You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4702 lines
322 KiB
4702 lines
322 KiB
{
|
|
"algorithms": {
|
|
"GradientBoostingRegressor": {
|
|
"RMSE": 0,
|
|
"modelId": "",
|
|
"rSquared": 0,
|
|
"recommended": false
|
|
},
|
|
"LinearRegression": {
|
|
"RMSE": 0,
|
|
"modelId": "",
|
|
"rSquared": 0,
|
|
"recommended": false
|
|
},
|
|
"LogisticRegression": {
|
|
"accuracy": 0,
|
|
"f1_score": 0,
|
|
"modelId": "",
|
|
"precision": 0,
|
|
"recall": 0,
|
|
"recommended": false
|
|
},
|
|
"RandomForestRegressor": {
|
|
"RMSE": 0,
|
|
"modelId": "",
|
|
"rSquared": 0,
|
|
"recommended": false
|
|
}
|
|
},
|
|
"description": "Contains events that result from site administration tasks in SharePoint Online.",
|
|
"enabled": true,
|
|
"entity_rules": [],
|
|
"key": "da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities",
|
|
"kpis": [
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": "",
|
|
"aggregate_statop": "avg",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": [
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#B50101",
|
|
"severity_color_light": "#E5A6A6",
|
|
"severity_label": "critical",
|
|
"severity_label_localized": null,
|
|
"severity_value": 6.0,
|
|
"threshold_value": 0.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#F26A35",
|
|
"severity_color_light": "#FBCBB9",
|
|
"severity_label": "high",
|
|
"severity_label_localized": null,
|
|
"severity_value": 5.0,
|
|
"threshold_value": 20.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#FCB64E",
|
|
"severity_color_light": "#FEE6C1",
|
|
"severity_label": "medium",
|
|
"severity_label_localized": null,
|
|
"severity_value": 4.0,
|
|
"threshold_value": 40.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#FFE98C",
|
|
"severity_color_light": "#FFF4C5",
|
|
"severity_label": "low",
|
|
"severity_label_localized": null,
|
|
"severity_value": 3.0,
|
|
"threshold_value": 60.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#99D18B",
|
|
"severity_color_light": "#DCEFD7",
|
|
"severity_label": "normal",
|
|
"severity_label_localized": null,
|
|
"severity_value": 2.0,
|
|
"threshold_value": 80.0
|
|
}
|
|
]
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": "",
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "1",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": 0.999,
|
|
"anomaly_detection_training_window": "-7d",
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities)`",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "",
|
|
"enabled": false,
|
|
"entity_filter_field": "",
|
|
"entity_split_field": "",
|
|
"entity_statop": "avg",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": [
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#B50101",
|
|
"severity_color_light": "#E5A6A6",
|
|
"severity_label": "critical",
|
|
"severity_label_localized": null,
|
|
"severity_value": 6.0,
|
|
"threshold_value": 0.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#F26A35",
|
|
"severity_color_light": "#FBCBB9",
|
|
"severity_label": "high",
|
|
"severity_label_localized": null,
|
|
"severity_value": 5.0,
|
|
"threshold_value": 20.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#FCB64E",
|
|
"severity_color_light": "#FEE6C1",
|
|
"severity_label": "medium",
|
|
"severity_label_localized": null,
|
|
"severity_value": 4.0,
|
|
"threshold_value": 40.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#FFE98C",
|
|
"severity_color_light": "#FFF4C5",
|
|
"severity_label": "low",
|
|
"severity_label_localized": null,
|
|
"severity_value": 3.0,
|
|
"threshold_value": 60.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#99D18B",
|
|
"severity_color_light": "#DCEFD7",
|
|
"severity_label": "normal",
|
|
"severity_label_localized": null,
|
|
"severity_value": 2.0,
|
|
"threshold_value": 80.0
|
|
}
|
|
]
|
|
},
|
|
"fill_gaps": "null_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": false,
|
|
"key": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities",
|
|
"kpi_base_search": "",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities)` | stats latest(health_score) AS aggregate",
|
|
"search_aggregate": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities)` | stats latest(health_score) AS aggregate",
|
|
"search_alert": "",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": null,
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities)` [| stats count | addinfo | eval search= \"earliest=\" + tostring(info_min_time-(info_max_time-info_min_time))+ \" latest=\" + tostring(info_max_time) |fields search] | addinfo | eval bucket=if(_time<info_max_time-((info_max_time-info_min_time)/2), \"last_window\", \"current_window\") | stats avg(health_score) AS aggregate BY bucket | reverse | delta aggregate AS window_delta | search bucket=current_window | eval window_direction=if(window_delta >0, \"increase\", if(window_delta < 0, \"decrease\", \"none\"))",
|
|
"search_time_series": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities)` | timechart avg(health_score) AS aggregate",
|
|
"search_time_series_aggregate": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities)` | timechart avg(health_score) AS aggregate",
|
|
"search_time_series_entities": "",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": "",
|
|
"threshold_field": "aggregate",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "ServiceHealthScore",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "service_health",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 11.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationAdded\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator added an allowed data location in a multi-geo environment.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-0084f6072084ac0c7bacea52",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationAdded\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-0084f6072084ac0c7bacea52, true, true, true)` | eval kpi=\"Added allowed data location\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-0084f6072084ac0c7bacea52)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-0084f6072084ac0c7bacea52, true, true, true)` | eval kpi=\"Added allowed data location\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-0084f6072084ac0c7bacea52)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-0084f6072084ac0c7bacea52)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-0084f6072084ac0c7bacea52)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-0084f6072084ac0c7bacea52)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Added allowed data location",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"ExemptUserAgentSet\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator added a user agent to the list of exempt user agents in the SharePoint admin center.