You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3820 lines
262 KiB
3820 lines
262 KiB
{
|
|
"algorithms": {
|
|
"GradientBoostingRegressor": {
|
|
"RMSE": 0,
|
|
"modelId": "",
|
|
"rSquared": 0,
|
|
"recommended": false
|
|
},
|
|
"LinearRegression": {
|
|
"RMSE": 0,
|
|
"modelId": "",
|
|
"rSquared": 0,
|
|
"recommended": false
|
|
},
|
|
"LogisticRegression": {
|
|
"accuracy": 0,
|
|
"f1_score": 0,
|
|
"modelId": "",
|
|
"precision": 0,
|
|
"recall": 0,
|
|
"recommended": false
|
|
},
|
|
"RandomForestRegressor": {
|
|
"RMSE": 0,
|
|
"modelId": "",
|
|
"rSquared": 0,
|
|
"recommended": false
|
|
}
|
|
},
|
|
"description": "Contains user sharing and access request activities in SharePoint Online",
|
|
"enabled": true,
|
|
"entity_rules": [],
|
|
"key": "da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities",
|
|
"kpis": [
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": "",
|
|
"aggregate_statop": "avg",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": [
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#B50101",
|
|
"severity_color_light": "#E5A6A6",
|
|
"severity_label": "critical",
|
|
"severity_label_localized": null,
|
|
"severity_value": 6.0,
|
|
"threshold_value": 0.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#F26A35",
|
|
"severity_color_light": "#FBCBB9",
|
|
"severity_label": "high",
|
|
"severity_label_localized": null,
|
|
"severity_value": 5.0,
|
|
"threshold_value": 20.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#FCB64E",
|
|
"severity_color_light": "#FEE6C1",
|
|
"severity_label": "medium",
|
|
"severity_label_localized": null,
|
|
"severity_value": 4.0,
|
|
"threshold_value": 40.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#FFE98C",
|
|
"severity_color_light": "#FFF4C5",
|
|
"severity_label": "low",
|
|
"severity_label_localized": null,
|
|
"severity_value": 3.0,
|
|
"threshold_value": 60.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#99D18B",
|
|
"severity_color_light": "#DCEFD7",
|
|
"severity_label": "normal",
|
|
"severity_label_localized": null,
|
|
"severity_value": 2.0,
|
|
"threshold_value": 80.0
|
|
}
|
|
]
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": "",
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "1",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": 0.999,
|
|
"anomaly_detection_training_window": "-7d",
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities)`",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "",
|
|
"enabled": false,
|
|
"entity_filter_field": "",
|
|
"entity_split_field": "",
|
|
"entity_statop": "avg",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": [
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#B50101",
|
|
"severity_color_light": "#E5A6A6",
|
|
"severity_label": "critical",
|
|
"severity_label_localized": null,
|
|
"severity_value": 6.0,
|
|
"threshold_value": 0.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#F26A35",
|
|
"severity_color_light": "#FBCBB9",
|
|
"severity_label": "high",
|
|
"severity_label_localized": null,
|
|
"severity_value": 5.0,
|
|
"threshold_value": 20.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#FCB64E",
|
|
"severity_color_light": "#FEE6C1",
|
|
"severity_label": "medium",
|
|
"severity_label_localized": null,
|
|
"severity_value": 4.0,
|
|
"threshold_value": 40.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#FFE98C",
|
|
"severity_color_light": "#FFF4C5",
|
|
"severity_label": "low",
|
|
"severity_label_localized": null,
|
|
"severity_value": 3.0,
|
|
"threshold_value": 60.0
|
|
},
|
|
{
|
|
"dynamic_param": null,
|
|
"severity_color": "#99D18B",
|
|
"severity_color_light": "#DCEFD7",
|
|
"severity_label": "normal",
|
|
"severity_label_localized": null,
|
|
"severity_value": 2.0,
|
|
"threshold_value": 80.0
|
|
}
|
|
]
|
|
},
|
|
"fill_gaps": "null_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": false,
|
|
"key": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities",
|
|
"kpi_base_search": "",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities)` | stats latest(health_score) AS aggregate",
|
|
"search_aggregate": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities)` | stats latest(health_score) AS aggregate",
|
|
"search_alert": "",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": null,
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities)` [| stats count | addinfo | eval search= \"earliest=\" + tostring(info_min_time-(info_max_time-info_min_time))+ \" latest=\" + tostring(info_max_time) |fields search] | addinfo | eval bucket=if(_time<info_max_time-((info_max_time-info_min_time)/2), \"last_window\", \"current_window\") | stats avg(health_score) AS aggregate BY bucket | reverse | delta aggregate AS window_delta | search bucket=current_window | eval window_direction=if(window_delta >0, \"increase\", if(window_delta < 0, \"decrease\", \"none\"))",
|
|
"search_time_series": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities)` | timechart avg(health_score) AS aggregate",
|
|
"search_time_series_aggregate": "`get_full_itsi_summary_service_health_events(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities)` | timechart avg(health_score) AS aggregate",
|
|
"search_time_series_entities": "",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": "",
|
|
"threshold_field": "aggregate",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "ServiceHealthScore",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "service_health",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 11.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestAccepted\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "An access request to a site, folder, or document was accepted and the requesting user has been granted access.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-c326d0ab23d963bede3c3947",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestAccepted\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-c326d0ab23d963bede3c3947, true, true, true)` | eval kpi=\"Accepted access request\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-c326d0ab23d963bede3c3947)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-c326d0ab23d963bede3c3947, true, true, true)` | eval kpi=\"Accepted access request\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-c326d0ab23d963bede3c3947)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-c326d0ab23d963bede3c3947)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-c326d0ab23d963bede3c3947)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-c326d0ab23d963bede3c3947)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Accepted access request",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationAccepted\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User (member or guest) accepted a sharing invitation and was granted access to a resource.