admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5f23f3f2cf'
${ noResults }
Deploiement_Server/deployment-apps/DA-ITSI-CP-m365/itsi/glass_tables/da-itsi-cp-m365-m365-securi...

3251 lines
128 KiB
Raw Blame History

{
"definition": {
"data_sources": {
"ds_083zujwS": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-yammer-availability",
"service_id": "da-itsi-cp-m365-m365-yammer-availability"
},
"name": "O365_Yammer_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-yammer-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_0RymRlVs": {
"meta": {
"kpi_id": "da-itsi-cp-m365-725a71f8dd373be182e37ce7",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual file share activity (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-725a71f8dd373be182e37ce7)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_19eDLbgn_ds_6Er8tBuW_ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_StayInformed_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"stayInformed\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_1grVt6E8": {
"name": "GEO_LoginSuccessFail",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=AzureActiveDirectory Operation=UserLoggedIn OR Operation=UserLoginFailed\n|iplocation ActorIpAddress |stats count by Country | geom geo_countries featureIdField=Country"
},
"type": "ds.search"
},
"ds_1tgPt3mh": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-azuread-performance",
"service_id": "da-itsi-cp-m365-m365-azuread-performance"
},
"name": "O365_AzureAD_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-azuread-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_4W0qIgiG": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-performance",
"service_id": "da-itsi-cp-m365-m365-sharepoint-online-performance"
},
"name": "O365_SharePoint_Online_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-sharepoint-online-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_5Fa6sA9o": {
"meta": {
"kpi_id": "da-itsi-cp-m365-0c81b2d51abae61cec0ef3f9",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Activity from infrequent country",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-0c81b2d51abae61cec0ef3f9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_6Er8tBuW_ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_StayInformed_Normal",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"stayInformed\" severity=\"normal\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_6IyfamOT": {
"meta": {
"kpi_id": "da-itsi-cp-m365-70105ff25be7a7fa3667f158",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Activity performed by terminated user",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-70105ff25be7a7fa3667f158)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_6lonf6pu": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-teams-performance",
"service_id": "da-itsi-cp-m365-m365-teams-performance"
},
"name": "O365_Teams_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-teams-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_91frjQDi": {
"meta": {
"kpi_id": "da-itsi-cp-m365-e255403f15e56c7362f54c5a",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Ransomware activity",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e255403f15e56c7362f54c5a)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_A3bqtW6K": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-detection",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-detection)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_APzAWCjg_ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_PreventFixIssues_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"preventOrFixIssue\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_ChlhtDKE": {
"meta": {
"kpi_id": "da-itsi-cp-m365-78c060e47fa9f2064318598d",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Suspicious inbox manipulation rule",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-78c060e47fa9f2064318598d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_DPVZeJmE": {
"meta": {
"kpi_id": "da-itsi-cp-m365-1b5f52a6ba5583b91bcb7ee6",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual file deletion activity (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-1b5f52a6ba5583b91bcb7ee6)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_FxISLgeA": {
"meta": {
"kpi_id": "da-itsi-cp-m365-53826bcd8ecfef46793dce12",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual administrative activity (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-53826bcd8ecfef46793dce12)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_HdhuUeLu": {
"meta": {
"kpi_id": "da-itsi-cp-m365-439461d009e2f0ff6ecf39b9",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Multiple storage deletion activities",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-439461d009e2f0ff6ecf39b9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_HkHxV06x": {
"meta": {
"kpi_id": "da-itsi-cp-m365-3be36f063bddcaf8fc2cd0f9",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Multiple VM creation activities",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-3be36f063bddcaf8fc2cd0f9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_IyVRZOxX": {
"meta": {
"kpi_id": "da-itsi-cp-m365-cea39bad8b93e87524d52526",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Malware detection",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-cea39bad8b93e87524d52526)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_IzbYJAsR": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-powebi-availability",