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-d42f7ef5facb179828309068",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"ExemptUserAgentSet\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"ExemptUserAgentSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d42f7ef5facb179828309068, true, true, true)` | eval kpi=\"Added exempt user agent\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"ExemptUserAgentSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d42f7ef5facb179828309068)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"ExemptUserAgentSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d42f7ef5facb179828309068, true, true, true)` | eval kpi=\"Added exempt user agent\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"ExemptUserAgentSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d42f7ef5facb179828309068)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"ExemptUserAgentSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d42f7ef5facb179828309068)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"ExemptUserAgentSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d42f7ef5facb179828309068)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"ExemptUserAgentSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d42f7ef5facb179828309068)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"ExemptUserAgentSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Added exempt user agent",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminAdded\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator added a user as a geo admin of a location.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-6219eec588a79219f0e60526",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminAdded\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-6219eec588a79219f0e60526, true, true, true)` | eval kpi=\"Added geo location admin\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-6219eec588a79219f0e60526)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-6219eec588a79219f0e60526, true, true, true)` | eval kpi=\"Added geo location admin\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-6219eec588a79219f0e60526)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-6219eec588a79219f0e60526)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-6219eec588a79219f0e60526)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-6219eec588a79219f0e60526)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Added geo location admin",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowGroupCreationSet\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "Site administrator or owner adds a permission level to a site that allows a user assigned that permission to create a group for that site.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-a08da803ed04cfe0c031f251",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowGroupCreationSet\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowGroupCreationSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a08da803ed04cfe0c031f251, true, true, true)` | eval kpi=\"Allowed user to create groups\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowGroupCreationSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a08da803ed04cfe0c031f251)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowGroupCreationSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a08da803ed04cfe0c031f251, true, true, true)` | eval kpi=\"Allowed user to create groups\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowGroupCreationSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a08da803ed04cfe0c031f251)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowGroupCreationSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a08da803ed04cfe0c031f251)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowGroupCreationSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a08da803ed04cfe0c031f251)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowGroupCreationSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a08da803ed04cfe0c031f251)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowGroupCreationSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Allowed user to create groups",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCancelled\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator successfully cancels a SharePoint or OneDrive site geo move.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-9b3c1611f65041182da342da",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCancelled\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCancelled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9b3c1611f65041182da342da, true, true, true)` | eval kpi=\"Canceled site geo move\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCancelled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9b3c1611f65041182da342da)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCancelled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9b3c1611f65041182da342da, true, true, true)` | eval kpi=\"Canceled site geo move\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCancelled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9b3c1611f65041182da342da)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCancelled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9b3c1611f65041182da342da)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCancelled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9b3c1611f65041182da342da)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCancelled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9b3c1611f65041182da342da)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCancelled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Canceled site geo move",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SharingPolicyChanged\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator changed a SharePoint sharing policy by using the Microsoft 365 admin portal, SharePoint admin portal, or SharePoint Online Management Shell.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-570547387f8982c16c8b5f68",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SharingPolicyChanged\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SharingPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-570547387f8982c16c8b5f68, true, true, true)` | eval kpi=\"Changed a sharing policy\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SharingPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-570547387f8982c16c8b5f68)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SharingPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-570547387f8982c16c8b5f68, true, true, true)` | eval kpi=\"Changed a sharing policy\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SharingPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-570547387f8982c16c8b5f68)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SharingPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-570547387f8982c16c8b5f68)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SharingPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-570547387f8982c16c8b5f68)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SharingPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-570547387f8982c16c8b5f68)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SharingPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Changed a sharing policy",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"DeviceAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator changed the unmanaged devices policy for your organization.