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-2056a85ce0919da912797345",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationAccepted\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2056a85ce0919da912797345, true, true, true)` | eval kpi=\"Accepted sharing invitation\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2056a85ce0919da912797345)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2056a85ce0919da912797345, true, true, true)` | eval kpi=\"Accepted sharing invitation\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2056a85ce0919da912797345)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2056a85ce0919da912797345)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2056a85ce0919da912797345)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2056a85ce0919da912797345)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationAccepted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Accepted sharing invitation",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=PermissionLevelAdded\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A permission level was added to a site collection.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-96b8629d491e7ad6271c14e1",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=PermissionLevelAdded\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=PermissionLevelAdded\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-96b8629d491e7ad6271c14e1, true, true, true)` | eval kpi=\"Added permission level to site collection\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=PermissionLevelAdded\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-96b8629d491e7ad6271c14e1)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=PermissionLevelAdded\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-96b8629d491e7ad6271c14e1, true, true, true)` | eval kpi=\"Added permission level to site collection\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=PermissionLevelAdded\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-96b8629d491e7ad6271c14e1)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=PermissionLevelAdded\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-96b8629d491e7ad6271c14e1)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=PermissionLevelAdded\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-96b8629d491e7ad6271c14e1)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=PermissionLevelAdded\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-96b8629d491e7ad6271c14e1)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=PermissionLevelAdded\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Added permission level to site collection",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationBlocked\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A sharing invitation sent by a user in your organization is blocked because of an external sharing policy that either allows or denies external sharing based on the domain of the target user.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-15fff30c98e93f41ca5c00db",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationBlocked\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationBlocked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-15fff30c98e93f41ca5c00db, true, true, true)` | eval kpi=\"Blocked sharing invitation\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationBlocked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-15fff30c98e93f41ca5c00db)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationBlocked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-15fff30c98e93f41ca5c00db, true, true, true)` | eval kpi=\"Blocked sharing invitation\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationBlocked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-15fff30c98e93f41ca5c00db)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationBlocked\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-15fff30c98e93f41ca5c00db)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationBlocked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-15fff30c98e93f41ca5c00db)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationBlocked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-15fff30c98e93f41ca5c00db)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationBlocked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Blocked sharing invitation",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkCreated\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User created a company-wide link to a resource.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-536e948aa82f566fe7989361",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkCreated\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-536e948aa82f566fe7989361, true, true, true)` | eval kpi=\"Created a company shareable link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-536e948aa82f566fe7989361)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-536e948aa82f566fe7989361, true, true, true)` | eval kpi=\"Created a company shareable link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-536e948aa82f566fe7989361)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-536e948aa82f566fe7989361)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-536e948aa82f566fe7989361)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-536e948aa82f566fe7989361)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Created a company shareable link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestCreated\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User requests access to a site, folder, or document they don't have permissions to access.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-f7ad605b8d7e347b50a4b8c0",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestCreated\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f7ad605b8d7e347b50a4b8c0, true, true, true)` | eval kpi=\"Created access request\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f7ad605b8d7e347b50a4b8c0)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f7ad605b8d7e347b50a4b8c0, true, true, true)` | eval kpi=\"Created access request\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f7ad605b8d7e347b50a4b8c0)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f7ad605b8d7e347b50a4b8c0)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f7ad605b8d7e347b50a4b8c0)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f7ad605b8d7e347b50a4b8c0)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Created access request",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkCreated\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User created an anonymous link to a resource.