"service_id": "da-itsi-cp-m365-m365-powebi-availability"
},
"name": "O365_PoweBI_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-powebi-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_JtBldVTw_ds_PWYF5H9e_ds_tZa7bJJY": {
"name": "Copy of M_PlanForChange_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_PreventFixIssues_Normal",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"preventOrFixIssue\" severity=\"normal\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_MXJZLvxK": {
"meta": {
"kpi_id": "da-itsi-cp-m365-f1dd06f3514cabf98288559d",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Misleading OAuth app name",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-f1dd06f3514cabf98288559d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_OFBAMaHl": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365",
"service_id": "da-itsi-cp-m365-m365"
},
"name": "O365 - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_OSmztg8T": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-teams-availability",
"service_id": "da-itsi-cp-m365-m365-teams-availability"
},
"name": "O365_Teams_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-teams-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_OiYe7Yx4": {
"meta": {
"kpi_id": "da-itsi-cp-m365-ee6e4dad771d573ea72ebde5",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual file download (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-ee6e4dad771d573ea72ebde5)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_P9Fmc8jM": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-powerbi-performance",
"service_id": "da-itsi-cp-m365-m365-powerbi-performance"
},
"name": "O365_PowerBI_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-powerbi-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_PPUj5qKV": {
"meta": {
"kpi_id": "da-itsi-cp-m365-e2bcc3f70d857a221996dfae",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual impersonated activity (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e2bcc3f70d857a221996dfae)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_PWYF5H9e_ds_tZa7bJJY": {
"name": "M_PlanForChange_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_QKp1TbC8": {
"name": "STATS_LoginSuccess",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=AzureActiveDirectory Operation=UserLoggedIn"
},
"type": "ds.search"
},
"ds_S4JkpLcw": {
"meta": {
"kpi_id": "da-itsi-cp-m365-e068b071c2ab0484b8e0088b",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Preview: Multiple Power BI report sharing activities",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e068b071c2ab0484b8e0088b)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_SWoWEcgq": {
"meta": {
"kpi_id": "da-itsi-cp-m365-39d7e3fb2f19c99fff964f71",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Risky sign-in",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-39d7e3fb2f19c99fff964f71)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_SeTDp3tf": {
"meta": {
"kpi_id": "da-itsi-cp-m365-5c246ff1644c8289b88e1e00",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Multiple failed login attempts",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-5c246ff1644c8289b88e1e00)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_V4TbdOXR": {
"meta": {
"kpi_id": "da-itsi-cp-m365-33f7d1dfed53a52c8b23d636",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Suspicious OAuth app file download activities",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-33f7d1dfed53a52c8b23d636)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_YnDq7wLF": {
"name": "SV_service_degradation",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceDegradation\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_bHGWKEHp": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-exchange-performance",
"service_id": "da-itsi-cp-m365-m365-exchange-performance"
},
"name": "O365_Exchange_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-exchange-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_diArV7Gu": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365",
"service_id": "da-itsi-cp-m365-m365"
},
"name": "O365 - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_eqcIwRxM": {
"meta": {
"kpi_id": "da-itsi-cp-m365-94bdd447b34e462623ba7ad8",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Impossible travel",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-94bdd447b34e462623ba7ad8)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_fFgWwN2t": {
"meta": {
"kpi_id": "da-itsi-cp-m365-d201d46cdda4083443f8b146",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Preview: Suspicious change of CloudTrail logging service",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-d201d46cdda4083443f8b146)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_gOcfSjLP": {
"meta": {
"kpi_id": "da-itsi-cp-m365-e62b37aeba6eb6910d9b3fb4",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Preview: Suspicious Power BI report sharing",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e62b37aeba6eb6910d9b3fb4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_hEomd24i": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-management",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-management)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_iDvy3I5y": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-availability",
"service_id": "da-itsi-cp-m365-m365-sharepoint-online-availability"
},