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-648d1e05c1f4692a2f620293",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"DeviceAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"DeviceAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-648d1e05c1f4692a2f620293, true, true, true)` | eval kpi=\"Changed device access policy\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"DeviceAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-648d1e05c1f4692a2f620293)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"DeviceAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-648d1e05c1f4692a2f620293, true, true, true)` | eval kpi=\"Changed device access policy\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"DeviceAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-648d1e05c1f4692a2f620293)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"DeviceAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-648d1e05c1f4692a2f620293)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"DeviceAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-648d1e05c1f4692a2f620293)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"DeviceAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-648d1e05c1f4692a2f620293)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"DeviceAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Changed device access policy",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"CustomizeExemptUsers\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator customized the list of exempt user agents in the SharePoint admin center.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-d77ad9a3fbdb28e39b255340",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"CustomizeExemptUsers\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"CustomizeExemptUsers\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d77ad9a3fbdb28e39b255340, true, true, true)` | eval kpi=\"Changed exempt user agents\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"CustomizeExemptUsers\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d77ad9a3fbdb28e39b255340)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"CustomizeExemptUsers\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d77ad9a3fbdb28e39b255340, true, true, true)` | eval kpi=\"Changed exempt user agents\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"CustomizeExemptUsers\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d77ad9a3fbdb28e39b255340)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"CustomizeExemptUsers\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d77ad9a3fbdb28e39b255340)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"CustomizeExemptUsers\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d77ad9a3fbdb28e39b255340)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"CustomizeExemptUsers\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d77ad9a3fbdb28e39b255340)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"CustomizeExemptUsers\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Changed exempt user agents",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NetworkAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator changed the location-based access policy (also called a trusted network boundary) in the SharePoint admin center or by using SharePoint Online PowerShell.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-57f318636acbd055474ad576",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NetworkAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NetworkAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-57f318636acbd055474ad576, true, true, true)` | eval kpi=\"Changed network access policy\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NetworkAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-57f318636acbd055474ad576)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NetworkAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-57f318636acbd055474ad576, true, true, true)` | eval kpi=\"Changed network access policy\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NetworkAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-57f318636acbd055474ad576)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NetworkAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-57f318636acbd055474ad576)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NetworkAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-57f318636acbd055474ad576)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NetworkAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-57f318636acbd055474ad576)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NetworkAccessPolicyChanged\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Changed network access policy",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCompleted\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A site geo move that was scheduled by a global administrator in your organization was successfully completed.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-a3aa1c34406094fe39a04448",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCompleted\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCompleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a3aa1c34406094fe39a04448, true, true, true)` | eval kpi=\"Completed site geo move\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCompleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a3aa1c34406094fe39a04448)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCompleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a3aa1c34406094fe39a04448, true, true, true)` | eval kpi=\"Completed site geo move\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCompleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a3aa1c34406094fe39a04448)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCompleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a3aa1c34406094fe39a04448)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCompleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a3aa1c34406094fe39a04448)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCompleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-a3aa1c34406094fe39a04448)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveCompleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Completed site geo move",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionAdded\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator creates a new Send To connection on the Records management page in the SharePoint admin center.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-60ddf6799486663921789c21",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionAdded\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-60ddf6799486663921789c21, true, true, true)` | eval kpi=\"Created Sent To connection\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-60ddf6799486663921789c21)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-60ddf6799486663921789c21, true, true, true)` | eval kpi=\"Created Sent To connection\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-60ddf6799486663921789c21)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-60ddf6799486663921789c21)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-60ddf6799486663921789c21)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-60ddf6799486663921789c21)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionAdded\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Created Sent To connection",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteCollectionCreated\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator creates a site collection in your SharePoint Online organization or a user provisions their OneDrive for Business site.