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-b7ee7335fbf565b8a9150dcc",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkCreated\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-b7ee7335fbf565b8a9150dcc, true, true, true)` | eval kpi=\"Created an anonymous link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-b7ee7335fbf565b8a9150dcc)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-b7ee7335fbf565b8a9150dcc, true, true, true)` | eval kpi=\"Created an anonymous link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-b7ee7335fbf565b8a9150dcc)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-b7ee7335fbf565b8a9150dcc)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-b7ee7335fbf565b8a9150dcc)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-b7ee7335fbf565b8a9150dcc)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Created an anonymous link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkCreated\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A secure sharing link was created to this item.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-2eb134608ea756c17a429aca",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkCreated\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2eb134608ea756c17a429aca, true, true, true)` | eval kpi=\"Created secure link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2eb134608ea756c17a429aca)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2eb134608ea756c17a429aca, true, true, true)` | eval kpi=\"Created secure link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2eb134608ea756c17a429aca)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2eb134608ea756c17a429aca)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2eb134608ea756c17a429aca)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2eb134608ea756c17a429aca)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Created secure link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationCreated\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User shared a resource in SharePoint Online with a user who isn't in your organization's directory.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-21a934384c3e552feb1be781",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationCreated\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-21a934384c3e552feb1be781, true, true, true)` | eval kpi=\"Created sharing invitation\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-21a934384c3e552feb1be781)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-21a934384c3e552feb1be781, true, true, true)` | eval kpi=\"Created sharing invitation\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-21a934384c3e552feb1be781)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-21a934384c3e552feb1be781)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-21a934384c3e552feb1be781)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-21a934384c3e552feb1be781)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationCreated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Created sharing invitation",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkDeleted\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A secure sharing link was deleted.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-f39bdca52d1cc4099d7e06d3",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkDeleted\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkDeleted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f39bdca52d1cc4099d7e06d3, true, true, true)` | eval kpi=\"Deleted secure link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkDeleted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f39bdca52d1cc4099d7e06d3)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkDeleted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f39bdca52d1cc4099d7e06d3, true, true, true)` | eval kpi=\"Deleted secure link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkDeleted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f39bdca52d1cc4099d7e06d3)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkDeleted\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f39bdca52d1cc4099d7e06d3)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkDeleted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f39bdca52d1cc4099d7e06d3)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkDeleted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f39bdca52d1cc4099d7e06d3)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkDeleted\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Deleted secure link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestDenied\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "An access request to a site, folder, or document was denied.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-d44dba0a68835ee8ea5c2218",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestDenied\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestDenied\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d44dba0a68835ee8ea5c2218, true, true, true)` | eval kpi=\"Denied access request\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestDenied\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d44dba0a68835ee8ea5c2218)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestDenied\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d44dba0a68835ee8ea5c2218, true, true, true)` | eval kpi=\"Denied access request\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestDenied\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d44dba0a68835ee8ea5c2218)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestDenied\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d44dba0a68835ee8ea5c2218)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestDenied\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d44dba0a68835ee8ea5c2218)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestDenied\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d44dba0a68835ee8ea5c2218)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestDenied\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Denied access request",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkRemoved\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User removed a company-wide link to a resource. The link can no longer be used to access the resource.