"name": "O365_SharePoint_Online_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-sharepoint-online-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_iMkpBdOw": {
"meta": {
"kpi_id": "da-itsi-cp-m365-dbd94f6bbdc658d6b777efc1",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual addition of credentials to an OAuth app",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-dbd94f6bbdc658d6b777efc1)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_lmnRgCPJ": {
"meta": {
"kpi_id": "da-itsi-cp-m365-b48c41aca99df54f077082c3",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Multiple delete VM activities",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-b48c41aca99df54f077082c3)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_m6nQCit8": {
"meta": {
"kpi_id": "da-itsi-cp-m365-1179499a9bbe188261dc59b6",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Data exfiltration to unsanctioned apps",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-1179499a9bbe188261dc59b6)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_mQ9gLHEF": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-onedrive-availability",
"service_id": "da-itsi-cp-m365-m365-onedrive-availability"
},
"name": "O365_OneDrive_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-onedrive-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_mtIXHc7y": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-exchange-availability",
"service_id": "da-itsi-cp-m365-m365-exchange-availability"
},
"name": "O365_Exchange_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-exchange-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_n7Kbwg3j": {
"meta": {
"kpi_id": "da-itsi-cp-m365-2c1ee3c3072dc1a59d92d9c9",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Activity from anonymous IP addresses",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-2c1ee3c3072dc1a59d92d9c9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_nSJVmBZI": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-azuread-availability",
"service_id": "da-itsi-cp-m365-m365-azuread-availability"
},
"name": "O365_AzureAD_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-azuread-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_pdohGLDI": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-yammer-performance",
"service_id": "da-itsi-cp-m365-m365-yammer-performance"
},
"name": "O365_Yammer_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-yammer-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_pkkMijtJ": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-security",
"service_id": "da-itsi-cp-m365-m365-security"
},
"name": "O365_Security - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-security)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_qI2sr98f": {
"meta": {
"kpi_id": "da-itsi-cp-m365-bc3fd6b828df45db7cf1c41c",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Suspicious email deletion activity (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-bc3fd6b828df45db7cf1c41c)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_qf5Odg58": {
"name": "SV_service_interruption",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceInterruption\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_sOuC6KP0": {
"meta": {
"kpi_id": "da-itsi-cp-m365-27c1e7c5de9f8f8f9259d2f5",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Suspicious inbox forwarding",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-27c1e7c5de9f8f8f9259d2f5)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_t0kZ7Eme": {
"name": "SV_investigating",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"investigating\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_t8tkHKBL": {
"meta": {
"kpi_id": "da-itsi-cp-m365-6977aee5803a6401e3eeb079",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Malicious OAuth app consent",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-6977aee5803a6401e3eeb079)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_tZa7bJJY": {
"name": "M_PlanForChange_Normal",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"normal\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_vNZD8LDw": {
"name": "SV_service_restored",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceRestored\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_vtjODuQ4": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-onedrive-performance",
"service_id": "da-itsi-cp-m365-m365-onedrive-performance"
},
"name": "O365_OneDrive_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-onedrive-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_wManXMy2": {
"meta": {
"kpi_id": "da-itsi-cp-m365-9da46ed16abfd5cbaedb709a",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Leaked credentials",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9da46ed16abfd5cbaedb709a)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_xizAFB3w": {
"meta": {
"kpi_id": "da-itsi-cp-m365-de58bc9bbc4768406116b8c4",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Misleading publisher name for an OAuth app",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-de58bc9bbc4768406116b8c4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_yZUQHbXW": {
"meta": {
"kpi_id": "da-itsi-cp-m365-3add69e6499e96fbff2fe40d",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Activity from suspicious IP addresses",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-3add69e6499e96fbff2fe40d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
}
},
"defaults": {
"dataSources": {
"global": {
"options": {
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
},