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-dcf6ba4b87bbe31cdd18e0d8",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteCollectionCreated\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteCollectionCreated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-dcf6ba4b87bbe31cdd18e0d8, true, true, true)` | eval kpi=\"Created site collection\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteCollectionCreated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-dcf6ba4b87bbe31cdd18e0d8)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteCollectionCreated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-dcf6ba4b87bbe31cdd18e0d8, true, true, true)` | eval kpi=\"Created site collection\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteCollectionCreated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-dcf6ba4b87bbe31cdd18e0d8)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteCollectionCreated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-dcf6ba4b87bbe31cdd18e0d8)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteCollectionCreated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-dcf6ba4b87bbe31cdd18e0d8)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteCollectionCreated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-dcf6ba4b87bbe31cdd18e0d8)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteCollectionCreated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Created site collection",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteOrphanHubDeleted\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator deleted an orphan hub site, which is a hub site that doesn't have any sites associated with it.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-e19a22316969f510c8f9517d",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteOrphanHubDeleted\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteOrphanHubDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-e19a22316969f510c8f9517d, true, true, true)` | eval kpi=\"Deleted orphaned hub site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteOrphanHubDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-e19a22316969f510c8f9517d)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteOrphanHubDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-e19a22316969f510c8f9517d, true, true, true)` | eval kpi=\"Deleted orphaned hub site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteOrphanHubDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-e19a22316969f510c8f9517d)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteOrphanHubDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-e19a22316969f510c8f9517d)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteOrphanHubDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-e19a22316969f510c8f9517d)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteOrphanHubDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-e19a22316969f510c8f9517d)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteOrphanHubDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Deleted orphaned hub site",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionRemoved\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator deletes a Send To connection on the Records management page in the SharePoint admin center.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-29ca5f63f0d136143e4e692c",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionRemoved\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionRemoved\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-29ca5f63f0d136143e4e692c, true, true, true)` | eval kpi=\"Deleted Sent To connection\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionRemoved\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-29ca5f63f0d136143e4e692c)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionRemoved\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-29ca5f63f0d136143e4e692c, true, true, true)` | eval kpi=\"Deleted Sent To connection\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionRemoved\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-29ca5f63f0d136143e4e692c)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionRemoved\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-29ca5f63f0d136143e4e692c)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionRemoved\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-29ca5f63f0d136143e4e692c)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionRemoved\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-29ca5f63f0d136143e4e692c)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SendToConnectionRemoved\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Deleted Sent To connection",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteDeleted\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "Site administrator deletes a site.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-114519348a7b2c88d2e06011",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteDeleted\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-114519348a7b2c88d2e06011, true, true, true)` | eval kpi=\"Deleted site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-114519348a7b2c88d2e06011)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-114519348a7b2c88d2e06011, true, true, true)` | eval kpi=\"Deleted site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-114519348a7b2c88d2e06011)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-114519348a7b2c88d2e06011)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-114519348a7b2c88d2e06011)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-114519348a7b2c88d2e06011)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Deleted site",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PreviewModeEnabledSet\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "Site administrator enables document preview for a site.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-b72ebde13316b37033c12111",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PreviewModeEnabledSet\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PreviewModeEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-b72ebde13316b37033c12111, true, true, true)` | eval kpi=\"Enabled document preview\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PreviewModeEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-b72ebde13316b37033c12111)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PreviewModeEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-b72ebde13316b37033c12111, true, true, true)` | eval kpi=\"Enabled document preview\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PreviewModeEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-b72ebde13316b37033c12111)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PreviewModeEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-b72ebde13316b37033c12111)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PreviewModeEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-b72ebde13316b37033c12111)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PreviewModeEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-b72ebde13316b37033c12111)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PreviewModeEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Enabled document preview",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"LegacyWorkflowEnabledSet\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "Site administrator or owner adds the SharePoint 2013 Workflow Task content type to the site.