50, "w": 300, "x": 0, "y": 160 }, "type": "block" }, { "item": "viz_yX6yjECc", "position": { "h": 40, "w": 170, "x": 310, "y": 150 }, "type": "block" }, { "item": "viz_UuzxaZMP", "position": { "h": 50, "w": 300, "x": 500, "y": 80 }, "type": "block" }, { "item": "viz_ZNtvfCGp", "position": { "h": 39, "w": 310, "x": 680, "y": 40 }, "type": "block" }, { "item": "viz_njWrjxyu", "position": { "h": 40, "w": 170, "x": 810, "y": 70 }, "type": "block" }, { "item": "viz_l1YN5Sig", "position": { "h": 50, "w": 300, "x": 500, "y": 120 }, "type": "block" }, { "item": "viz_dg6XCg5A", "position": { "h": 40, "w": 170, "x": 810, "y": 110 }, "type": "block" }, { "item": "viz_RTKIBRTS", "position": { "h": 50, "w": 300, "x": 500, "y": 160 }, "type": "block" }, { "item": "viz_VRrzLAHZ", "position": { "h": 40, "w": 170, "x": 810, "y": 150 }, "type": "block" }, { "item": "viz_ESz9mVYO", "position": { "h": 39, "w": 290, "x": 1190, "y": 40 }, "type": "block" }, { "item": "viz_IwUtEHGT", "position": { "h": 50, "w": 300, "x": 500, "y": 200 }, "type": "block" }, { "item": "viz_3Iowfd7k", "position": { "h": 40, "w": 170, "x": 810, "y": 190 }, "type": "block" }, { "item": "viz_fvbZF8GH", "position": { "h": 50, "w": 300, "x": 990, "y": 80 }, "type": "block" }, { "item": "viz_vuAzorOL", "position": { "h": 40, "w": 170, "x": 1300, "y": 70 }, "type": "block" }, { "item": "viz_kJ0GERvm", "position": { "h": 50, "w": 300, "x": 990, "y": 120 }, "type": "block" }, { "item": "viz_nQ77O1zs", "position": { "h": 40, "w": 170, "x": 1300, "y": 110 }, "type": "block" }, { "item": "viz_Htl2h1HP", "position": { "h": 50, "w": 300, "x": 990, "y": 160 }, "type": "block" }, { "item": "viz_1E10aEuW", "position": { "h": 40, "w": 170, "x": 1300, "y": 150 }, "type": "block" }, { "item": "viz_ZBuNBTtI", "position": { "h": 50, "w": 240, "x": 1490, "y": 80 }, "type": "block" }, { "item": "viz_46Ax7e4W", "position": { "h": 39, "w": 200, "x": 1720, "y": 40 }, "type": "block" }, { "item": "viz_FPonYmN1", "position": { "h": 40, "w": 170, "x": 1740, "y": 70 }, "type": "block" }, { "item": "viz_uajhi8uF", "position": { "h": 50, "w": 240, "x": 1490, "y": 120 }, "type": "block" }, { "item": "viz_uV1lEu9i", "position": { "h": 40, "w": 170, "x": 1740, "y": 110 }, "type": "block" }, { "item": "viz_3rVie7Mv", "position": { "h": 50, "w": 230, "x": 1490, "y": 190 }, "type": "block" }, { "item": "viz_iHzuZnIE", "position": { "h": 40, "w": 170, "x": 1740, "y": 180 }, "type": "block" }, { "item": "viz_i8zBAwOD", "position": { "h": 39, "w": 160, "x": 1780, "y": 150 }, "type": "block" }, { "item": "viz_VYaVWqZl", "position": { "h": 50, "w": 240, "x": 1490, "y": 230 }, "type": "block" }, { "item": "viz_rJBKxdF7", "position": { "h": 40, "w": 170, "x": 1740, "y": 220 }, "type": "block" }, { "item": "viz_zBUo1kTi", "position": { "h": 50, "w": 300, "x": 500, "y": 240 }, "type": "block" }, { "item": "viz_Y2nD0ueG", "position": { "h": 40, "w": 170, "x": 810, "y": 230 }, "type": "block" }, { "item": "viz_ayb46Es4", "position": { "h": 50, "w": 300, "x": 0, "y": 200 }, "type": "block" }, { "item": "viz_LnPbuW7n", "position": { "h": 50, "w": 300, "x": 0, "y": 240 }, "type": "block" }, { "item": "viz_WtqcgXRV", "position": { "h": 50, "w": 300, "x": 0, "y": 280 }, "type": "block" }, { "item": "viz_3SR1CB1a", "position": { "h": 50, "w": 300, "x": 0, "y": 320 }, "type": "block" }, { "item": "viz_HRZaAZoY", "position": { "h": 50, "w": 300, "x": 0, "y": 360 }, "type": "block" }, { "item": "viz_3ueBQk4g", "position": { "h": 30, "w": 340, "x": 0, "y": 460 }, "type": "block" }, { "item": "viz_uA9pZmBf", "position": { "h": 40, "w": 170, "x": 310, "y": 190 }, "type": "block" }, { "item": "viz_sxYnuNFH", "position": { "h": 40, "w": 170, "x": 310, "y": 230 }, "type": "block" }, { "item": "viz_5tXZZwV1", "position": { "h": 40, "w": 170, "x": 310, "y": 270 }, "type": "block" }, { "item": "viz_JcKmK6f7", "position": { "h": 40, "w": 170, "x": 310, "y": 310 }, "type": "block" }, { "item": "viz_9JXOY4Gm", "position": { "h": 40, "w": 170, "x": 310, "y": 350 }, "type": "block" }, { "item": "viz_leE1LqwQ", "position": { "h": 50, "w": 310, "x": 990, "y": 200 }, "type": "block" }, { "item": "viz_TolyzYYO", "position": { "h": 40, "w": 170, "x": 1300, "y": 190 }, "type": "block" }, { "item": "viz_y0z9XjBr", "position": { "h": 39, "w": 270, "x": 1210, "y": 240 }, "type": "block" }, { "item": "viz_hpLoI6sJ", "position": { "h": 50, "w": 300, "x": 990, "y": 270 }, "type": "block" }, { "item": "viz_edxLOEOw", "position": { "h": 40, "w": 170, "x": 1300, "y": 270 }, "type": "block" }, { "item": "viz_7EjYdYLn", "position": { "h": 50, "w": 300, "x": 990, "y": 310 }, "type": "block" }, { "item": "viz_5ZsBdWUr", "position": { "h": 40, "w": 170, "x": 1300, "y": 310 }, "type": "block" }, { "item": "viz_5a71PUFr", "position": { "h": 50, "w": 300, "x": 990, "y": 350 }, "type": "block" }, { "item": "viz_ptbnUjOD", "position": { "h": 40, "w": 170, "x": 1300, "y": 350 }, "type": "block" }, { "item": "viz_Bh0UmeX4", "position": { "h": 50, "w": 300, "x": 990, "y": 390 }, "type": "block" }, { "item": "viz_XWROmSjL", "position": { "h": 40, "w": 170, "x": 1300, "y": 390 }, "type": "block" }, { "item": "viz_4DrdnagR", "position": { "h": 50, "w": 300, "x": 990, "y": 430 }, "type": "block" }, { "item": "viz_Kzsdg7ps", "position": { "h": 40, "w": 170, "x": 1300, "y": 430 }, "type": "block" }, { "item": "viz_Umd44sHd", "position": { "h": 39, "w": 150, "x": 850, "y": 280 }, "type": "block" }, { "item": "viz_erpVALBK", "position": { "h": 50, "w": 300, "x": 500, "y": 320 }, "type": "block" }, { "item": "viz_OkKJN0sV", "position": { "h": 40, "w": 170, "x": 810, "y": 310 }, "type": "block" }, { "item": "viz_68VfaK37", "position": { "h": 50, "w": 300, "x": 500, "y": 360 }, "type": "block" }, { "item": "viz_g3Fjz3Bj", "position": { "h": 40, "w": 170, "x": 810, "y": 350 }, "type": "block" }, { "item": "viz_n1qvLBQA", "position": { "h": 50, "w": 300, "x": 500, "y": 400 }, "type": "block" }, { "item": "viz_LTzFXuv0", "position": { "h": 40, "w": 170, "x": 810, "y": 390 }, "type": "block" }, { "item": "viz_ASboNwDu", "position": { "h": 28, "w": 160, "x": 1780, "y": 271 }, "type": "block" }, { "item": "viz_3U6anbbB", "position": { "h": 50, "w": 240, "x": 1490, "y": 300 }, "type": "block" }, { "item": "viz_Gs29Q9B0", "position": { "h": 40, "w": 170, "x": 1740, "y": 300 }, "type": "block" }, { "item": "viz_MbHfFphf", "position": { "h": 50, "w": 300, "x": 0, "y": 530 }, "type": "block" }, { "item": "viz_GYlYEiNj", "position": { "h": 50, "w": 300, "x": 500, "y": 1030 }, "type": "block" }, { "item": "viz_3TmGm2Tt", "position": { "h": 50, "w": 300, "x": 993, "y": 810 }, "type": "block" }, { "item": "viz_6FWnIwIk", "position": { "h": 50, "w": 320, "x": 500, "y": 790 }, "type": "block" }, { "item": "viz_acajsYlE", "position": { "h": 50, "w": 300, "x": 500, "y": 830 }, "type": "block" }, { "item": "viz_e6YPzDYx", "position": { "h": 50, "w": 300, "x": 993, "y": 730 }, "type": "block" }, { "item": "viz_ALXL6Mbh", "position": { "h": 50, "w": 300, "x": 0, "y": 610 }, "type": "block" }, { "item": "viz_sovXyfkp", "position": { "h": 50, "w": 300, "x": 0, "y": 650 }, "type": "block" }, { "item": "viz_VJ2n8yNY", "position": { "h": 50, "w": 300, "x": 500, "y": 530 }, "type": "block" }, { "item": "viz_bSIanwmA", "position": { "h": 50, "w": 300, "x": 500, "y": 950 }, "type": "block" }, { "item": "viz_VFzTB4Pr", "position": { "h": 50, "w": 250, "x": 500, "y": 980 }, "type": "block" }, { "item": "viz_zvFeUNjk", "position": { "h": 50, "w": 300, "x": 993, "y": 770 }, "type": "block" }, { "item": "viz_G8vGykMo", "position": { "h": 50, "w": 300, "x": 500, "y": 560 }, "type": "block" }, { "item": "viz_rgocUz6k", "position": { "h": 50, "w": 300, "x": 500, "y": 600 }, "type": "block" }, { "item": "viz_f7xbUukE", "position": { "h": 50, "w": 300, "x": 0, "y": 560 }, "type": "block" }, { "item": "viz_j8l7m0H7", "position": { "h": 50, "w": 330, "x": 0, "y": 930 }, "type": "block" }, { "item": "viz_J2IQafnT", "position": { "h": 50, "w": 300, "x": 500, "y": 690 }, "type": "block" }, { "item": "viz_Z9BBHwYs", "position": { "h": 50, "w": 300, "x": 500, "y": 730 }, "type": "block" }, { "item": "viz_3qjg5Vht", "position": { "h": 50, "w": 300, "x": 993, "y": 530 }, "type": "block" }, { "item": "viz_YlOemvm4", "position": { "h": 50, "w": 300, "x": 993, "y": 560 }, "type": "block" }, { "item": "viz_v4edEl0J", "position": { "h": 50, "w": 300, "x": 0, "y": 970 }, "type": "block" }, { "item": "viz_jJDeClfA", "position": { "h": 50, "w": 300, "x": 993, "y": 610 }, "type": "block" }, { "item": "viz_yCUYsRUy", "position": { "h": 50, "w": 317, "x": 993, "y": 640 }, "type": "block" }, { "item": "viz_jqzRvUIL", "position": { "h": 50, "w": 300, "x": 993, "y": 890 }, "type": "block" }, { "item": "viz_3J60cyjP", "position": { "h": 50, "w": 300, "x": 993, "y": 690 }, "type": "block" }, { "item": "viz_qg54wRGO", "position": { "h": 50, "w": 300, "x": 0, "y": 690 }, "type": "block" }, { "item": "viz_21cv3AZ5", "position": { "h": 50, "w": 300, "x": 0, "y": 770 }, "type": "block" }, { "item": "viz_kKQw0UJA", "position": { "h": 50, "w": 300, "x": 0, "y": 810 }, "type": "block" }, { "item": "viz_w7Dve9FX", "position": { "h": 50, "w": 300, "x": 0, "y": 850 }, "type": "block" }, { "item": "viz_NSNGBWTO", "position": { "h": 50, "w": 300, "x": 0, "y": 890 }, "type": "block" }, { "item": "viz_KJxZn4hH", "position": { "h": 50, "w": 260, "x": 500, "y": 900 }, "type": "block" }, { "item": "viz_AORov7pi", "position": { "h": 50, "w": 300, "x": 993, "y": 850 }, "type": "block" }, { "item": "viz_OMmqZtJ7", "position": { "h": 39, "w": 130, "x": 360, "y": 500 }, "type": "block" }, { "item": "viz_uqSpv5Kd", "position": { "h": 39, "w": 60, "x": 920, "y": 760 }, "type": "block" }, { "item": "viz_TNm0P6KB", "position": { "h": 40, "w": 200, "x": 1290, "y": 500 }, "type": "block" }, { "item": "viz_hud6a8Zx", "position": { "h": 39, "w": 60, "x": 920, "y": 870 }, "type": "block" }, { "item": "viz_OZmqKEfh", "position": { "h": 39, "w": 130, "x": 360, "y": 740 }, "type": "block" }, { "item": "viz_31gsPiP3", "position": { "h": 