"refresh": "$global_refresh_rate$",
"refreshType": "delay"
}
}
}
},
"description": "",
"inputs": {
"input_global_refresh_rate": {
"data_sources": {},
"options": {
"defaultValue": "300s",
"items": [
{
"label": "1 Minute",
"value": "60s"
},
{
"label": "5 Minutes",
"value": "300s"
},
{
"label": "30 Minutes",
"value": "1800s"
},
{
"label": "1 Hour",
"value": "3600s"
},
{
"label": "24 Hours",
"value": "86400s"
}
],
"token": "global_refresh_rate"
},
"title": "Global Refresh Rate",
"type": "input.dropdown"
},
"input_global_trp": {
"data_sources": {},
"options": {
"defaultValue": "-24h@h, now",
"token": "global_time"
},
"title": "Global Time Range",
"type": "input.timerange"
}
},
"layout": {
"global_inputs": [
"input_global_trp",
"input_global_refresh_rate"
],
"options": {
"background_color": "#FFFFFF",
"background_image": {
"size_type": "contain",
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-o365-background",
"x": 0.0,
"y": 0.0
},
"display": "auto-scale",
"height": 1080.0,
"show_title_and_description": true,
"width": 1920.0
},
"structure": [
{
"item": "viz_e07npRtT",
"position": {
"from": {
"x": 4,
"y": 485
},
"to": {
"x": 496,
"y": 485
}
},
"type": "line"
},
{
"item": "viz_GqEHllzp",
"position": {
"from": {
"x": 504,
"y": 483
},
"to": {
"x": 985,
"y": 483
}
},
"type": "line"
},
{
"item": "viz_pXzllOTn",
"position": {
"from": {
"x": 994,
"y": 482
},
"to": {
"x": 1479,
"y": 482
}
},
"type": "line"
},
{
"item": "viz_SO7qXdVQ",
"position": {
"from": {
"x": 1498,
"y": 482
},
"to": {
"x": 1927,
"y": 483
}
},
"type": "line"
},
{
"item": "viz_A7qtMRVE",
"position": {
"from": {
"x": 1499,
"y": 595
},
"to": {
"x": 1928,
"y": 596
}
},
"type": "line"
},
{
"item": "viz_zF9Wj4Db",
"position": {
"from": {
"x": 992,
"y": 682
},
"to": {
"x": 1477,
"y": 682
}
},
"type": "line"
},
{
"item": "viz_fGYSmSBO",
"position": {
"from": {
"x": 508,
"y": 724
},
"to": {
"x": 989,
"y": 724
}
},
"type": "line"
},
{
"item": "viz_PbbrPMyo",
"position": {
"from": {
"x": 1503,
"y": 714
},
"to": {
"x": 1932,
"y": 715
}
},
"type": "line"
},
{
"item": "viz_J6KwDTd8",
"position": {
"h": 140,
"w": 140,
"x": 720,
"y": 50
},
"type": "block"
},
{
"item": "viz_nIrV6Ji9",
"position": {
"h": 140,
"w": 140,
"x": 720,
"y": 50
},
"type": "block"
},
{
"item": "viz_kUriycSm",
"position": {
"h": 90,
"w": 110,
"x": 730,
"y": 180
},
"type": "block"
},
{
"item": "viz_iv6RxEqP",
"position": {
"h": 30,
"w": 370,
"x": 120,
"y": 10
},
"type": "block"
},
{
"item": "viz_zJNts59u",
"position": {
"h": 40,
"w": 30,
"x": 1030,
"y": 130
},
"type": "block"
},
{
"item": "viz_Msnfwxsk",
"position": {
"h": 30,
"w": 30,
"x": 1030,
"y": 170
},
"type": "block"
},
{
"item": "viz_JCCVvLNl",
"position": {
"h": 40,
"w": 40,
"x": 1027,
"y": 90
},
"type": "block"
},
{
"item": "viz_knrg7InH",
"position": {
"h": 30,
"w": 30,
"x": 1030,
"y": 210
},
"type": "block"
},
{
"item": "viz_f1nnmVoq",
"position": {
"h": 30,
"w": 30,
"x": 1030,
"y": 250
},
"type": "block"
},
{
"item": "viz_HLeZ2fmX",
"position": {
"h": 39,
"w": 120,
"x": 1130,
"y": 50
},
"type": "block"
},
{
"item": "viz_X5QKAF37",
"position": {
"h": 39,
"w": 120,
"x": 1300,
"y": 50
},
"type": "block"
},
{
"item": "viz_yOaoYAxD",
"position": {
"h": 40,
"w": 170,
"x": 1090,
"y": 90
},
"type": "block"
},
{
"item": "viz_UwnHVqVF",
"position": {
"h": 40,
"w": 170,
"x": 1090,
"y": 130
},
"type": "block"
},
{
"item": "viz_iwFY6Ssb",
"position": {
"h": 40,
"w": 170,
"x": 1090,
"y": 170
},
"type": "block"
},
{
"item": "viz_flBLmnqx",
"position": {
"h": 40,
"w": 170,
"x": 1090,
"y": 210
},
"type": "block"
},
{
"item": "viz_bUafuQtj",
"position": {
"h": 40,
"w": 170,
"x": 1260,
"y": 250
},
"type": "block"
},
{
"item": "viz_lpsEPULV",
"position": {
"h": 40,
"w": 170,
"x": 1260,
"y": 210
},
"type": "block"
},
{
"item": "viz_faHkI0RF",
"position": {
"h": 40,
"w": 170,
"x": 1260,
"y": 170
},
"type": "block"
},
{
"item": "viz_Qnh2MTYs",
"position": {
"h": 40,
"w": 170,
"x": 1260,
"y": 130
},
"type": "block"
},
{
"item": "viz_uHMieKhH",
"position": {
"h": 40,
"w": 170,
"x": 1260,
"y": 90
},
"type": "block"
},
{
"item": "viz_NOE2ckl3",
"position": {
"h": 40,
"w": 170,
"x": 1260,
"y": 290
},
"type": "block"
},
{
"item": "viz_bPHMNgGr",
"position": {
"h": 40,
"w": 170,
"x": 1090,
"y": 290
},
"type": "block"
},
{
"item": "viz_EjMvfKEx",
"position": {
"h": 32,
"w": 34,
"x": 1030,
"y": 290
},
"type": "block"
},
{
"item": "viz_yXyIxA4f",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 500
},
"type": "block"
},
{
"item": "viz_o7uaQZLl",
"position": {
"h": 40,
"w": 170,
"x": 1090,
"y": 250
},
"type": "block"
},
{
"item": "viz_fFKPc8bn",
"position": {
"h": 39,
"w": 280,
"x": 240,
"y": 460
},
"type": "block"
},
{
"item": "viz_5E8nKEXP",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 490
},
"type": "block"
},
{
"item": "viz_NbXQU8FX",
"position": {
"h": 50,
"w": 310,
"x": 0,
"y": 540
},
"type": "block"
},
{
"item": "viz_kywMljXX",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 530
},
"type": "block"
},
{
"item": "viz_eeCzp2Ul",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 580
},
"type": "block"
},
{
"item": "viz_yX6yjECc",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 570
},
"type": "block"
},
{
"item": "viz_UuzxaZMP",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 500
},
"type": "block"
},
{
"item": "viz_ZNtvfCGp",
"position": {
"h": 39,
"w": 310,
"x": 680,
"y": 460
},
"type": "block"
},
{
"item": "viz_njWrjxyu",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 490
},
"type": "block"
},
{
"item": "viz_l1YN5Sig",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 540
