{ "definition": { "data_sources": { "ds_083zujwS": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-yammer-availability", "service_id": "da-itsi-cp-m365-m365-yammer-availability" }, "name": "O365_Yammer_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-yammer-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_0RymRlVs": { "meta": { "kpi_id": "da-itsi-cp-m365-725a71f8dd373be182e37ce7", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual file share activity (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-725a71f8dd373be182e37ce7)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_19eDLbgn_ds_6Er8tBuW_ds_MB73wN2g_ds_tZa7bJJY": { "name": "M_StayInformed_High", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"stayInformed\" severity=\"high\" | timechart dc(id)" }, "type": "ds.search" }, "ds_1grVt6E8": { "name": "GEO_LoginSuccessFail", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=AzureActiveDirectory Operation=UserLoggedIn OR Operation=UserLoginFailed\n|iplocation ActorIpAddress |stats count by Country | geom geo_countries featureIdField=Country" }, "type": "ds.search" }, "ds_1tgPt3mh": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-azuread-performance", "service_id": "da-itsi-cp-m365-m365-azuread-performance" }, "name": "O365_AzureAD_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-azuread-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_4W0qIgiG": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-performance", "service_id": "da-itsi-cp-m365-m365-sharepoint-online-performance" }, "name": "O365_SharePoint_Online_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-sharepoint-online-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_5Fa6sA9o": { "meta": { "kpi_id": "da-itsi-cp-m365-0c81b2d51abae61cec0ef3f9", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Activity from infrequent country", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-0c81b2d51abae61cec0ef3f9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_6Er8tBuW_ds_MB73wN2g_ds_tZa7bJJY": { "name": "M_StayInformed_Normal", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"stayInformed\" severity=\"normal\" | timechart dc(id)" }, "type": "ds.search" }, "ds_6IyfamOT": { "meta": { "kpi_id": "da-itsi-cp-m365-70105ff25be7a7fa3667f158", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Activity performed by terminated user", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-70105ff25be7a7fa3667f158)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_6lonf6pu": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-teams-performance", "service_id": "da-itsi-cp-m365-m365-teams-performance" }, "name": "O365_Teams_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-teams-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_91frjQDi": { "meta": { "kpi_id": "da-itsi-cp-m365-e255403f15e56c7362f54c5a", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Ransomware activity", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e255403f15e56c7362f54c5a)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_A3bqtW6K": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-detection", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-detection)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_APzAWCjg_ds_MB73wN2g_ds_tZa7bJJY": { "name": "M_PreventFixIssues_High", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"preventOrFixIssue\" severity=\"high\" | timechart dc(id)" }, "type": "ds.search" }, "ds_ChlhtDKE": { "meta": { "kpi_id": "da-itsi-cp-m365-78c060e47fa9f2064318598d", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Suspicious inbox manipulation rule", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-78c060e47fa9f2064318598d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_DPVZeJmE": { "meta": { "kpi_id": "da-itsi-cp-m365-1b5f52a6ba5583b91bcb7ee6", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual file deletion activity (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-1b5f52a6ba5583b91bcb7ee6)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_FxISLgeA": { "meta": { "kpi_id": "da-itsi-cp-m365-53826bcd8ecfef46793dce12", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual administrative activity (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-53826bcd8ecfef46793dce12)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_HdhuUeLu": { "meta": { "kpi_id": "da-itsi-cp-m365-439461d009e2f0ff6ecf39b9", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Multiple storage deletion activities", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-439461d009e2f0ff6ecf39b9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_HkHxV06x": { "meta": { "kpi_id": "da-itsi-cp-m365-3be36f063bddcaf8fc2cd0f9", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Multiple VM creation activities", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-3be36f063bddcaf8fc2cd0f9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_IyVRZOxX": { "meta": { "kpi_id": "da-itsi-cp-m365-cea39bad8b93e87524d52526", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Malware detection", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-cea39bad8b93e87524d52526)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_IzbYJAsR": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-powebi-availability", "service_id": "da-itsi-cp-m365-m365-powebi-availability" }, "name": "O365_PoweBI_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-powebi-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_JtBldVTw_ds_PWYF5H9e_ds_tZa7bJJY": { "name": "Copy of M_PlanForChange_High", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"high\" | timechart