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-61ee6f22301a080c5096d611",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkRemoved\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-61ee6f22301a080c5096d611, true, true, true)` | eval kpi=\"Removed a company shareable link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-61ee6f22301a080c5096d611)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-61ee6f22301a080c5096d611, true, true, true)` | eval kpi=\"Removed a company shareable link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-61ee6f22301a080c5096d611)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-61ee6f22301a080c5096d611)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-61ee6f22301a080c5096d611)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-61ee6f22301a080c5096d611)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Removed a company shareable link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkRemoved\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User removed an anonymous link to a resource. The link can no longer be used to access the resource.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-eee263771ce9b0f1b4c995bb",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkRemoved\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-eee263771ce9b0f1b4c995bb, true, true, true)` | eval kpi=\"Removed an anonymous link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-eee263771ce9b0f1b4c995bb)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-eee263771ce9b0f1b4c995bb, true, true, true)` | eval kpi=\"Removed an anonymous link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-eee263771ce9b0f1b4c995bb)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-eee263771ce9b0f1b4c995bb)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-eee263771ce9b0f1b4c995bb)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-eee263771ce9b0f1b4c995bb)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkRemoved\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Removed an anonymous link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingSet\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User (member or guest) shared a file, folder, or site in SharePoint with a user in your organization's directory.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-7a1860f4b27c99ddea0ac39e",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingSet\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingSet\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-7a1860f4b27c99ddea0ac39e, true, true, true)` | eval kpi=\"Shared file, folder, or site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingSet\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-7a1860f4b27c99ddea0ac39e)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingSet\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-7a1860f4b27c99ddea0ac39e, true, true, true)` | eval kpi=\"Shared file, folder, or site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingSet\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-7a1860f4b27c99ddea0ac39e)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingSet\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-7a1860f4b27c99ddea0ac39e)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingSet\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-7a1860f4b27c99ddea0ac39e)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingSet\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-7a1860f4b27c99ddea0ac39e)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingSet\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Shared file, folder, or site",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingRevoked\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User (member or guest) unshared a file, folder, or site that was previously shared with another user.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-38107b3b623ac5c7efa2a776",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingRevoked\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-38107b3b623ac5c7efa2a776, true, true, true)` | eval kpi=\"Unshared file, folder, or site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-38107b3b623ac5c7efa2a776)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-38107b3b623ac5c7efa2a776, true, true, true)` | eval kpi=\"Unshared file, folder, or site\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-38107b3b623ac5c7efa2a776)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-38107b3b623ac5c7efa2a776)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-38107b3b623ac5c7efa2a776)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-38107b3b623ac5c7efa2a776)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Unshared file, folder, or site",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestUpdated\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "An access request to an item was updated.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-bcff9e9335e84451f8b3d1eb",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestUpdated\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-bcff9e9335e84451f8b3d1eb, true, true, true)` | eval kpi=\"Updated access request\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-bcff9e9335e84451f8b3d1eb)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-bcff9e9335e84451f8b3d1eb, true, true, true)` | eval kpi=\"Updated access request\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-bcff9e9335e84451f8b3d1eb)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-bcff9e9335e84451f8b3d1eb)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-bcff9e9335e84451f8b3d1eb)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-bcff9e9335e84451f8b3d1eb)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AccessRequestUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Updated access request",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUpdated\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User updated an anonymous link to a resource.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-f44477a0dc464bf6af84d3f7",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUpdated\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f44477a0dc464bf6af84d3f7, true, true, true)` | eval kpi=\"Updated an anonymous link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f44477a0dc464bf6af84d3f7)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f44477a0dc464bf6af84d3f7, true, true, true)` | eval kpi=\"Updated an anonymous link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f44477a0dc464bf6af84d3f7)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f44477a0dc464bf6af84d3f7)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f44477a0dc464bf6af84d3f7)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-f44477a0dc464bf6af84d3f7)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Updated an anonymous link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationUpdated\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "An external sharing invitation was updated.