},
"type": "block"
},
{
"item": "viz_dg6XCg5A",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 530
},
"type": "block"
},
{
"item": "viz_RTKIBRTS",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 580
},
"type": "block"
},
{
"item": "viz_VRrzLAHZ",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 570
},
"type": "block"
},
{
"item": "viz_ESz9mVYO",
"position": {
"h": 39,
"w": 290,
"x": 1190,
"y": 460
},
"type": "block"
},
{
"item": "viz_IwUtEHGT",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 620
},
"type": "block"
},
{
"item": "viz_3Iowfd7k",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 610
},
"type": "block"
},
{
"item": "viz_fvbZF8GH",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 510
},
"type": "block"
},
{
"item": "viz_vuAzorOL",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 500
},
"type": "block"
},
{
"item": "viz_kJ0GERvm",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 550
},
"type": "block"
},
{
"item": "viz_nQ77O1zs",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 540
},
"type": "block"
},
{
"item": "viz_Htl2h1HP",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 590
},
"type": "block"
},
{
"item": "viz_1E10aEuW",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 580
},
"type": "block"
},
{
"item": "viz_ZBuNBTtI",
"position": {
"h": 50,
"w": 240,
"x": 1500,
"y": 500
},
"type": "block"
},
{
"item": "viz_46Ax7e4W",
"position": {
"h": 39,
"w": 200,
"x": 1720,
"y": 460
},
"type": "block"
},
{
"item": "viz_FPonYmN1",
"position": {
"h": 40,
"w": 170,
"x": 1740,
"y": 490
},
"type": "block"
},
{
"item": "viz_uajhi8uF",
"position": {
"h": 50,
"w": 240,
"x": 1500,
"y": 540
},
"type": "block"
},
{
"item": "viz_uV1lEu9i",
"position": {
"h": 40,
"w": 170,
"x": 1740,
"y": 530
},
"type": "block"
},
{
"item": "viz_3rVie7Mv",
"position": {
"h": 50,
"w": 230,
"x": 1500,
"y": 610
},
"type": "block"
},
{
"item": "viz_iHzuZnIE",
"position": {
"h": 40,
"w": 170,
"x": 1740,
"y": 600
},
"type": "block"
},
{
"item": "viz_i8zBAwOD",
"position": {
"h": 39,
"w": 160,
"x": 1780,
"y": 570
},
"type": "block"
},
{
"item": "viz_VYaVWqZl",
"position": {
"h": 50,
"w": 240,
"x": 1500,
"y": 650
},
"type": "block"
},
{
"item": "viz_rJBKxdF7",
"position": {
"h": 40,
"w": 170,
"x": 1740,
"y": 640
},
"type": "block"
},
{
"item": "viz_zBUo1kTi",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 660
},
"type": "block"
},
{
"item": "viz_Y2nD0ueG",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 650
},
"type": "block"
},
{
"item": "viz_ayb46Es4",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 620
},
"type": "block"
},
{
"item": "viz_LnPbuW7n",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 660
},
"type": "block"
},
{
"item": "viz_WtqcgXRV",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 700
},
"type": "block"
},
{
"item": "viz_3SR1CB1a",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 740
},
"type": "block"
},
{
"item": "viz_HRZaAZoY",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 780
},
"type": "block"
},
{
"item": "viz_uA9pZmBf",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 610
},
"type": "block"
},
{
"item": "viz_sxYnuNFH",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 650
},
"type": "block"
},
{
"item": "viz_5tXZZwV1",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 690
},
"type": "block"
},
{
"item": "viz_JcKmK6f7",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 730
},
"type": "block"
},
{
"item": "viz_9JXOY4Gm",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 770
},
"type": "block"
},
{
"item": "viz_leE1LqwQ",
"position": {
"h": 50,
"w": 310,
"x": 990,
"y": 630
},
"type": "block"
},
{
"item": "viz_TolyzYYO",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 620
},
"type": "block"
},
{
"item": "viz_y0z9XjBr",
"position": {
"h": 39,
"w": 270,
"x": 1210,
"y": 660
},
"type": "block"
},
{
"item": "viz_hpLoI6sJ",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 700
},
"type": "block"
},
{
"item": "viz_edxLOEOw",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 690
},
"type": "block"
},
{
"item": "viz_7EjYdYLn",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 740
},
"type": "block"
},
{
"item": "viz_5ZsBdWUr",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 730
},
"type": "block"
},
{
"item": "viz_5a71PUFr",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 780
},
"type": "block"
},
{
"item": "viz_ptbnUjOD",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 770
},
"type": "block"
},
{
"item": "viz_Bh0UmeX4",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 820
},
"type": "block"
},
{
"item": "viz_XWROmSjL",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 810
},
"type": "block"
},
{
"item": "viz_4DrdnagR",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 860
},
"type": "block"
},
{
"item": "viz_Kzsdg7ps",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 850
},
"type": "block"
},
{
"item": "viz_Umd44sHd",
"position": {
"h": 39,
"w": 150,
"x": 850,
"y": 700
},
"type": "block"
},
{
"item": "viz_erpVALBK",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 740
},
"type": "block"
},
{
"item": "viz_OkKJN0sV",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 730
},
"type": "block"
},
{
"item": "viz_68VfaK37",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 780
},
"type": "block"
},
{
"item": "viz_g3Fjz3Bj",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 770
},
"type": "block"
},
{
"item": "viz_n1qvLBQA",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 820
},