39, "w": 150, "x": 850, "y": 500 }, "type": "block" }, { "item": "viz_FdZ5w8Pj", "position": { "h": 39, "w": 150, "x": 840, "y": 650 }, "type": "block" }, { "item": "viz_oZNyDloj", "position": { "h": 40, "w": 320, "x": 330, "y": 0 }, "type": "block" }, { "item": "viz_47s57KFg", "position": { "h": 40, "w": 320, "x": 330, "y": 460 }, "type": "block" }, { "item": "viz_8BVAjxs4", "position": { "h": 40, "w": 170, "x": 810, "y": 900 }, "type": "block" }, { "item": "viz_b9xwtvA7", "position": { "h": 40, "w": 170, "x": 810, "y": 940 }, "type": "block" }, { "item": "viz_WrqqREjN", "position": { "h": 40, "w": 170, "x": 810, "y": 980 }, "type": "block" }, { "item": "viz_PKhHZ17Q", "position": { "h": 40, "w": 170, "x": 810, "y": 1020 }, "type": "block" }, { "item": "viz_qLKLkup8", "position": { "h": 40, "w": 170, "x": 1303, "y": 525 }, "type": "block" }, { "item": "viz_XLekoYpG", "position": { "h": 40, "w": 170, "x": 1303, "y": 565 }, "type": "block" }, { "item": "viz_nFmEyYO8", "position": { "h": 40, "w": 170, "x": 310, "y": 964 }, "type": "block" }, { "item": "viz_8zrD1Br4", "position": { "h": 40, "w": 170, "x": 1303, "y": 605 }, "type": "block" }, { "item": "viz_oDwFEYgf", "position": { "h": 40, "w": 170, "x": 1303, "y": 645 }, "type": "block" }, { "item": "viz_QL7YpTvR", "position": { "h": 40, "w": 170, "x": 1303, "y": 685 }, "type": "block" }, { "item": "viz_pKw4XeqX", "position": { "h": 40, "w": 170, "x": 1303, "y": 725 }, "type": "block" }, { "item": "viz_GCXiElFj", "position": { "h": 40, "w": 170, "x": 1303, "y": 765 }, "type": "block" }, { "item": "viz_53O2aGcj", "position": { "h": 40, "w": 170, "x": 1303, "y": 805 }, "type": "block" }, { "item": "viz_i2P1MkDJ", "position": { "h": 40, "w": 170, "x": 1303, "y": 845 }, "type": "block" }, { "item": "viz_ZUzEw1ex", "position": { "h": 40, "w": 170, "x": 1303, "y": 885 }, "type": "block" }, { "item": "viz_Eo3bH8QW", "position": { "h": 40, "w": 170, "x": 310, "y": 524 }, "type": "block" }, { "item": "viz_1RAKDpML", "position": { "h": 40, "w": 170, "x": 310, "y": 564 }, "type": "block" }, { "item": "viz_TRgHVuSZ", "position": { "h": 40, "w": 170, "x": 310, "y": 604 }, "type": "block" }, { "item": "viz_HtSNeBv8", "position": { "h": 40, "w": 170, "x": 310, "y": 644 }, "type": "block" }, { "item": "viz_hOioaWYv", "position": { "h": 40, "w": 170, "x": 310, "y": 684 }, "type": "block" }, { "item": "viz_QsFqS9sg", "position": { "h": 40, "w": 170, "x": 310, "y": 764 }, "type": "block" }, { "item": "viz_Og0GsQk1", "position": { "h": 40, "w": 170, "x": 310, "y": 804 }, "type": "block" }, { "item": "viz_RRnJDQ7E", "position": { "h": 40, "w": 170, "x": 310, "y": 844 }, "type": "block" }, { "item": "viz_mYQ3Ahj3", "position": { "h": 40, "w": 170, "x": 310, "y": 884 }, "type": "block" }, { "item": "viz_tI6cMyj4", "position": { "h": 40, "w": 170, "x": 310, "y": 924 }, "type": "block" }, { "item": "viz_SUvUV26d", "position": { "h": 40, "w": 170, "x": 810, "y": 528 }, "type": "block" }, { "item": "viz_dXNVPqpO", "position": { "h": 40, "w": 170, "x": 810, "y": 568 }, "type": "block" }, { "item": "viz_zdJ8HZR9", "position": { "h": 40, "w": 170, "x": 810, "y": 608 }, "type": "block" }, { "item": "viz_SfuaNk53", "position": { "h": 90, "w": 240, "x": 1660, "y": 560 }, "type": "block" }, { "item": "viz_rV6Lbp2z", "position": { "h": 90, "w": 240, "x": 1660, "y": 460 }, "type": "block" }, { "item": "viz_PLzLkjTj", "position": { "h": 90, "w": 240, "x": 1660, "y": 360 }, "type": "block" }, { "item": "viz_U34r2Mko", "position": { "h": 40, "w": 170, "x": 1720, "y": 990 }, "type": "block" }, { "item": "viz_8NtsaDwL", "position": { "h": 40, "w": 170, "x": 1550, "y": 990 }, "type": "block" }, { "item": "viz_FNrs1dG0", "position": { "h": 50, "w": 50, "x": 1484, "y": 980 }, "type": "block" }, { "item": "viz_K48PfzX9", "position": { "h": 40, "w": 170, "x": 810, "y": 719 }, "type": "block" }, { "item": "viz_LzfYottx", "position": { "h": 40, "w": 170, "x": 810, "y": 679 }, "type": "block" }, { "item": "viz_7bFB2xRn", "position": { "h": 40, "w": 170, "x": 810, "y": 828 }, "type": "block" }, { "item": "viz_X52TPS4s", "position": { "h": 40, "w": 170, "x": 810, "y": 788 }, "type": "block" }, { "item": "viz_Lm0jzP0o", "position": { "h": 350, "w": 1920, "x": 0, "y": 0 }, "type": "block" }, { "item": "viz_YILnsksK", "position": { "h": 150, "w": 990, "x": 0, "y": 280 }, "type": "block" }, { "item": "viz_z1Nm6ee4", "position": { "h": 230, "w": 530, "x": 960, "y": 230 }, "type": "block" }, { "item": "viz_2IAzLv4V", "position": { "h": 610, "w": 1490, "x": 0, "y": 460 }, "type": "block" }, { "item": "viz_FbngVk2R", "position": { "h": 300, "w": 170, "x": 1490, "y": 350 }, "type": "block" }, { "item": "viz_hL5NidK6", "position": { "h": 370, "w": 420, "x": 1490, "y": 670 }, "type": "block" }, { "item": "viz_tO1Cyd75", "position": { "h": 40, "w": 280, "x": 1640, "y": 0 }, "type": "block" } ], "type": "absolute" }, "title": "M365 Security Dashboard - Overview", "visualizations": { "viz_1E10aEuW": { "data_sources": { "primary": "ds_gOcfSjLP" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_1RAKDpML": { "data_sources": { "primary": "ds_7c3Ve7MN" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_1iiLDkYH": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_21cv3AZ5": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Phish delivered because a user's Junk Mail Folder is disabled" }, "type": "splunk.markdown" }, "viz_2IAzLv4V": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-management" }, "type": "drilldown.customUrl" } ], "options": { "fill_color": "transparent", "stroke_color": "transparent" }, "type": "splunk.rectangle" }, "viz_31gsPiP3": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Email: Malicious" }, "type": "splunk.markdown" }, "viz_3Iowfd7k": { "data_sources": { "primary": "ds_n7Kbwg3j" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_3J60cyjP": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Malware campaign detected in SharePoint and OneDrive" }, "type": "splunk.markdown" }, "viz_3SR1CB1a": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Multiple Failed Login Attempts" }, "type": "splunk.markdown" }, "viz_3TmGm2Tt": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Failed exact data match upload" }, "type": "splunk.markdown" }, "viz_3U6anbbB": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Preview: Suspicious Change of \nCoudTrail Logging Service" }, "type": "splunk.markdown" }, "viz_3qjg5Vht": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Tenant restricted from sending email" }, "type": "splunk.markdown" }, "viz_3rVie7Mv": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Impossible Travel" }, "type": "splunk.markdown" }, "viz_3ueBQk4g": { "options": { "customFontSize": 24.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "**Security: Threat Management**" }, "type": "splunk.markdown" }, "viz_46Ax7e4W": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Malware Ransomeware" }, "type": "splunk.markdown" }, "viz_47s57KFg": { "data_sources": { "primary": "ds_cplJ88yB" }, "options": { "background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_4DWqvA8O": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_4DrdnagR": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Data Exfiltration to Unsanctioned Apps" }, "type": "splunk.markdown" }, "viz_53O2aGcj": { "data_sources": { "primary": "ds_pFzL0388" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_5E8nKEXP": { "data_sources": { "primary": "ds_t8tkHKBL" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_5ZsBdWUr": { "data_sources": { "primary": "ds_OiYe7Yx4" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_5a71PUFr": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual File Share Activity (by user)" }, "type": "splunk.markdown" }, "viz_5tXZZwV1": { "data_sources": { "primary": "ds_SWoWEcgq" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_68VfaK37": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Suspicious Inbox Forwarding" }, "type": "splunk.markdown" }, "viz_6FWnIwIk": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Form blocked due to potential phishing attempt" }, "type": "splunk.markdown" }, "viz_6dWLMKtj": { "options": { "customFontSize": 24.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Performance & Availability" }, "type": "splunk.markdown" }, "viz_7EjYdYLn": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual File Download (by user)" }, "type": "splunk.markdown" }, "viz_7bFB2xRn": { "data_sources": { "primary": "ds_K8u5tNdp" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_8BVAjxs4": { "data_sources": { "primary": "ds_S23nHPQl" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_8NtsaDwL": { "data_sources": { "primary": "ds_P9Fmc8jM" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_8zrD1Br4": { "data_sources": { "primary": "ds_kEmJGZGh" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_9JXOY4Gm": { "data_sources": { "primary": "ds_wManXMy2" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_A7qtMRVE": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_ALXL6Mbh": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Malware campaign detected after delivery" }, "type": "splunk.markdown" }, "viz_AORov7pi": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Successful exact data match upload" }, "type": "splunk.markdown" }, "viz_ASboNwDu": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Cloud Activities" }, "type": "splunk.markdown" }, "viz_Bh0UmeX4": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Multiple Storage Deletion Activities" }, "type": "splunk.markdown" }, "viz_DOLGDqRS": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_ESz9mVYO": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "VM / Power BI Suspicious