dc(id)" }, "type": "ds.search" }, "ds_MB73wN2g_ds_tZa7bJJY": { "name": "M_PreventFixIssues_Normal", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"preventOrFixIssue\" severity=\"normal\" | timechart dc(id)" }, "type": "ds.search" }, "ds_MXJZLvxK": { "meta": { "kpi_id": "da-itsi-cp-m365-f1dd06f3514cabf98288559d", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Misleading OAuth app name", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-f1dd06f3514cabf98288559d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_OFBAMaHl": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365", "service_id": "da-itsi-cp-m365-m365" }, "name": "O365 - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_OSmztg8T": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-teams-availability", "service_id": "da-itsi-cp-m365-m365-teams-availability" }, "name": "O365_Teams_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-teams-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_OiYe7Yx4": { "meta": { "kpi_id": "da-itsi-cp-m365-ee6e4dad771d573ea72ebde5", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual file download (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-ee6e4dad771d573ea72ebde5)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_P9Fmc8jM": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-powerbi-performance", "service_id": "da-itsi-cp-m365-m365-powerbi-performance" }, "name": "O365_PowerBI_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-powerbi-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_PPUj5qKV": { "meta": { "kpi_id": "da-itsi-cp-m365-e2bcc3f70d857a221996dfae", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual impersonated activity (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e2bcc3f70d857a221996dfae)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_PWYF5H9e_ds_tZa7bJJY": { "name": "M_PlanForChange_High", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"high\" | timechart dc(id)" }, "type": "ds.search" }, "ds_QKp1TbC8": { "name": "STATS_LoginSuccess", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=AzureActiveDirectory Operation=UserLoggedIn" }, "type": "ds.search" }, "ds_S4JkpLcw": { "meta": { "kpi_id": "da-itsi-cp-m365-e068b071c2ab0484b8e0088b", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Preview: Multiple Power BI report sharing activities", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e068b071c2ab0484b8e0088b)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_SWoWEcgq": { "meta": { "kpi_id": "da-itsi-cp-m365-39d7e3fb2f19c99fff964f71", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Risky sign-in", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-39d7e3fb2f19c99fff964f71)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_SeTDp3tf": { "meta": { "kpi_id": "da-itsi-cp-m365-5c246ff1644c8289b88e1e00", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Multiple failed login attempts", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-5c246ff1644c8289b88e1e00)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_V4TbdOXR": { "meta": { "kpi_id": "da-itsi-cp-m365-33f7d1dfed53a52c8b23d636", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Suspicious OAuth app file download activities", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-33f7d1dfed53a52c8b23d636)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_YnDq7wLF": { "name": "SV_service_degradation", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceDegradation\" | dedup id | timechart count" }, "type": "ds.search" }, "ds_bHGWKEHp": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-exchange-performance", "service_id": "da-itsi-cp-m365-m365-exchange-performance" }, "name": "O365_Exchange_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-exchange-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_diArV7Gu": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365", "service_id": "da-itsi-cp-m365-m365" }, "name": "O365 - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_eqcIwRxM": { "meta": { "kpi_id": "da-itsi-cp-m365-94bdd447b34e462623ba7ad8", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Impossible travel", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-94bdd447b34e462623ba7ad8)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_fFgWwN2t": { "meta": { "kpi_id": "da-itsi-cp-m365-d201d46cdda4083443f8b146", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Preview: Suspicious change of CloudTrail logging service", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-d201d46cdda4083443f8b146)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_gOcfSjLP": { "meta": { "kpi_id": "da-itsi-cp-m365-e62b37aeba6eb6910d9b3fb4", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Preview: Suspicious Power BI report sharing", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e62b37aeba6eb6910d9b3fb4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_hEomd24i": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-management", "service_id": "da-itsi-cp-m365-m365-threat-management" }, "name": "O365_Threat Management - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-management)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_iDvy3I5y": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-availability", "service_id": "da-itsi-cp-m365-m365-sharepoint-online-availability" }, "name": "O365_SharePoint_Online_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-sharepoint-online-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_iMkpBdOw": { "meta": { "kpi_id": "da-itsi-cp-m365-dbd94f6bbdc658d6b777efc1", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Unusual addition