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-d66cc1d9637b5803d62b5824",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"LegacyWorkflowEnabledSet\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"LegacyWorkflowEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d66cc1d9637b5803d62b5824, true, true, true)` | eval kpi=\"Enabled legacy workflow\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"LegacyWorkflowEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d66cc1d9637b5803d62b5824)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"LegacyWorkflowEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d66cc1d9637b5803d62b5824, true, true, true)` | eval kpi=\"Enabled legacy workflow\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"LegacyWorkflowEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d66cc1d9637b5803d62b5824)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"LegacyWorkflowEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d66cc1d9637b5803d62b5824)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"LegacyWorkflowEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d66cc1d9637b5803d62b5824)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"LegacyWorkflowEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d66cc1d9637b5803d62b5824)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"LegacyWorkflowEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Enabled legacy workflow",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"OfficeOnDemandSet\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "Site administrator enables Office on Demand, which lets users access the latest version of Office desktop applications.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-5b16225e4488c4442395ebe1",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"OfficeOnDemandSet\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"OfficeOnDemandSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-5b16225e4488c4442395ebe1, true, true, true)` | eval kpi=\"Enabled Office on Demand\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"OfficeOnDemandSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-5b16225e4488c4442395ebe1)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"OfficeOnDemandSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-5b16225e4488c4442395ebe1, true, true, true)` | eval kpi=\"Enabled Office on Demand\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"OfficeOnDemandSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-5b16225e4488c4442395ebe1)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"OfficeOnDemandSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-5b16225e4488c4442395ebe1)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"OfficeOnDemandSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-5b16225e4488c4442395ebe1)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"OfficeOnDemandSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-5b16225e4488c4442395ebe1)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"OfficeOnDemandSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Enabled Office on Demand",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PeopleResultsScopeSet\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "Site administrator creates the result source for People Searches for a site.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-3e6ff7a52932c2744427d4c1",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PeopleResultsScopeSet\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PeopleResultsScopeSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3e6ff7a52932c2744427d4c1, true, true, true)` | eval kpi=\"Enabled result source for People Searches\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PeopleResultsScopeSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3e6ff7a52932c2744427d4c1)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PeopleResultsScopeSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3e6ff7a52932c2744427d4c1, true, true, true)` | eval kpi=\"Enabled result source for People Searches\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PeopleResultsScopeSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3e6ff7a52932c2744427d4c1)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PeopleResultsScopeSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3e6ff7a52932c2744427d4c1)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PeopleResultsScopeSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3e6ff7a52932c2744427d4c1)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PeopleResultsScopeSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3e6ff7a52932c2744427d4c1)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"PeopleResultsScopeSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Enabled result source for People Searches",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NewsFeedEnabledSet\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "Site administrator or owner enables RSS feeds for a site.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-182b2634811dd7d26a3629d7",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NewsFeedEnabledSet\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NewsFeedEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-182b2634811dd7d26a3629d7, true, true, true)` | eval kpi=\"Enabled RSS feeds\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NewsFeedEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-182b2634811dd7d26a3629d7)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NewsFeedEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-182b2634811dd7d26a3629d7, true, true, true)` | eval kpi=\"Enabled RSS feeds\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NewsFeedEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-182b2634811dd7d26a3629d7)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NewsFeedEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-182b2634811dd7d26a3629d7)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NewsFeedEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-182b2634811dd7d26a3629d7)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NewsFeedEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-182b2634811dd7d26a3629d7)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"NewsFeedEnabledSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Enabled RSS feeds",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteJoined\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A site owner associates their site with a hub site.