Activities" }, "type": "splunk.markdown" }, "viz_EjMvfKEx": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-azuread" }, "type": "splunk.image" }, "viz_Eo3bH8QW": { "data_sources": { "primary": "ds_UPaPYxm6" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_FNrs1dG0": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-power-bi-24x24" }, "type": "splunk.image" }, "viz_FPonYmN1": { "data_sources": { "primary": "ds_91frjQDi" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_FbngVk2R": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-executive-overview&action=view" }, "type": "drilldown.customUrl" } ], "options": { "fill_color": "transparent", "stroke_color": "transparent" }, "type": "splunk.rectangle" }, "viz_FdZ5w8Pj": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Email: Suspicious" }, "type": "splunk.markdown" }, "viz_G8vGykMo": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Email messages containing malicious URL removed after delivery" }, "type": "splunk.markdown" }, "viz_GCXiElFj": { "data_sources": { "primary": "ds_LCJDIgEA" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_GYlYEiNj": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Email sending limit exceeded" }, "type": "splunk.markdown" }, "viz_GqEHllzp": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_Gs29Q9B0": { "data_sources": { "primary": "ds_fFgWwN2t" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_HLeZ2fmX": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Performance" }, "type": "splunk.markdown" }, "viz_HRZaAZoY": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Leaked Credentials" }, "type": "splunk.markdown" }, "viz_HtSNeBv8": { "data_sources": { "primary": "ds_sWtjDtCY" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_Htl2h1HP": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Preview Suspicious PowerBI Report Sharing" }, "type": "splunk.markdown" }, "viz_IwUtEHGT": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Activity from Anonymous IP Address" }, "type": "splunk.markdown" }, "viz_J2IQafnT": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Suspicious Email Forwarding Activity" }, "type": "splunk.markdown" }, "viz_J6KwDTd8": { "data_sources": { "primary": "ds_OFBAMaHl" }, "options": { "fill_color": "> primary | seriesByName(\"alert_color\") | lastPoint()" }, "type": "splunk.rectangle" }, "viz_JCCVvLNl": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-exchange-48x48" }, "type": "splunk.image" }, "viz_JcKmK6f7": { "data_sources": { "primary": "ds_SeTDp3tf" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_K48PfzX9": { "data_sources": { "primary": "ds_CwNHa74t" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_KJxZn4hH": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Remediation action taken by admin on \nemails or URL or sender" }, "type": "splunk.markdown" }, "viz_Kzsdg7ps": { "data_sources": { "primary": "ds_m6nQCit8" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_LTzFXuv0": { "data_sources": { "primary": "ds_qI2sr98f" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_Lm0jzP0o": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection" }, "type": "drilldown.customUrl" } ], "options": { "fill_color": "transparent", "stroke_color": "transparent" }, "type": "splunk.rectangle" }, "viz_LnPbuW7n": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": " Suspicious OAuth App File Download Activities" }, "type": "splunk.markdown" }, "viz_LzfYottx": { "data_sources": { "primary": "ds_Mw0eQtbg" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_M291DEZJ": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_MbHfFphf": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Email reported by user as malware or phish" }, "type": "splunk.markdown" }, "viz_MhpOv3aw": { "options": { "fill_color": "#000000", "stroke_color": "#ffffff", "stroke_width": 2.0 }, "type": "splunk.rectangle" }, "viz_Msnfwxsk": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-sharepoint" }, "type": "splunk.image" }, "viz_NOE2ckl3": { "data_sources": { "primary": "ds_nSJVmBZI" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_NSNGBWTO": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Phish not zapped because ZAP is disabled" }, "type": "splunk.markdown" }, "viz_NbXQU8FX": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual Addition of Credential to an OAuth App" }, "type": "splunk.markdown" }, "viz_OMmqZtJ7": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Email: Malware" }, "type": "splunk.markdown" }, "viz_OZmqKEfh": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Email: Phishing" }, "type": "splunk.markdown" }, "viz_Og0GsQk1": { "data_sources": { "primary": "ds_Spsqbzoa" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_OkKJN0sV": { "data_sources": { "primary": "ds_ChlhtDKE" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_PKhHZ17Q": { "data_sources": { "primary": "ds_cKi7WOpX" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_PLzLkjTj": { "data_sources": { "primary": "ds_pkkMijtJ" }, "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-security" }, "type": "drilldown.customUrl" } ], "options": { "background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "title": "Security