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-1d84a980afac661646f84315",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationUpdated\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-1d84a980afac661646f84315, true, true, true)` | eval kpi=\"Updated sharing invitation\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-1d84a980afac661646f84315)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-1d84a980afac661646f84315, true, true, true)` | eval kpi=\"Updated sharing invitation\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-1d84a980afac661646f84315)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-1d84a980afac661646f84315)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-1d84a980afac661646f84315)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-1d84a980afac661646f84315)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationUpdated\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Updated sharing invitation",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkUsed\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User accessed a resource by using a company-wide link.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-2b65a6f1f89ab1cb1adbc713",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkUsed\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2b65a6f1f89ab1cb1adbc713, true, true, true)` | eval kpi=\"Used a company shareable link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2b65a6f1f89ab1cb1adbc713)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2b65a6f1f89ab1cb1adbc713, true, true, true)` | eval kpi=\"Used a company shareable link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2b65a6f1f89ab1cb1adbc713)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2b65a6f1f89ab1cb1adbc713)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2b65a6f1f89ab1cb1adbc713)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-2b65a6f1f89ab1cb1adbc713)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=CompanyLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Used a company shareable link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUsed\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "An anonymous user accessed a resource by using an anonymous link.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-d661ac97f73abdbc0579647d",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUsed\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d661ac97f73abdbc0579647d, true, true, true)` | eval kpi=\"Used an anonymous link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d661ac97f73abdbc0579647d)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d661ac97f73abdbc0579647d, true, true, true)` | eval kpi=\"Used an anonymous link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d661ac97f73abdbc0579647d)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d661ac97f73abdbc0579647d)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d661ac97f73abdbc0579647d)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-d661ac97f73abdbc0579647d)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AnonymousLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Used an anonymous link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkUsed\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A user used a secure link.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-a52e0faa449abf84fc6f748f",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkUsed\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-a52e0faa449abf84fc6f748f, true, true, true)` | eval kpi=\"Used secure link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-a52e0faa449abf84fc6f748f)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-a52e0faa449abf84fc6f748f, true, true, true)` | eval kpi=\"Used secure link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-a52e0faa449abf84fc6f748f)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-a52e0faa449abf84fc6f748f)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-a52e0faa449abf84fc6f748f)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-a52e0faa449abf84fc6f748f)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SecureLinkUsed\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Used secure link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AddedToSecureLink\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A user was added to the list of entities who can use a secure sharing link.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-45ccb5b6f6241790c8284559",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AddedToSecureLink\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AddedToSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-45ccb5b6f6241790c8284559, true, true, true)` | eval kpi=\"User added to secure link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AddedToSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-45ccb5b6f6241790c8284559)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AddedToSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-45ccb5b6f6241790c8284559, true, true, true)` | eval kpi=\"User added to secure link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AddedToSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-45ccb5b6f6241790c8284559)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AddedToSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-45ccb5b6f6241790c8284559)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AddedToSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-45ccb5b6f6241790c8284559)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AddedToSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-45ccb5b6f6241790c8284559)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=AddedToSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "User added to secure link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=RemovedFromSecureLink\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "A user was removed from the list of entities who can use a secure sharing link.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-8d1441fa082be2d3b77f9212",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=RemovedFromSecureLink\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=RemovedFromSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-8d1441fa082be2d3b77f9212, true, true, true)` | eval kpi=\"User removed from secure link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=RemovedFromSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-8d1441fa082be2d3b77f9212)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=RemovedFromSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-8d1441fa082be2d3b77f9212, true, true, true)` | eval kpi=\"User removed from secure link\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=RemovedFromSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-8d1441fa082be2d3b77f9212)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=RemovedFromSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-8d1441fa082be2d3b77f9212)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=RemovedFromSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-8d1441fa082be2d3b77f9212)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=RemovedFromSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-8d1441fa082be2d3b77f9212)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=RemovedFromSecureLink\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "User removed from secure link",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