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-fb369147618baa620a61841a",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteJoined\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteJoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-fb369147618baa620a61841a, true, true, true)` | eval kpi=\"Joined site to hub site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteJoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-fb369147618baa620a61841a)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteJoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-fb369147618baa620a61841a, true, true, true)` | eval kpi=\"Joined site to hub site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteJoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-fb369147618baa620a61841a)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteJoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-fb369147618baa620a61841a)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteJoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-fb369147618baa620a61841a)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteJoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-fb369147618baa620a61841a)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteJoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Joined site to hub site",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteRegistered\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator creates a hub site.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-4dc2807965c1a00a07a0146e",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteRegistered\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteRegistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4dc2807965c1a00a07a0146e, true, true, true)` | eval kpi=\"Registered hub site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteRegistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4dc2807965c1a00a07a0146e)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteRegistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4dc2807965c1a00a07a0146e, true, true, true)` | eval kpi=\"Registered hub site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteRegistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4dc2807965c1a00a07a0146e)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteRegistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4dc2807965c1a00a07a0146e)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteRegistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4dc2807965c1a00a07a0146e)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteRegistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4dc2807965c1a00a07a0146e)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteRegistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Registered hub site",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationDeleted\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator removed an allowed data location in a multi-geo environment.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-4248a7197fad46987f66ecd9",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationDeleted\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4248a7197fad46987f66ecd9, true, true, true)` | eval kpi=\"Removed allowed data location\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4248a7197fad46987f66ecd9)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4248a7197fad46987f66ecd9, true, true, true)` | eval kpi=\"Removed allowed data location\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4248a7197fad46987f66ecd9)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4248a7197fad46987f66ecd9)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4248a7197fad46987f66ecd9)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-4248a7197fad46987f66ecd9)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"AllowedDataLocationDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Removed allowed data location",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminDeleted\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator removed a user as a geo admin of a location.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-3fc8a504642f03b3daba8bde",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminDeleted\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3fc8a504642f03b3daba8bde, true, true, true)` | eval kpi=\"Removed geo location admin\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3fc8a504642f03b3daba8bde)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3fc8a504642f03b3daba8bde, true, true, true)` | eval kpi=\"Removed geo location admin\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3fc8a504642f03b3daba8bde)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3fc8a504642f03b3daba8bde)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3fc8a504642f03b3daba8bde)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-3fc8a504642f03b3daba8bde)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoAdminDeleted\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Removed geo location admin",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteRenamed\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "Site administrator or owner renames a site",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-9a6952198198166484b3d581",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteRenamed\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteRenamed\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9a6952198198166484b3d581, true, true, true)` | eval kpi=\"Renamed site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteRenamed\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9a6952198198166484b3d581)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteRenamed\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9a6952198198166484b3d581, true, true, true)` | eval kpi=\"Renamed site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteRenamed\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9a6952198198166484b3d581)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteRenamed\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9a6952198198166484b3d581)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteRenamed\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9a6952198198166484b3d581)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteRenamed\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-9a6952198198166484b3d581)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteRenamed\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Renamed site",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveScheduled\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator successfully schedules a SharePoint site geo move.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-bd71e93928f6bcb0bc6126db",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveScheduled\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveScheduled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-bd71e93928f6bcb0bc6126db, true, true, true)` | eval kpi=\"Scheduled site geo move\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveScheduled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-bd71e93928f6bcb0bc6126db)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveScheduled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-bd71e93928f6bcb0bc6126db, true, true, true)` | eval kpi=\"Scheduled site geo move\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveScheduled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-bd71e93928f6bcb0bc6126db)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveScheduled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-bd71e93928f6bcb0bc6126db)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveScheduled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-bd71e93928f6bcb0bc6126db)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveScheduled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-bd71e93928f6bcb0bc6126db)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"SiteGeoMoveScheduled\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Scheduled site geo move",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HostSiteSet\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator changes the designated site to host personal.