Overall", "type": "splunk.singlevalue" }, "viz_PbbrPMyo": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_Q7m8dKqi": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_QL7YpTvR": { "data_sources": { "primary": "ds_cfGSE4oD" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_Qnh2MTYs": { "data_sources": { "primary": "ds_mQ9gLHEF" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_QsFqS9sg": { "data_sources": { "primary": "ds_FiQTjw0t" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_RRnJDQ7E": { "data_sources": { "primary": "ds_JqDqXdyB" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_RTKIBRTS": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual Administrative Activity (by user)" }, "type": "splunk.markdown" }, "viz_SO7qXdVQ": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_SUvUV26d": { "data_sources": { "primary": "ds_GvG2lfFy" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_SfuaNk53": { "data_sources": { "primary": "ds_hEomd24i" }, "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-management" }, "type": "drilldown.customUrl" } ], "options": { "background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "title": "Threat Management", "type": "splunk.singlevalue" }, "viz_TNm0P6KB": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Security & Compliance" }, "type": "splunk.markdown" }, "viz_TRgHVuSZ": { "data_sources": { "primary": "ds_SmgYba2K" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_TolyzYYO": { "data_sources": { "primary": "ds_S4JkpLcw" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_U34r2Mko": { "data_sources": { "primary": "ds_IzbYJAsR" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_Umd44sHd": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Inbox Anomalies" }, "type": "splunk.markdown" }, "viz_UuzxaZMP": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Activity Performed by Terminated User" }, "type": "splunk.markdown" }, "viz_UwnHVqVF": { "data_sources": { "primary": "ds_vtjODuQ4" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_VFzTB4Pr": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Admin triggered manual investigation\nof email" }, "type": "splunk.markdown" }, "viz_VJ2n8yNY": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "A potentially malicious URL click was detected" }, "type": "splunk.markdown" }, "viz_VRrzLAHZ": { "data_sources": { "primary": "ds_FxISLgeA" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_VYaVWqZl": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Activity From Infrequent Country" }, "type": "splunk.markdown" }, "viz_WrqqREjN": { "data_sources": { "primary": "ds_NbOuEYe0" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_WtqcgXRV": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Risky Sign-In" }, "type": "splunk.markdown" }, "viz_X52TPS4s": { "data_sources": { "primary": "ds_Y6IwBvGD" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_X5QKAF37": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Availability" }, "type": "splunk.markdown" }, "viz_XLekoYpG": { "data_sources": { "primary": "ds_JOW31gSa" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_XWROmSjL": { "data_sources": { "primary": "ds_HdhuUeLu" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_Y2nD0ueG": { "data_sources": { "primary": "ds_PPUj5qKV" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_YILnsksK": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection" }, "type": "drilldown.customUrl" } ], "options": { "fill_color": "transparent", "stroke_color": "transparent" }, "type": "splunk.rectangle" }, "viz_YlOemvm4": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Tenant restricted from sending unprovisioned email" }, "type": "splunk.markdown" }, "viz_Z9BBHwYs": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Suspicious email sending patterns detected" }, "type": "splunk.markdown" }, "viz_ZBuNBTtI": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Ransomware Activity" }, "type": "splunk.markdown" }, "viz_ZNtvfCGp": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "User / Admin / IP Suspicious Activities" }, "type": "splunk.markdown" }, "viz_ZUzEw1ex": { "data_sources": { "primary": "ds_R5D2vp8g" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_acajsYlE": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Form flagged and confirmed as phishing" }, "type": "splunk.markdown" }, "viz_ayb46Es4": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Misleading Publisher Name for an OAuth App" }, "type": "splunk.markdown" }, "viz_b9xwtvA7": { "data_sources": { "primary": "ds_JptaDvdF" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_bPHMNgGr": { "data_sources": { "primary": "ds_1tgPt3mh" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_bSIanwmA": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Admin submission result completed" }, "type": "splunk.markdown" }, "viz_bUafuQtj": { "data_sources": { "primary": "ds_083zujwS" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_dXNVPqpO": { "data_sources": { "primary": "ds_ziNb4LvN" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_dg6XCg5A": { "data_sources": { "primary": "ds_yZUQHbXW" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_druTJqGo": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_e07npRtT": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_e6YPzDYx": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "MIP