"type": "block"
},
{
"item": "viz_LTzFXuv0",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 810
},
"type": "block"
},
{
"item": "viz_ASboNwDu",
"position": {
"h": 39,
"w": 160,
"x": 1780,
"y": 690
},
"type": "block"
},
{
"item": "viz_3U6anbbB",
"position": {
"h": 50,
"w": 240,
"x": 1500,
"y": 720
},
"type": "block"
},
{
"item": "viz_Gs29Q9B0",
"position": {
"h": 40,
"w": 170,
"x": 1740,
"y": 720
},
"type": "block"
},
{
"item": "viz_oZNyDloj",
"position": {
"h": 140,
"w": 540,
"x": 30,
"y": 50
},
"type": "block"
},
{
"item": "viz_SfuaNk53",
"position": {
"h": 140,
"w": 260,
"x": 310,
"y": 210
},
"type": "block"
},
{
"item": "viz_PLzLkjTj",
"position": {
"h": 140,
"w": 260,
"x": 30,
"y": 210
},
"type": "block"
},
{
"item": "viz_U34r2Mko",
"position": {
"h": 40,
"w": 170,
"x": 1260,
"y": 330
},
"type": "block"
},
{
"item": "viz_8NtsaDwL",
"position": {
"h": 40,
"w": 170,
"x": 1090,
"y": 330
},
"type": "block"
},
{
"item": "viz_FNrs1dG0",
"position": {
"h": 50,
"w": 50,
"x": 1024,
"y": 320
},
"type": "block"
},
{
"item": "viz_c6LVkVRk",
"position": {
"from": {
"x": 3,
"y": 443
},
"to": {
"x": 1925,
"y": 443
}
},
"type": "line"
},
{
"item": "viz_Fl1l8we4",
"position": {
"h": 30,
"w": 240,
"x": 670,
"y": 10
},
"type": "block"
},
{
"item": "viz_SlXI58VU",
"position": {
"h": 30,
"w": 370,
"x": 1050,
"y": 10
},
"type": "block"
},
{
"item": "viz_18YY3EAV",
"position": {
"h": 30,
"w": 480,
"x": 0,
"y": 400
},
"type": "block"
},
{
"item": "viz_Z2j9DxBh",
"position": {
"h": 560,
"w": 1940,
"x": 0,
"y": 400
},
"type": "block"
},
{
"item": "viz_C9h3XTnu",
"position": {
"h": 200,
"w": 600,
"x": 0,
"y": 0
},
"type": "block"
},
{
"item": "viz_OTUNaqKj",
"position": {
"h": 270,
"w": 270,
"x": 650,
"y": 0
},
"type": "block"
},
{
"item": "viz_m5GnZJeR",
"position": {
"h": 400,
"w": 450,
"x": 1000,
"y": 0
},
"type": "block"
},
{
"item": "viz_r8Z1nkoJ",
"position": {
"h": 40,
"w": 280,
"x": 1640,
"y": 0
},
"type": "block"
}
],
"type": "absolute"
},
"title": "M365 Security Dashboard - Threat Detection",
"visualizations": {
"viz_18YY3EAV": {
"options": {
"customFontSize": 24.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "**M365 Security: Threat Detection (details)**"
},
"type": "splunk.markdown"
},
"viz_1E10aEuW": {
"data_sources": {
"primary": "ds_gOcfSjLP"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_3Iowfd7k": {
"data_sources": {
"primary": "ds_n7Kbwg3j"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_3SR1CB1a": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Multiple Failed Login Attempts"
},
"type": "splunk.markdown"
},
"viz_3U6anbbB": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Preview: Suspicious Change of CoudTrail Logging Service"
},
"type": "splunk.markdown"
},
"viz_3rVie7Mv": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Impossible Travel"
},
"type": "splunk.markdown"
},
"viz_46Ax7e4W": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware Ransomeware"
},
"type": "splunk.markdown"
},
"viz_4DrdnagR": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Data Exfiltration to Unsanctioned Apps"
},
"type": "splunk.markdown"
},
"viz_5E8nKEXP": {
"data_sources": {
"primary": "ds_t8tkHKBL"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_5ZsBdWUr": {
"data_sources": {
"primary": "ds_OiYe7Yx4"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_5a71PUFr": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual File Share Activity (by user)"
},
"type": "splunk.markdown"
},
"viz_5tXZZwV1": {
"data_sources": {
"primary": "ds_SWoWEcgq"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_68VfaK37": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Suspicious Inbox Forwarding"
},
"type": "splunk.markdown"
},
"viz_7EjYdYLn": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual File Download (by user)"
},
"type": "splunk.markdown"
},
"viz_8NtsaDwL": {
"data_sources": {
"primary": "ds_P9Fmc8jM"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_9JXOY4Gm": {
"data_sources": {
"primary": "ds_wManXMy2"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_A7qtMRVE": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_ASboNwDu": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Cloud Activities"
},
"type": "splunk.markdown"
},
"viz_Bh0UmeX4": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Multiple Storage Deletion Activities"
},
"type": "splunk.markdown"
},
"viz_C9h3XTnu": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_ESz9mVYO": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "VM / Power BI Suspicious Activities"
},
"type": "splunk.markdown"
},
"viz_EjMvfKEx": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-azuread"
},
"type": "splunk.image"
},
"viz_FNrs1dG0": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-power-bi-24x24"
},
"type": "splunk.image"
},
"viz_FPonYmN1": {
"data_sources": {
"primary": "ds_91frjQDi"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_Fl1l8we4": {
"options": {
"customFontSize": 24.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "**M365 Overall Health**"
},
"type": "splunk.markdown"
},
"viz_GqEHllzp": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_Gs29Q9B0": {
"data_sources": {
"primary": "ds_fFgWwN2t"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_HLeZ2fmX": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Performance"
},
"type": "splunk.markdown"
},
"viz_HRZaAZoY": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Leaked Credentials"
},
"type": "splunk.markdown"
},
"viz_Htl2h1HP": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Preview Suspicious PowerBI Report Sharing"