of credentials to an OAuth app", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-dbd94f6bbdc658d6b777efc1)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_lmnRgCPJ": { "meta": { "kpi_id": "da-itsi-cp-m365-b48c41aca99df54f077082c3", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Multiple delete VM activities", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-b48c41aca99df54f077082c3)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_m6nQCit8": { "meta": { "kpi_id": "da-itsi-cp-m365-1179499a9bbe188261dc59b6", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Data exfiltration to unsanctioned apps", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-1179499a9bbe188261dc59b6)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_mQ9gLHEF": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-onedrive-availability", "service_id": "da-itsi-cp-m365-m365-onedrive-availability" }, "name": "O365_OneDrive_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-onedrive-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_mtIXHc7y": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-exchange-availability", "service_id": "da-itsi-cp-m365-m365-exchange-availability" }, "name": "O365_Exchange_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-exchange-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_n7Kbwg3j": { "meta": { "kpi_id": "da-itsi-cp-m365-2c1ee3c3072dc1a59d92d9c9", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Activity from anonymous IP addresses", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-2c1ee3c3072dc1a59d92d9c9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_nSJVmBZI": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-azuread-availability", "service_id": "da-itsi-cp-m365-m365-azuread-availability" }, "name": "O365_AzureAD_Availability - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-azuread-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_pdohGLDI": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-yammer-performance", "service_id": "da-itsi-cp-m365-m365-yammer-performance" }, "name": "O365_Yammer_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-yammer-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_pkkMijtJ": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-security", "service_id": "da-itsi-cp-m365-m365-security" }, "name": "O365_Security - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-security)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_qI2sr98f": { "meta": { "kpi_id": "da-itsi-cp-m365-bc3fd6b828df45db7cf1c41c", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Suspicious email deletion activity (by user)", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-bc3fd6b828df45db7cf1c41c)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_qf5Odg58": { "name": "SV_service_interruption", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceInterruption\" | dedup id | timechart count" }, "type": "ds.search" }, "ds_sOuC6KP0": { "meta": { "kpi_id": "da-itsi-cp-m365-27c1e7c5de9f8f8f9259d2f5", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Suspicious inbox forwarding", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-27c1e7c5de9f8f8f9259d2f5)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_t0kZ7Eme": { "name": "SV_investigating", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"investigating\" | dedup id | timechart count" }, "type": "ds.search" }, "ds_t8tkHKBL": { "meta": { "kpi_id": "da-itsi-cp-m365-6977aee5803a6401e3eeb079", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Malicious OAuth app consent", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-6977aee5803a6401e3eeb079)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_tZa7bJJY": { "name": "M_PlanForChange_Normal", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"normal\" | timechart dc(id)" }, "type": "ds.search" }, "ds_vNZD8LDw": { "name": "SV_service_restored", "options": { "query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceRestored\" | dedup id | timechart count" }, "type": "ds.search" }, "ds_vtjODuQ4": { "meta": { "kpi_id": "SHKPI-da-itsi-cp-m365-m365-onedrive-performance", "service_id": "da-itsi-cp-m365-m365-onedrive-performance" }, "name": "O365_OneDrive_Performance - ServiceHealthScore", "options": { "query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-onedrive-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_wManXMy2": { "meta": { "kpi_id": "da-itsi-cp-m365-9da46ed16abfd5cbaedb709a", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Leaked credentials", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9da46ed16abfd5cbaedb709a)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_xizAFB3w": { "meta": { "kpi_id": "da-itsi-cp-m365-de58bc9bbc4768406116b8c4", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Misleading publisher name for an OAuth app", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-de58bc9bbc4768406116b8c4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" }, "ds_yZUQHbXW": { "meta": { "kpi_id": "da-itsi-cp-m365-3add69e6499e96fbff2fe40d", "service_id": "da-itsi-cp-m365-m365-threat-detection" }, "name": "O365_Threat Detection - Activity from suspicious IP addresses", "options": { "query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-3add69e6499e96fbff2fe40d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color" }, "type": "ds.search" } }, "defaults": { "dataSources": { "global": { "options": { "queryParameters": { "earliest": "$global_time.earliest$", "latest": "$global_time.latest$" }, "refresh": "$global_refresh_rate$", "refreshType": "delay" } } } }, "description": "", "inputs": { "input_global_refresh_rate": { "data_sources": {}, "options": { "defaultValue": "300s", "items": [ { "label": "1 Minute", "value": "60s" }, { "label": "5 Minutes", "value": "300s" }, { "label": "30 Minutes", "value": "1800s" }, { "label": "1 Hour", "value": "3600s" }, { "label": "24 Hours", "value": "86400s" } ], "token": "global_refresh_rate" }, "title": "Global Refresh Rate", "type": "input.dropdown" }, "input_global_trp": { "data_sources": {}, "options": { "defaultValue": "-24h@h, now", "token": "global_time" }, "title": "Global Time Range", "type": "input.timerange" } }, "layout": { "global_inputs": [ "input_global_trp", "input_global_refresh_rate" ], "options": { "background_color": "#FFFFFF", "background_image": { "size_type": "contain", "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-o365-background", "x": 0.0, "y": 0.0 }, "display": "auto-scale", "height": 1080.0, "show_title_and_description": true, "width": 1920.0 }, "structure": [ { "item": "viz_e07npRtT", "position": { "from": { "x": 4, "y": 485 }, "to": { "x": 496, "y": 485 } }, "type": "line" }, { "item": "viz_GqEHllzp", "position": { "from": { "x": 504, "y": 483 }, "to": { "x": 985, "y": 483 } }, "type": "line" }, { "item": "viz_pXzllOTn", "position": { "from": { "x": 994, "y": 482 }, "to": { "x": 1479, "y": 482 } }, "type": "line" }, { "item": "viz_SO7qXdVQ", "position": { "from": { "x": 1498, "y": 482 }, "to": { "x": 1927, "y": 483 } }, "type": "line" }, { "item": "viz_A7qtMRVE", "position": { "from": { "x": 1499, "y": 595 }, "to": { "x": 1928, "y": 596 } }, "type": "line" }, { "item": "viz_zF9Wj4Db", "position": { "from": { "x": 992, "y": 682 }, "to": { "x": 1477, "y": 682 } }, "type": "line" }, { "item": "viz_fGYSmSBO", "position": { "from": { "x": 508, "y": 724 }, "to": { "x": 989, "y": 724 } }, "type": "line" }, { "item": "viz_PbbrPMyo", "position": { "from": { "x": 1503, "y": 714 }, "to": { "x": 1932, "y": 715 } }, "type": "line" }, { "item": "viz_J6KwDTd8", "position": { "h": 140, "w": 140, "x": 720, "y": 50 }, "type": "block" }, { "item": "viz_nIrV6Ji9", "position": { "h": 140, "w": 140, "x": 720, "y": 50 }, "type": "block" }, { "item": "viz_kUriycSm", "position": { "h": 90, "w": 110, "x": 730, "y": 180 }, "type": "block" }, { "item": "viz_iv6RxEqP", "position": { "h": 30, "w": 370, "x": 120, "y": 10 }, "type": "block" }, { "item": "viz_zJNts59u", "position": { "h": 40, "w": 30, "x": 1030, "y": 130 }, "type": "block" }, { "item": "viz_Msnfwxsk", "position": { "h": 30, "w": 30, "x": 1030, "y": 170 }, "type": "block" }, { "item": "viz_JCCVvLNl", "position": { "h": 40, "w": 40, "x": 1027, "y": 90 }, "type": "block" }, { "item": "viz_knrg7InH", "position": { "h": 30, "w": 30, "x": 1030, "y": 210 }, "type": "block" }, { "item": "viz_f1nnmVoq", "position": { "h": 30, "w": 30, "x": 1030, "y": 250 }, "type": "block" }, { "item": "viz_HLeZ2fmX", "position": { "h": 39, "w": 120, "x": 1130, "y": 50 }, "type": "block" }, { "item": "viz_X5QKAF37", "position": { "h": 39, "w": 120, "x": 1300, "y": 50 }, "type": "block" }, { "item": "viz_yOaoYAxD", "position": { "h": 40, "w": 170, "x": 1090, "y": 90 }, "type": "block" }, { "item": "viz_UwnHVqVF", "position": { "h": 40, "w": 170, "x": 1090, "y": 130 }, "type": "block" }, { "item": "viz_iwFY6Ssb", "position": { "h": 40, "w": 170, "x": 1090, "y": 170 }, "type": "block" }, { "item": "viz_flBLmnqx", "position": { "h": 40, "w": 170, "x": 1090, "y": 210 }, "type": "block" }, { "item": "viz_bUafuQtj", "position": { "h": 40, "w": 170, "x": 1260, "y": 250 }, "type": "block" }, { "item": "viz_lpsEPULV", "position": { "h": 40, "w": 170, "x": 1260, "y": 210 }, "type": "block" }, { "item": "viz_faHkI0RF", "position": { "h": 40, "w": 170, "x": 1260, "y": 170 }, "type": "block" }, { "item": "viz_Qnh2MTYs", "position": { "h": 40, "w": 170, "x": 1260, "y": 130 }, "type": "block" }, { "item": "viz_uHMieKhH", "position": { "h": 40, "w": 170, "x": 1260, "y": 90 }, "type": "block" }, { "item": "viz_NOE2ckl3", "position": { "h": 40, "w": 170, "x": 1260, "y": 290 }, "type": "block" }, { "item": "viz_bPHMNgGr", "position": { "h": 40, "w": 170, "x": 1090, "y": 290 }, "type": "block" }, { "item": "viz_EjMvfKEx", "position": { "h": 32, "w": 34, "x": 1030, "y": 290 }, "type": "block" }, { "item": "viz_yXyIxA4f", "position": { "h": 50, "w": 300, "x": 0, "y": 500 }, "type": "block" }, { "item": "viz_o7uaQZLl", "position": { "h": 40, "w": 170, "x": 1090, "y": 250 }, "type": "block" }, { "item": "viz_fFKPc8bn", "position": { "h": 39, "w": 280, "x": 240, "y": 460 }, "type": "block" }, { "item": "viz_5E8nKEXP", "position": { "h": 40, "w": 170, "x": 310, "y": 490 }, "type": "block" }, { "item": "viz_NbXQU8FX", "position": { "h": 50, "w": 310, "x": 0, "y": 540 }, "type": "block" }, { "item": "viz_kywMljXX", "position": { "h": 40, "w": 170, "x": 310, "y": 530 }, "type": "block" }, { "item": "viz_eeCzp2Ul", "position": { "h": 50, "w": 300, "x": 0, "y": 580 }, "type": "block" }, { "item": "viz_yX6yjECc", "position": { "h": 40, "w": 170, "x": 310, "y": 570 }, "type": "block" }, { "item": "viz_UuzxaZMP", "position": { "h": 50, "w": 300, "x": 500, "y": 500 }, "type": "block" }, { "item": "viz_ZNtvfCGp", "position": { "h": 39, "w": 310, "x": 680, "y": 460 }, "type": "block" }, { "item": "viz_njWrjxyu", "position": { "h": 40, "w": 170, "x": 810, "y": 490 }, "type": "block" }, { "item": "viz_l1YN5Sig", "position": { "h": 50, "w": 300, "x": 500, "y": 540 }, "type": "block" }, { "item": "viz_dg6XCg5A", "position": { "h": 40, "w": 170, "x": 810, "y": 530 }, "type": "block" }, { "item": "viz_RTKIBRTS", "position": { "h": 50, "w": 300, "x": 500, "y": 580 }, "type": "block" }, { "item": "viz_VRrzLAHZ", "position": { "h": 