AutoLabel simulation completed" }, "type": "splunk.markdown" }, "viz_edxLOEOw": { "data_sources": { "primary": "ds_DPVZeJmE" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_eeCzp2Ul": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Misleading OAuth App Name" }, "type": "splunk.markdown" }, "viz_erpVALBK": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Suspicious Inbox Manipulation Rule" }, "type": "splunk.markdown" }, "viz_f1nnmVoq": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-yammer" }, "type": "splunk.image" }, "viz_f7xbUukE": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Email messages containing malware removed after delivery" }, "type": "splunk.markdown" }, "viz_fFKPc8bn": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Authorization / Login Anomalies" }, "type": "splunk.markdown" }, "viz_fGYSmSBO": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_faHkI0RF": { "data_sources": { "primary": "ds_iDvy3I5y" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_flBLmnqx": { "data_sources": { "primary": "ds_6lonf6pu" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_fvbZF8GH": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Multiple Delete VM Activities" }, "type": "splunk.markdown" }, "viz_g3Fjz3Bj": { "data_sources": { "primary": "ds_sOuC6KP0" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_hL5NidK6": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-overview-dashboard&action=view" }, "type": "drilldown.customUrl" } ], "options": { "fill_color": "transparent", "stroke_color": "transparent" }, "type": "splunk.rectangle" }, "viz_hOioaWYv": { "data_sources": { "primary": "ds_y7c2PMC0" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_hpLoI6sJ": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual File Deletion Activity (by user)" }, "type": "splunk.markdown" }, "viz_hud6a8Zx": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Admin" }, "type": "splunk.markdown" }, "viz_i2P1MkDJ": { "data_sources": { "primary": "ds_ncxoJa95" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_i8zBAwOD": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Geo Anomalies" }, "type": "splunk.markdown" }, "viz_iHzuZnIE": { "data_sources": { "primary": "ds_eqcIwRxM" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_iv6RxEqP": { "options": { "customFontSize": 24.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "**Security: Threat Detection**" }, "type": "splunk.markdown" }, "viz_iwFY6Ssb": { "data_sources": { "primary": "ds_4W0qIgiG" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_j8l7m0H7": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Email messages containing phish URLs removed after delivery" }, "type": "splunk.markdown" }, "viz_jJDeClfA": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "User restricted from sending email" }, "type": "splunk.markdown" }, "viz_jqzRvUIL": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "eDiscovery search started or exported" }, "type": "splunk.markdown" }, "viz_kJ0GERvm": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Multiple VM Creation Activities" }, "type": "splunk.markdown" }, "viz_kKQw0UJA": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Phish delivered due to an ETR override" }, "type": "splunk.markdown" }, "viz_kUriycSm": { "data_sources": { "primary": "ds_diArV7Gu" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "off", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "off" }, "type": "splunk.singlevalue" }, "viz_knrg7InH": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-teams" }, "type": "splunk.image" }, "viz_kywMljXX": { "data_sources": { "primary": "ds_iMkpBdOw" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_l1YN5Sig": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Activity from Suspicious IP Address" }, "type": "splunk.markdown" }, "viz_leE1LqwQ": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Preview Multiple PowerBI Report Share Activities" }, "type": "splunk.markdown" }, "viz_lpsEPULV": { "data_sources": { "primary": "ds_OSmztg8T" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_mYQ3Ahj3": { "data_sources": { "primary": "ds_0a7gzTjo" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_n1qvLBQA": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Suspicious Email Deletion Activity (by