},
|
|
{
|
|
"adaptive_thresholding_training_window": "-7d",
|
|
"adaptive_thresholds_is_enabled": false,
|
|
"aggregate_eval": null,
|
|
"aggregate_statop": "sum",
|
|
"aggregate_threshold_alert_enabled": false,
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"aggregate_thresholds_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_enabled": false,
|
|
"aggregate_thresholds_custom_alert_rules": [],
|
|
"alert_eval": null,
|
|
"alert_lag": "30",
|
|
"alert_on": "both",
|
|
"alert_period": "15",
|
|
"anomaly_detection_alerting_enabled": false,
|
|
"anomaly_detection_is_enabled": false,
|
|
"anomaly_detection_sensitivity": null,
|
|
"anomaly_detection_training_window": null,
|
|
"backfill_earliest_time": "-7d",
|
|
"backfill_enabled": false,
|
|
"base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationRevoked\n| stats count by Operation, SiteName, _time",
|
|
"base_search_id": null,
|
|
"base_search_metric": null,
|
|
"cohesive_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"cohesive_anomaly_detection_is_enabled": false,
|
|
"datamodel": {
|
|
"datamodel": "",
|
|
"field": "",
|
|
"object": "",
|
|
"owner_field": ""
|
|
},
|
|
"datamodel_filter": [],
|
|
"datamodel_filter_clauses": null,
|
|
"description": "User withdrew a sharing invitation to a resource.",
|
|
"enabled": true,
|
|
"entity_filter_field": "host",
|
|
"entity_split_field": "SiteName",
|
|
"entity_statop": "count",
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#AED3E5",
|
|
"base_severity_color_light": "#E3F0F6",
|
|
"base_severity_label": "info",
|
|
"base_severity_value": 1.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"fill_gaps": "custom_value",
|
|
"gap_custom_alert_value": 0.0,
|
|
"gap_severity": "unknown",
|
|
"gap_severity_color": "#CCCCCC",
|
|
"gap_severity_color_light": "#EEEEEE",
|
|
"gap_severity_value": "-1",
|
|
"is_filter_entities_to_service": false,
|
|
"is_split_by_entity": true,
|
|
"key": "da-itsi-cp-m365-6848ce08dcbceb91e482357c",
|
|
"kpi_base_search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationRevoked\n| stats count by Operation, SiteName, _time",
|
|
"kpi_template_kpi_id": "",
|
|
"kpi_threshold_template_id": "",
|
|
"metric_qualifier": null,
|
|
"metric_search_spec": {
|
|
"metric_index": "",
|
|
"metric_name": ""
|
|
},
|
|
"search": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-6848ce08dcbceb91e482357c, true, true, true)` | eval kpi=\"Withdrew sharing invitation\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-6848ce08dcbceb91e482357c)`",
|
|
"search_alert": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity(count, Operation, \"SiteName\")` | eval sec_grp = \"default_itsi_security_group\" | `match_entities(SiteName, sec_grp)` | eval serviceid = \"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `aggregate_entity_into_service(sum)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-6848ce08dcbceb91e482357c, true, true, true)` | eval kpi=\"Withdrew sharing invitation\", urgency=\"0\", alert_period=\"15\", serviceid=\"da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities\" | `assess_urgency` | `gettime`",
|
|
"search_alert_earliest": "15",
|
|
"search_alert_entities": "",
|
|
"search_buckets": "",
|
|
"search_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_single_value(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-6848ce08dcbceb91e482357c)`",
|
|
"search_occurrences": 1.0,
|
|
"search_time_compare": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_and_compare(count, sum, Operation, \"SiteName\", 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-6848ce08dcbceb91e482357c)`",
|
|
"search_time_series": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-6848ce08dcbceb91e482357c)`",
|
|
"search_time_series_aggregate": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_entity_time_series(count, Operation, \"SiteName\", 15)` | `aggregate_entity_into_service_time_series(sum, 15)` | `assess_severity(da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities, da-itsi-cp-m365-6848ce08dcbceb91e482357c)`",
|
|
"search_time_series_entities": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=SharePoint RecordTypeName=SharePointSharingOperation Operation=SharingInvitationRevoked\n| stats count by Operation, SiteName, _time | `aggregate_raw_into_limited_entity_time_series(count, Operation, \"SiteName\", 15)`",
|
|
"search_type": "adhoc",
|
|
"service_title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"threshold_eval": null,
|
|
"threshold_field": "Operation",
|
|
"time_policies": {
|
|
"policies": {
|
|
"default_policy": {
|
|
"aggregate_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"entity_thresholds": {
|
|
"base_severity_color": "#99D18B",
|
|
"base_severity_color_light": "#DCEFD7",
|
|
"base_severity_label": "normal",
|
|
"base_severity_value": 2.0,
|
|
"gauge_max": 100,
|
|
"gauge_min": 0,
|
|
"is_max_static": false,
|
|
"is_min_static": true,
|
|
"metric_field": "count",
|
|
"render_boundary_max": 100.0,
|
|
"render_boundary_min": 0.0,
|
|
"threshold_levels": []
|
|
},
|
|
"policy_type": "static",
|
|
"time_blocks": [],
|
|
"title": "Default"
|
|
}
|
|
}
|
|
},
|
|
"title": "Withdrew sharing invitation",
|
|
"trending_ad": {
|
|
"sensitivity": 8
|
|
},
|
|
"type": "kpis_primary",
|
|
"tz_offset": null,
|
|
"unit": "",
|
|
"urgency": 0.0,
|
|
"use_time_policies": false
|
|
}
|
|
],
|
|
"service_tags": {
|
|
"tags": [],
|
|
"template_tags": []
|
|
},
|
|
"service_template_id": "",
|
|
"services_depending_on_me": [
|
|
{
|
|
"kpis_depending_on": [
|
|
"SHKPI-da-itsi-cp-m365-m365-sharepoint-online-sharing-and-request-activities"
|
|
],
|
|
"service_id": "da-itsi-cp-m365-m365-sharepoint-online-performance"
|
|
}
|
|
],
|
|
"services_depends_on": [],
|
|
"team_id": "default_itsi_security_group",
|
|
"title": "M365_Sharepoint_Online_Sharing and Request Activities",
|
|
"version": "0.0.33"
|
|
} |