40, "w": 170, "x": 810, "y": 570 }, "type": "block" }, { "item": "viz_ESz9mVYO", "position": { "h": 39, "w": 290, "x": 1190, "y": 460 }, "type": "block" }, { "item": "viz_IwUtEHGT", "position": { "h": 50, "w": 300, "x": 500, "y": 620 }, "type": "block" }, { "item": "viz_3Iowfd7k", "position": { "h": 40, "w": 170, "x": 810, "y": 610 }, "type": "block" }, { "item": "viz_fvbZF8GH", "position": { "h": 50, "w": 300, "x": 990, "y": 510 }, "type": "block" }, { "item": "viz_vuAzorOL", "position": { "h": 40, "w": 170, "x": 1300, "y": 500 }, "type": "block" }, { "item": "viz_kJ0GERvm", "position": { "h": 50, "w": 300, "x": 990, "y": 550 }, "type": "block" }, { "item": "viz_nQ77O1zs", "position": { "h": 40, "w": 170, "x": 1300, "y": 540 }, "type": "block" }, { "item": "viz_Htl2h1HP", "position": { "h": 50, "w": 300, "x": 990, "y": 590 }, "type": "block" }, { "item": "viz_1E10aEuW", "position": { "h": 40, "w": 170, "x": 1300, "y": 580 }, "type": "block" }, { "item": "viz_ZBuNBTtI", "position": { "h": 50, "w": 240, "x": 1500, "y": 500 }, "type": "block" }, { "item": "viz_46Ax7e4W", "position": { "h": 39, "w": 200, "x": 1720, "y": 460 }, "type": "block" }, { "item": "viz_FPonYmN1", "position": { "h": 40, "w": 170, "x": 1740, "y": 490 }, "type": "block" }, { "item": "viz_uajhi8uF", "position": { "h": 50, "w": 240, "x": 1500, "y": 540 }, "type": "block" }, { "item": "viz_uV1lEu9i", "position": { "h": 40, "w": 170, "x": 1740, "y": 530 }, "type": "block" }, { "item": "viz_3rVie7Mv", "position": { "h": 50, "w": 230, "x": 1500, "y": 610 }, "type": "block" }, { "item": "viz_iHzuZnIE", "position": { "h": 40, "w": 170, "x": 1740, "y": 600 }, "type": "block" }, { "item": "viz_i8zBAwOD", "position": { "h": 39, "w": 160, "x": 1780, "y": 570 }, "type": "block" }, { "item": "viz_VYaVWqZl", "position": { "h": 50, "w": 240, "x": 1500, "y": 650 }, "type": "block" }, { "item": "viz_rJBKxdF7", "position": { "h": 40, "w": 170, "x": 1740, "y": 640 }, "type": "block" }, { "item": "viz_zBUo1kTi", "position": { "h": 50, "w": 300, "x": 500, "y": 660 }, "type": "block" }, { "item": "viz_Y2nD0ueG", "position": { "h": 40, "w": 170, "x": 810, "y": 650 }, "type": "block" }, { "item": "viz_ayb46Es4", "position": { "h": 50, "w": 300, "x": 0, "y": 620 }, "type": "block" }, { "item": "viz_LnPbuW7n", "position": { "h": 50, "w": 300, "x": 0, "y": 660 }, "type": "block" }, { "item": "viz_WtqcgXRV", "position": { "h": 50, "w": 300, "x": 0, "y": 700 }, "type": "block" }, { "item": "viz_3SR1CB1a", "position": { "h": 50, "w": 300, "x": 0, "y": 740 }, "type": "block" }, { "item": "viz_HRZaAZoY", "position": { "h": 50, "w": 300, "x": 0, "y": 780 }, "type": "block" }, { "item": "viz_uA9pZmBf", "position": { "h": 40, "w": 170, "x": 310, "y": 610 }, "type": "block" }, { "item": "viz_sxYnuNFH", "position": { "h": 40, "w": 170, "x": 310, "y": 650 }, "type": "block" }, { "item": "viz_5tXZZwV1", "position": { "h": 40, "w": 170, "x": 310, "y": 690 }, "type": "block" }, { "item": "viz_JcKmK6f7", "position": { "h": 40, "w": 170, "x": 310, "y": 730 }, "type": "block" }, { "item": "viz_9JXOY4Gm", "position": { "h": 40, "w": 170, "x": 310, "y": 770 }, "type": "block" }, { "item": "viz_leE1LqwQ", "position": { "h": 50, "w": 310, "x": 990, "y": 630 }, "type": "block" }, { "item": "viz_TolyzYYO", "position": { "h": 40, "w": 170, "x": 1300, "y": 620 }, "type": "block" }, { "item": "viz_y0z9XjBr", "position": { "h": 39, "w": 270, "x": 1210, "y": 660 }, "type": "block" }, { "item": "viz_hpLoI6sJ", "position": { "h": 50, "w": 300, "x": 990, "y": 700 }, "type": "block" }, { "item": "viz_edxLOEOw", "position": { "h": 40, "w": 170, "x": 1300, "y": 690 }, "type": "block" }, { "item": "viz_7EjYdYLn", "position": { "h": 50, "w": 300, "x": 990, "y": 740 }, "type": "block" }, { "item": "viz_5ZsBdWUr", "position": { "h": 40, "w": 170, "x": 1300, "y": 730 }, "type": "block" }, { "item": "viz_5a71PUFr", "position": { "h": 50, "w": 300, "x": 990, "y": 780 }, "type": "block" }, { "item": "viz_ptbnUjOD", "position": { "h": 40, "w": 170, "x": 1300, "y": 770 }, "type": "block" }, { "item": "viz_Bh0UmeX4", "position": { "h": 50, "w": 300, "x": 990, "y": 820 }, "type": "block" }, { "item": "viz_XWROmSjL", "position": { "h": 40, "w": 170, "x": 1300, "y": 810 }, "type": "block" }, { "item": "viz_4DrdnagR", "position": { "h": 50, "w": 300, "x": 990, "y": 860 }, "type": "block" }, { "item": "viz_Kzsdg7ps", "position": { "h": 40, "w": 170, "x": 1300, "y": 850 }, "type": "block" }, { "item": "viz_Umd44sHd", "position": { "h": 39, "w": 150, "x": 850, "y": 700 }, "type": "block" }, { "item": "viz_erpVALBK", "position": { "h": 50, "w": 300, "x": 500, "y": 740 }, "type": "block" }, { "item": "viz_OkKJN0sV", "position": { "h": 40, "w": 170, "x": 810, "y": 730 }, "type": "block" }, { "item": "viz_68VfaK37", "position": { "h": 50, "w": 300, "x": 500, "y": 780 }, "type": "block" }, { "item": "viz_g3Fjz3Bj", "position": { "h": 40, "w": 170, "x": 810, "y": 770 }, "type": "block" }, { "item": "viz_n1qvLBQA", "position": { "h": 50, "w": 300, "x": 500, "y": 820 }, "type": "block" }, { "item": "viz_LTzFXuv0", "position": { "h": 40, "w": 170, "x": 810, "y": 810 }, "type": "block" }, { "item": "viz_ASboNwDu", "position": { "h": 39, "w": 160, "x": 1780, "y": 690 }, "type": "block" }, { "item": "viz_3U6anbbB", "position": { "h": 50, "w": 240, "x": 1500, "y": 720 }, "type": "block" }, { "item": "viz_Gs29Q9B0", "position": { "h": 40, "w": 170, "x": 1740, "y": 720 }, "type": "block" }, { "item": "viz_oZNyDloj", "position": { "h": 140, "w": 540, "x": 30, "y": 50 }, "type": "block" }, { "item": "viz_SfuaNk53", "position": { "h": 140, "w": 260, "x": 310, "y": 210 }, "type": "block" }, { "item": "viz_PLzLkjTj", "position": { "h": 140, "w": 260, "x": 30, "y": 210 }, "type": "block" }, { "item": "viz_U34r2Mko", "position": { "h": 40, "w": 170, "x": 1260, "y": 330 }, "type": "block" }, { "item": "viz_8NtsaDwL", "position": { "h": 40, "w": 170, "x": 1090, "y": 330 }, "type": "block" }, { "item": "viz_FNrs1dG0", "position": { "h": 50, "w": 50, "x": 1024, "y": 320 }, "type": "block" }, { "item": "viz_c6LVkVRk", "position": { "from": { "x": 3, "y": 443 }, "to": { "x": 1925, "y": 443 } }, "type": "line" }, { "item": "viz_Fl1l8we4", "position": { "h": 30, "w": 240, "x": 670, "y": 10 }, "type": "block" }, { "item": "viz_SlXI58VU", "position": { "h": 30, "w": 370, "x": 1050, "y": 10 }, "type": "block" }, { "item": "viz_18YY3EAV", "position": { "h": 30, "w": 480, "x": 0, "y": 400 }, "type": "block" }, { "item": "viz_Z2j9DxBh", "position": { "h": 560, "w": 1940, "x": 0, "y": 400 }, "type": "block" }, { "item": "viz_C9h3XTnu", "position": { "h": 200, "w": 600, "x": 0, "y": 0 }, "type": "block" }, { "item": "viz_OTUNaqKj", "position": { "h": 270, "w": 270, "x": 650, "y": 0 }, "type": "block" }, { "item": "viz_m5GnZJeR", "position": { "h": 400, "w": 450, "x": 1000, "y": 0 }, "type": "block" }, { "item": "viz_r8Z1nkoJ", "position": { "h": 40, "w": 280, "x": 1640, "y": 0 }, "type": "block" } ], "type": "absolute" }, "title": "M365 Security Dashboard - Threat Detection", "visualizations": { "viz_18YY3EAV": { "options": { "customFontSize": 24.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "**M365 Security: Threat Detection (details)**" }, "type": "splunk.markdown" }, "viz_1E10aEuW": { "data_sources": { "primary": "ds_gOcfSjLP" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_3Iowfd7k": { "data_sources": { "primary": "ds_n7Kbwg3j" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_3SR1CB1a": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Multiple Failed Login Attempts" }, "type": "splunk.markdown" }, "viz_3U6anbbB": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Preview: Suspicious Change of CoudTrail Logging Service" }, "type": "splunk.markdown" }, "viz_3rVie7Mv": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Impossible Travel" }, "type": "splunk.markdown" }, "viz_46Ax7e4W": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Malware Ransomeware" }, "type": "splunk.markdown" }, "viz_4DrdnagR": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Data Exfiltration to Unsanctioned Apps" }, "type": "splunk.markdown" }, "viz_5E8nKEXP": { "data_sources": { "primary": "ds_t8tkHKBL" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_5ZsBdWUr": { "data_sources": { "primary": "ds_OiYe7Yx4" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_5a71PUFr": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual File Share Activity (by user)" }, "type": "splunk.markdown" }, "viz_5tXZZwV1": { "data_sources": { "primary": "ds_SWoWEcgq" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_68VfaK37": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Suspicious Inbox Forwarding" }, "type": "splunk.markdown" }, "viz_7EjYdYLn": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual File Download (by user)" }, "type": "splunk.markdown" }, "viz_8NtsaDwL": { "data_sources": { "primary": "ds_P9Fmc8jM" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_9JXOY4Gm": { "data_sources": { "primary": "ds_wManXMy2" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_A7qtMRVE": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_ASboNwDu": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Cloud Activities" }, "type": "splunk.markdown" }, "viz_Bh0UmeX4": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Multiple Storage Deletion Activities" }, "type": "splunk.markdown" }, "viz_C9h3XTnu": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection" }, "type": "drilldown.customUrl" } ], "options": { "fill_color": "transparent", "stroke_color": "transparent" }, "type": "splunk.rectangle" }, "viz_ESz9mVYO": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "VM / Power BI Suspicious Activities" }, "type": "splunk.markdown" }, "viz_EjMvfKEx": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-azuread" }, "type": "splunk.image" }, "viz_FNrs1dG0": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-power-bi-24x24" }, "type": "splunk.image" }, "viz_FPonYmN1": { "data_sources": { "primary": "ds_91frjQDi" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_Fl1l8we4": { "options": { "customFontSize": 24.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "**M365 Overall Health**" }, "type": "splunk.markdown" }, "viz_GqEHllzp": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_Gs29Q9B0": { "data_sources": { "primary": "ds_fFgWwN2t" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_HLeZ2fmX": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Performance" }, "type": "splunk.markdown" }, "viz_HRZaAZoY": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Leaked Credentials" }, "type": "splunk.markdown" }, "viz_Htl2h1HP": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Preview Suspicious PowerBI Report Sharing" }, "type": "splunk.markdown" }, "viz_IwUtEHGT": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": " Activity from Anonymous IP Address" }, "type": "splunk.markdown" }, "viz_J6KwDTd8": { "data_sources": { "primary": "ds_OFBAMaHl" }, "options": { "fill_color": "> primary | seriesByName(\"alert_color\") | lastPoint()" }, "type": "splunk.rectangle" }, "viz_JCCVvLNl": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-exchange-48x48" }, "type": "splunk.image" }, "viz_JcKmK6f7": { "data_sources": { "primary": "ds_SeTDp3tf" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_Kzsdg7ps": { "data_sources": { "primary": "ds_m6nQCit8" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_LTzFXuv0": { "data_sources": { "primary": "ds_qI2sr98f" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_LnPbuW7n": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Suspicious OAuth App File Download Activities" }, "type": "splunk.markdown" }, "viz_Msnfwxsk": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-sharepoint" }, "type": "splunk.image" }, "viz_NOE2ckl3": { "data_sources": { "primary": "ds_nSJVmBZI" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_NbXQU8FX": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual Addition of Credential to an OAuth App" }, "type": "splunk.markdown" }, "viz_OTUNaqKj": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-executive-overview&action=view" }, "type": "drilldown.customUrl" } ], "options": { "fill_color": "transparent", "stroke_color": "transparent" }, "type": "splunk.rectangle" }, "viz_OkKJN0sV": { "data_sources": { "primary": "ds_ChlhtDKE" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_PLzLkjTj": { "data_sources": { "primary": "ds_pkkMijtJ" }, "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-security" }, "type": "drilldown.customUrl" } ], "options": { "background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "title": "Security Overall", "type": "splunk.singlevalue" }, "viz_PbbrPMyo": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_Qnh2MTYs": { "data_sources": { "primary": "ds_mQ9gLHEF" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_RTKIBRTS": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual Administrative Activity (by user)" }, "type": "splunk.markdown" }, "viz_SO7qXdVQ": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_SfuaNk53": { "data_sources": { "primary": "ds_hEomd24i" }, "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-management" }, "type": "drilldown.customUrl" } ], "options": { "background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "title": "Threat Management", "type": "splunk.singlevalue" }, "viz_SlXI58VU": { "options": { "customFontSize": 24.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "**M365 Performance & Availability**" }, "type": "splunk.markdown" }, "viz_TolyzYYO": { "data_sources": { "primary": "ds_S4JkpLcw" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_U34r2Mko": { "data_sources": { "primary": "ds_IzbYJAsR" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_Umd44sHd": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Inbox Anomalies" }, "type": "splunk.markdown" }, "viz_UuzxaZMP": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Activity Performed by Terminated User" }, "type": "splunk.markdown" }, "viz_UwnHVqVF": { "data_sources": { "primary": "ds_vtjODuQ4" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_VRrzLAHZ": { "data_sources": { "primary": "ds_FxISLgeA" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_VYaVWqZl": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Activity From Infrequent Country" }, "type": "splunk.markdown" }, "viz_WtqcgXRV": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Risky Sign-In" }, "type": "splunk.markdown" }, "viz_X5QKAF37": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Availability" }, "type": "splunk.markdown" }, "viz_XWROmSjL": { "data_sources": { "primary": "ds_HdhuUeLu" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_Y2nD0ueG": { "data_sources": { "primary": "ds_PPUj5qKV" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_Z2j9DxBh": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection" }, "type": "drilldown.customUrl" } ], "options": { "fill_color": "transparent", "stroke_color": "transparent" }, "type": "splunk.rectangle" }, "viz_ZBuNBTtI": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Ransomware Activity" }, "type": "splunk.markdown" }, "viz_ZNtvfCGp": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "User / Admin / IP Suspicious Activities" }, "type": "splunk.markdown" }, "viz_ayb46Es4": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Misleading Publisher Name for an OAuth App" }, "type": "splunk.markdown" }, "viz_bPHMNgGr": { "data_sources": { "primary": "ds_1tgPt3mh" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_bUafuQtj": { "data_sources": { "primary": "ds_083zujwS" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_c6LVkVRk": { "options": { "stroke_color": "#ffffff", "stroke_width": 6.0 }, "type": "abslayout.line" }, "viz_dg6XCg5A": { "data_sources": { "primary": "ds_yZUQHbXW" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_e07npRtT": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_edxLOEOw": { "data_sources": { "primary": "ds_DPVZeJmE" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_eeCzp2Ul": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Misleading OAuth App Name" }, "type": "splunk.markdown" }, "viz_erpVALBK": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Suspicious Inbox Manipulation Rule" }, "type": "splunk.markdown" }, "viz_f1nnmVoq": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-yammer" }, "type": "splunk.image" }, "viz_fFKPc8bn": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Authorization / Login Anomalies" }, "type": "splunk.markdown" }, "viz_fGYSmSBO": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_faHkI0RF": { "data_sources": { "primary": "ds_iDvy3I5y" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_flBLmnqx": { "data_sources": { "primary": "ds_6lonf6pu" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_fvbZF8GH": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Multiple Delete VM Activities" }, "type": "splunk.markdown" }, "viz_g3Fjz3Bj": { "data_sources": { "primary": "ds_sOuC6KP0" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_hpLoI6sJ": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual File Deletion Activity (by user)" }, "type": "splunk.markdown" }, "viz_i8zBAwOD": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Geo Anomalies" }, "type": "splunk.markdown" }, "viz_iHzuZnIE": { "data_sources": { "primary": "ds_eqcIwRxM" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_iv6RxEqP": { "options": { "customFontSize": 24.