user)" }, "type": "splunk.markdown" }, "viz_nFmEyYO8": { "data_sources": { "primary": "ds_TwYKtIyo" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_nIrV6Ji9": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-office-256x256" }, "type": "splunk.image" }, "viz_nQ77O1zs": { "data_sources": { "primary": "ds_HkHxV06x" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_njWrjxyu": { "data_sources": { "primary": "ds_6IyfamOT" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_o7uaQZLl": { "data_sources": { "primary": "ds_pdohGLDI" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_oDwFEYgf": { "data_sources": { "primary": "ds_HCyL3oA6" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_oZNyDloj": { "data_sources": { "primary": "ds_A3bqtW6K" }, "options": { "background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_pKw4XeqX": { "data_sources": { "primary": "ds_xe6ZHJYv" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_pXzllOTn": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_ptbnUjOD": { "data_sources": { "primary": "ds_0RymRlVs" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_qLKLkup8": { "data_sources": { "primary": "ds_3uckpPxG" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_qg54wRGO": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Malware not zapped because ZAP is disabled" }, "type": "splunk.markdown" }, "viz_rJBKxdF7": { "data_sources": { "primary": "ds_5Fa6sA9o" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_rV6Lbp2z": { "data_sources": { "primary": "ds_A9GJW0TB" }, "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection" }, "type": "drilldown.customUrl" } ], "options": { "background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "title": "Threat Detection", "type": "splunk.singlevalue" }, "viz_rgocUz6k": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Email messages containing malicious file removed after delivery" }, "type": "splunk.markdown" }, "viz_sovXyfkp": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Malware campaign detected and blocked" }, "type": "splunk.markdown" }, "viz_sxYnuNFH": { "data_sources": { "primary": "ds_V4TbdOXR" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_tI6cMyj4": { "data_sources": { "primary": "ds_M7cfBfKD" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_tO1Cyd75": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-executive-overview&action=view" }, "type": "drilldown.customUrl" } ], "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-microsoft-365" }, "type": "splunk.image" }, "viz_uA9pZmBf": { "data_sources": { "primary": "ds_xizAFB3w" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_uHMieKhH": { "data_sources": { "primary": "ds_mtIXHc7y" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_uV1lEu9i": { "data_sources": { "primary": "ds_IyVRZOxX" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_uajhi8uF": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Malware Detection" }, "type": "splunk.markdown" }, "viz_uqSpv5Kd": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Forms" }, "type": "splunk.markdown" }, "viz_v4edEl0J": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual increase in email reported as phish" }, "type": "splunk.markdown" }, "viz_vuAzorOL": { "data_sources": { "primary": "ds_lmnRgCPJ" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_w7Dve9FX": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Phish delivered due to an IP allow policy" }, "type": "splunk.markdown" }, "viz_xXeloVvu": { "options": { "customFontSize": 25.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Overall\nHealth" }, "type": "splunk.markdown" }, "viz_y0z9XjBr": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "File / Data Suspicious Activities" }, "type": "splunk.markdown" }, "viz_yCUYsRUy": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "User restricted from sharing forms and collecting responses" }, "type": "splunk.markdown" }, "viz_yOaoYAxD": { "data_sources": { "primary": "ds_bHGWKEHp" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_yX6yjECc": { "data_sources": { "primary": "ds_MXJZLvxK" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_yXyIxA4f": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Malicious OAuth App Consent" }, "type": "splunk.markdown" }, "viz_z1Nm6ee4": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection" }, "type": "drilldown.customUrl" } ], "options": { "fill_color": "transparent", "stroke_color": "transparent" }, "type": "splunk.rectangle" }, "viz_zBUo1kTi": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual Impersonated Activity (by user)" }, "type": "splunk.markdown" }, "viz_zF9Wj4Db": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_zJNts59u": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-onedrive" }, "type": "splunk.image" }, "viz_zRota3sv": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_zdJ8HZR9": { "data_sources": { "primary": "ds_vjtep4Mt" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_zvFeUNjk": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Creation of forwarding/redirect rule" }, "type": "splunk.markdown" } } }, "description": "", "gt_version": "beta", "key": "da-itsi-cp-m365-m365-security-dashboard-overview", "latest": "now", "latest_label": "Now", "selected_swap_service_id": null, "swap_service_ids": [], "template_selected_service_id": null, "template_swappable_service_ids": [], "title": "M365 Security Dashboard - Overview", "version": "0.0.38" }