},
"type": "splunk.markdown"
},
"viz_IwUtEHGT": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": " Activity from Anonymous IP Address"
},
"type": "splunk.markdown"
},
"viz_J6KwDTd8": {
"data_sources": {
"primary": "ds_OFBAMaHl"
},
"options": {
"fill_color": "> primary | seriesByName(\"alert_color\") | lastPoint()"
},
"type": "splunk.rectangle"
},
"viz_JCCVvLNl": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-exchange-48x48"
},
"type": "splunk.image"
},
"viz_JcKmK6f7": {
"data_sources": {
"primary": "ds_SeTDp3tf"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_Kzsdg7ps": {
"data_sources": {
"primary": "ds_m6nQCit8"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_LTzFXuv0": {
"data_sources": {
"primary": "ds_qI2sr98f"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_LnPbuW7n": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Suspicious OAuth App File Download Activities"
},
"type": "splunk.markdown"
},
"viz_Msnfwxsk": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-sharepoint"
},
"type": "splunk.image"
},
"viz_NOE2ckl3": {
"data_sources": {
"primary": "ds_nSJVmBZI"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_NbXQU8FX": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual Addition of Credential to an OAuth App"
},
"type": "splunk.markdown"
},
"viz_OTUNaqKj": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-executive-overview&action=view"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_OkKJN0sV": {
"data_sources": {
"primary": "ds_ChlhtDKE"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_PLzLkjTj": {
"data_sources": {
"primary": "ds_pkkMijtJ"
},
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-security"
},
"type": "drilldown.customUrl"
}
],
"options": {
"background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"title": "Security Overall",
"type": "splunk.singlevalue"
},
"viz_PbbrPMyo": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_Qnh2MTYs": {
"data_sources": {
"primary": "ds_mQ9gLHEF"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_RTKIBRTS": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual Administrative Activity (by user)"
},
"type": "splunk.markdown"
},
"viz_SO7qXdVQ": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_SfuaNk53": {
"data_sources": {
"primary": "ds_hEomd24i"
},
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-management"
},
"type": "drilldown.customUrl"
}
],
"options": {
"background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"title": "Threat Management",
"type": "splunk.singlevalue"
},
"viz_SlXI58VU": {
"options": {
"customFontSize": 24.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "**M365 Performance & Availability**"
},
"type": "splunk.markdown"
},
"viz_TolyzYYO": {
"data_sources": {
"primary": "ds_S4JkpLcw"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_U34r2Mko": {
"data_sources": {
"primary": "ds_IzbYJAsR"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_Umd44sHd": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Inbox Anomalies"
},
"type": "splunk.markdown"
},
"viz_UuzxaZMP": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Activity Performed by Terminated User"
},
"type": "splunk.markdown"
},
"viz_UwnHVqVF": {
"data_sources": {
"primary": "ds_vtjODuQ4"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_VRrzLAHZ": {
"data_sources": {
"primary": "ds_FxISLgeA"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_VYaVWqZl": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Activity From Infrequent Country"
},
"type": "splunk.markdown"
},
"viz_WtqcgXRV": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Risky Sign-In"
},
"type": "splunk.markdown"
},
"viz_X5QKAF37": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Availability"
},
"type": "splunk.markdown"
},
"viz_XWROmSjL": {
"data_sources": {
"primary": "ds_HdhuUeLu"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_Y2nD0ueG": {
"data_sources": {
"primary": "ds_PPUj5qKV"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_Z2j9DxBh": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_ZBuNBTtI": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Ransomware Activity"
},
"type": "splunk.markdown"
},
"viz_ZNtvfCGp": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "User / Admin / IP Suspicious Activities"
},
"type": "splunk.markdown"
},
"viz_ayb46Es4": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Misleading Publisher Name for an OAuth App"
},
"type": "splunk.markdown"
},
"viz_bPHMNgGr": {
"data_sources": {
"primary": "ds_1tgPt3mh"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_bUafuQtj": {
"data_sources": {
"primary": "ds_083zujwS"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_c6LVkVRk": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 6.0
},
"type": "abslayout.line"
},
"viz_dg6XCg5A": {
"data_sources": {
"primary": "ds_yZUQHbXW"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_e07npRtT": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_edxLOEOw": {
"data_sources": {
"primary": "ds_DPVZeJmE"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_eeCzp2Ul": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Misleading OAuth App Name"
},
"type": "splunk.markdown"
},
"viz_erpVALBK": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Suspicious Inbox Manipulation Rule"
},
"type": "splunk.markdown"
},
"viz_f1nnmVoq": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-yammer"
},
"type": "splunk.image"
},