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "**M365 Security: Threat Detection**" }, "type": "splunk.markdown" }, "viz_iwFY6Ssb": { "data_sources": { "primary": "ds_4W0qIgiG" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_kJ0GERvm": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Multiple VM Creation Activities" }, "type": "splunk.markdown" }, "viz_kUriycSm": { "data_sources": { "primary": "ds_diArV7Gu" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "off", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "off" }, "type": "splunk.singlevalue" }, "viz_knrg7InH": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-teams" }, "type": "splunk.image" }, "viz_kywMljXX": { "data_sources": { "primary": "ds_iMkpBdOw" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_l1YN5Sig": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Activity from Suspicious IP Address" }, "type": "splunk.markdown" }, "viz_leE1LqwQ": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Preview Multiple PowerBI Report Share Activities" }, "type": "splunk.markdown" }, "viz_lpsEPULV": { "data_sources": { "primary": "ds_OSmztg8T" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_m5GnZJeR": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-overview-dashboard&action=view" }, "type": "drilldown.customUrl" } ], "options": { "fill_color": "transparent", "stroke_color": "transparent" }, "type": "splunk.rectangle" }, "viz_n1qvLBQA": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Suspicious Email Deletion Activity (by user)" }, "type": "splunk.markdown" }, "viz_nIrV6Ji9": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-office-256x256" }, "type": "splunk.image" }, "viz_nQ77O1zs": { "data_sources": { "primary": "ds_HkHxV06x" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_njWrjxyu": { "data_sources": { "primary": "ds_6IyfamOT" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_o7uaQZLl": { "data_sources": { "primary": "ds_pdohGLDI" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_oZNyDloj": { "data_sources": { "primary": "ds_A3bqtW6K" }, "options": { "background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "title": "Threat Detection", "type": "splunk.singlevalue" }, "viz_pXzllOTn": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_ptbnUjOD": { "data_sources": { "primary": "ds_0RymRlVs" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_r8Z1nkoJ": { "event_handlers": [ { "options": { "newTab": true, "url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-executive-overview&action=view" }, "type": "drilldown.customUrl" } ], "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-microsoft-365" }, "type": "splunk.image" }, "viz_rJBKxdF7": { "data_sources": { "primary": "ds_5Fa6sA9o" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_sxYnuNFH": { "data_sources": { "primary": "ds_V4TbdOXR" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_uA9pZmBf": { "data_sources": { "primary": "ds_xizAFB3w" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_uHMieKhH": { "data_sources": { "primary": "ds_mtIXHc7y" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_uV1lEu9i": { "data_sources": { "primary": "ds_IyVRZOxX" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_uajhi8uF": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Malware Detection" }, "type": "splunk.markdown" }, "viz_vuAzorOL": { "data_sources": { "primary": "ds_lmnRgCPJ" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_y0z9XjBr": { "options": { "customFontSize": 18.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "File / Data Suspicious Activities" }, "type": "splunk.markdown" }, "viz_yOaoYAxD": { "data_sources": { "primary": "ds_bHGWKEHp" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_yX6yjECc": { "data_sources": { "primary": "ds_MXJZLvxK" }, "options": { "background_color": "transparent", "major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()", "show_spark_line_tooltip": true, "spark_line_display": "after", "spark_line_stroke_color": "#FFFFFF", "spark_line_values": "> primary | seriesByName(\"alert_value\")", "trend_display": "percent" }, "type": "splunk.singlevalue" }, "viz_yXyIxA4f": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Malicious OAuth App Consent" }, "type": "splunk.markdown" }, "viz_zBUo1kTi": { "options": { "customFontSize": 14.0, "font_color": "#ffffff", "font_size": "custom", "markdown": "Unusual Impersonated Activity (by user)" }, "type": "splunk.markdown" }, "viz_zF9Wj4Db": { "options": { "stroke_color": "#ffffff", "stroke_width": 3.0 }, "type": "abslayout.line" }, "viz_zJNts59u": { "options": { "preserve_aspect_ratio": true, "src": "splunk-enterprise-kvstore://da-itsi-cp-m365-onedrive" }, "type": "splunk.image" } } }, "description": "", "gt_version": "beta", "key": "da-itsi-cp-m365-m365-security-dashboard-threat-detection", "latest": "now", "latest_label": "Now", "selected_swap_service_id": null, "swap_service_ids": [], "template_selected_service_id": null, "template_swappable_service_ids": [], "title": "M365 Security Dashboard - Threat Detection", "version": "0.0.38" }