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-706726d4b00abd5a54669054",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HostSiteSet\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HostSiteSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-706726d4b00abd5a54669054, true, true, true)` | eval kpi=\"Set host site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HostSiteSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-706726d4b00abd5a54669054)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HostSiteSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-706726d4b00abd5a54669054, true, true, true)` | eval kpi=\"Set host site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HostSiteSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-706726d4b00abd5a54669054)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HostSiteSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-706726d4b00abd5a54669054)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HostSiteSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-706726d4b00abd5a54669054)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HostSiteSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-706726d4b00abd5a54669054)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HostSiteSet\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Set host site",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoQuotaAllocated\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator configured the storage quota for a geo location in a multi-geo environment.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-8ffacc2fe09dbad2e2a8e305",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoQuotaAllocated\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoQuotaAllocated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-8ffacc2fe09dbad2e2a8e305, true, true, true)` | eval kpi=\"Set storage quota for geo location\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoQuotaAllocated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-8ffacc2fe09dbad2e2a8e305)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoQuotaAllocated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-8ffacc2fe09dbad2e2a8e305, true, true, true)` | eval kpi=\"Set storage quota for geo location\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoQuotaAllocated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-8ffacc2fe09dbad2e2a8e305)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoQuotaAllocated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-8ffacc2fe09dbad2e2a8e305)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoQuotaAllocated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-8ffacc2fe09dbad2e2a8e305)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoQuotaAllocated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-8ffacc2fe09dbad2e2a8e305)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"GeoQuotaAllocated\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Set storage quota for geo location",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnjoined\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A site owner disassociates their site from a hub site.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-d3529e866a4d4956dd4a59a3",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnjoined\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnjoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d3529e866a4d4956dd4a59a3, true, true, true)` | eval kpi=\"Unjoined site from hub site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnjoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d3529e866a4d4956dd4a59a3)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnjoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d3529e866a4d4956dd4a59a3, true, true, true)` | eval kpi=\"Unjoined site from hub site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnjoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d3529e866a4d4956dd4a59a3)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnjoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d3529e866a4d4956dd4a59a3)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnjoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d3529e866a4d4956dd4a59a3)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnjoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-d3529e866a4d4956dd4a59a3)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnjoined\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Unjoined site from hub site",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnregistered\"\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A SharePoint or global administrator unregisters a site as a hub site.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-93a58d555409b8e95f18cba6",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnregistered\"\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnregistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-93a58d555409b8e95f18cba6, true, true, true)` | eval kpi=\"Unregistered hub site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnregistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-93a58d555409b8e95f18cba6)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnregistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-93a58d555409b8e95f18cba6, true, true, true)` | eval kpi=\"Unregistered hub site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnregistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-93a58d555409b8e95f18cba6)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnregistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-93a58d555409b8e95f18cba6)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnregistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-93a58d555409b8e95f18cba6)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnregistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities, da-itsi-cp-m365-93a58d555409b8e95f18cba6)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePoint Operation=\"HubSiteUnregistered\"\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Unregistered hub site",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
}
|
|
],
|
|
"service_tags": {
|
|
"tags": [],
|
|
"template_tags": []
|
|
},
|
|
"service_template_id": "",
|
|
"services_depending_on_me": [
|
|
{
|
|
"kpis_depending_on": [
|
|
"SHKPI-da-itsi-cp-m365-m365-sharepoint-online-site-administration-activities"
|
|
],
|
|
"service_id": "da-itsi-cp-m365-m365-sharepoint-online-performance"
|
|
}
|
|
],
|
|
"services_depends_on": [],
|
|
"team_id": "default_itsi_security_group",
|
|
"title": "M365_SharePoint_Online_Site Administration Activities",
|
|
"version": "0.0.33"
|
|
} |