"viz_fFKPc8bn": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Authorization / Login Anomalies"
},
"type": "splunk.markdown"
},
"viz_fGYSmSBO": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_faHkI0RF": {
"data_sources": {
"primary": "ds_iDvy3I5y"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_flBLmnqx": {
"data_sources": {
"primary": "ds_6lonf6pu"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_fvbZF8GH": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Multiple Delete VM Activities"
},
"type": "splunk.markdown"
},
"viz_g3Fjz3Bj": {
"data_sources": {
"primary": "ds_sOuC6KP0"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_hpLoI6sJ": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual File Deletion Activity (by user)"
},
"type": "splunk.markdown"
},
"viz_i8zBAwOD": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Geo Anomalies"
},
"type": "splunk.markdown"
},
"viz_iHzuZnIE": {
"data_sources": {
"primary": "ds_eqcIwRxM"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_iv6RxEqP": {
"options": {
"customFontSize": 24.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "**M365 Security: Threat Detection**"
},
"type": "splunk.markdown"
},
"viz_iwFY6Ssb": {
"data_sources": {
"primary": "ds_4W0qIgiG"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_kJ0GERvm": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Multiple VM Creation Activities"
},
"type": "splunk.markdown"
},
"viz_kUriycSm": {
"data_sources": {
"primary": "ds_diArV7Gu"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "off",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "off"
},
"type": "splunk.singlevalue"
},
"viz_knrg7InH": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-teams"
},
"type": "splunk.image"
},
"viz_kywMljXX": {
"data_sources": {
"primary": "ds_iMkpBdOw"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_l1YN5Sig": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Activity from Suspicious IP Address"
},
"type": "splunk.markdown"
},
"viz_leE1LqwQ": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Preview Multiple PowerBI Report Share Activities"
},
"type": "splunk.markdown"
},
"viz_lpsEPULV": {
"data_sources": {
"primary": "ds_OSmztg8T"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_m5GnZJeR": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-overview-dashboard&action=view"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_n1qvLBQA": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Suspicious Email Deletion Activity (by user)"
},
"type": "splunk.markdown"
},
"viz_nIrV6Ji9": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-office-256x256"
},
"type": "splunk.image"
},
"viz_nQ77O1zs": {
"data_sources": {
"primary": "ds_HkHxV06x"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_njWrjxyu": {
"data_sources": {
"primary": "ds_6IyfamOT"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_o7uaQZLl": {
"data_sources": {
"primary": "ds_pdohGLDI"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_oZNyDloj": {
"data_sources": {
"primary": "ds_A3bqtW6K"
},
"options": {
"background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"title": "Threat Detection",
"type": "splunk.singlevalue"
},
"viz_pXzllOTn": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_ptbnUjOD": {
"data_sources": {
"primary": "ds_0RymRlVs"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_r8Z1nkoJ": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-executive-overview&action=view"
},
"type": "drilldown.customUrl"
}
],
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-microsoft-365"
},
"type": "splunk.image"
},
"viz_rJBKxdF7": {
"data_sources": {
"primary": "ds_5Fa6sA9o"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_sxYnuNFH": {
"data_sources": {
"primary": "ds_V4TbdOXR"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_uA9pZmBf": {
"data_sources": {
"primary": "ds_xizAFB3w"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_uHMieKhH": {
"data_sources": {
"primary": "ds_mtIXHc7y"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_uV1lEu9i": {
"data_sources": {
"primary": "ds_IyVRZOxX"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_uajhi8uF": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware Detection"
},
"type": "splunk.markdown"
},
"viz_vuAzorOL": {
"data_sources": {
"primary": "ds_lmnRgCPJ"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_y0z9XjBr": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "File / Data Suspicious Activities"
},
"type": "splunk.markdown"
},
"viz_yOaoYAxD": {
"data_sources": {
"primary": "ds_bHGWKEHp"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_yX6yjECc": {
"data_sources": {
"primary": "ds_MXJZLvxK"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_yXyIxA4f": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malicious OAuth App Consent"
},
"type": "splunk.markdown"
},
"viz_zBUo1kTi": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual Impersonated Activity (by user)"
},
"type": "splunk.markdown"
},
"viz_zF9Wj4Db": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_zJNts59u": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-onedrive"
},
"type": "splunk.image"
}
}
},
"description": "",
"gt_version": "beta",
"key": "da-itsi-cp-m365-m365-security-dashboard-threat-detection",
"latest": "now",
"latest_label": "Now",
"selected_swap_service_id": null,
"swap_service_ids": [],
"template_selected_service_id": null,
"template_swappable_service_ids": [],
"title": "M365 Security Dashboard - Threat Detection",
"version": "0.0.38"
}
Reference in new issue View Git Blame Copy Permalink