admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '89ac45cb63'
${ noResults }
Deploiement_Server/deployment-apps/DA-ITSI-CP-m365/itsi/glass_tables/da-itsi-cp-m365-m365-securi...

3321 lines
131 KiB
Raw Blame History

{
"definition": {
"data_sources": {
"ds_083zujwS": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-yammer-availability",
"service_id": "da-itsi-cp-m365-m365-yammer-availability"
},
"name": "O365_Yammer_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-yammer-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_0a7gzTjo": {
"meta": {
"kpi_id": "da-itsi-cp-m365-5bf5606cfaaf9f1e1906e0c7",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Phish not zapped because ZAP is disabled",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-5bf5606cfaaf9f1e1906e0c7)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_19eDLbgn_ds_6Er8tBuW_ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_StayInformed_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"stayInformed\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_1grVt6E8": {
"name": "GEO_LoginSuccessFail",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=AzureActiveDirectory Operation=UserLoggedIn OR Operation=UserLoginFailed\n|iplocation ActorIpAddress |stats count by Country | geom geo_countries featureIdField=Country"
},
"type": "ds.search"
},
"ds_1tgPt3mh": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-azuread-performance",
"service_id": "da-itsi-cp-m365-m365-azuread-performance"
},
"name": "O365_AzureAD_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-azuread-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_3uckpPxG": {
"meta": {
"kpi_id": "da-itsi-cp-m365-8523be4e51e4d22cd0adfc5f",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Tenant restricted from sending email",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-8523be4e51e4d22cd0adfc5f)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_4W0qIgiG": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-performance",
"service_id": "da-itsi-cp-m365-m365-sharepoint-online-performance"
},
"name": "O365_SharePoint_Online_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-sharepoint-online-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_6Er8tBuW_ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_StayInformed_Normal",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"stayInformed\" severity=\"normal\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_6lonf6pu": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-teams-performance",
"service_id": "da-itsi-cp-m365-m365-teams-performance"
},
"name": "O365_Teams_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-teams-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_7c3Ve7MN": {
"meta": {
"kpi_id": "da-itsi-cp-m365-c1181e5da7c68badae4466e7",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email messages containing malware removed after delivery",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-c1181e5da7c68badae4466e7)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_A9GJW0TB": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-detection",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-detection)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_APzAWCjg_ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_PreventFixIssues_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"preventOrFixIssue\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_CwNHa74t": {
"meta": {
"kpi_id": "da-itsi-cp-m365-4e404594ca7f78ca1d5d0ab4",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Suspicious email sending patterns detected",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-4e404594ca7f78ca1d5d0ab4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_FiQTjw0t": {
"meta": {
"kpi_id": "da-itsi-cp-m365-9fa342e6bd6fa0c75ecfd9e4",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Phish delivered because a user's Junk Mail Folder is disabled",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9fa342e6bd6fa0c75ecfd9e4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_GvG2lfFy": {
"meta": {
"kpi_id": "da-itsi-cp-m365-335970fbaba5102dfcc7001e",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - A potentially malicious URL click was detected",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-335970fbaba5102dfcc7001e)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_HCyL3oA6": {
"meta": {
"kpi_id": "da-itsi-cp-m365-7ca96b5a3c7a8582ea11f1b3",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - User restricted from sharing forms and collecting responses",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-7ca96b5a3c7a8582ea11f1b3)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_IzbYJAsR": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-powebi-availability",
"service_id": "da-itsi-cp-m365-m365-powebi-availability"
},
"name": "O365_PoweBI_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-powebi-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_JOW31gSa": {
"meta": {
"kpi_id": "da-itsi-cp-m365-7dd5b60d312252feaf09984f",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Tenant restricted from sending unprovisioned email",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-7dd5b60d312252feaf09984f)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_JptaDvdF": {
"meta": {
"kpi_id": "da-itsi-cp-m365-2ef1fa92d295f04314c86998",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Admin Submission Result Completed",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-2ef1fa92d295f04314c86998)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_JqDqXdyB": {
"meta": {
"kpi_id": "da-itsi-cp-m365-9de0cedd8cad34b312b6c607",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Phish delivered due to an IP allow policy",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9de0cedd8cad34b312b6c607)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_JtBldVTw_ds_PWYF5H9e_ds_tZa7bJJY": {
"name": "Copy of M_PlanForChange_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_K8u5tNdp": {
"meta": {
"kpi_id": "da-itsi-cp-m365-b018769b1369129e8f467ab9",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Form flagged and confirmed as phishing",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-b018769b1369129e8f467ab9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_LCJDIgEA": {
"meta": {
"kpi_id": "da-itsi-cp-m365-308db1b4e0a8b93083d63189",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Creation of forwarding/redirect rule",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-308db1b4e0a8b93083d63189)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_M7cfBfKD": {
"meta": {
"kpi_id": "da-itsi-cp-m365-e3d64fcd5f4743eae1c4fa18",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email messages containing phish URLs removed after delivery",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e3d64fcd5f4743eae1c4fa18)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_PreventFixIssues_Normal",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"preventOrFixIssue\" severity=\"normal\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_Mw0eQtbg": {
"meta": {
"kpi_id": "da-itsi-cp-m365-34b5cb3b724026b9e1e052d0",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Suspicious Email Forwarding Activity",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-34b5cb3b724026b9e1e052d0)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_NbOuEYe0": {
"meta": {
"kpi_id": "da-itsi-cp-m365-00d20a88bad4d66da569d8cd",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Admin triggered manual investigation of email",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-00d20a88bad4d66da569d8cd)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_OFBAMaHl": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365",
"service_id": "da-itsi-cp-m365-m365"
},
"name": "O365 - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_OSmztg8T": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-teams-availability",
"service_id": "da-itsi-cp-m365-m365-teams-availability"
},
"name": "O365_Teams_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-teams-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_P9Fmc8jM": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-powerbi-performance",
"service_id": "da-itsi-cp-m365-m365-powerbi-performance"
},
"name": "O365_PowerBI_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-powerbi-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_PWYF5H9e_ds_tZa7bJJY": {
"name": "M_PlanForChange_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_QKp1TbC8": {
"name": "STATS_LoginSuccess",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=AzureActiveDirectory Operation=UserLoggedIn"
},
"type": "ds.search"
},
"ds_R5D2vp8g": {
"meta": {
"kpi_id": "da-itsi-cp-m365-039b43cf4c7fc3823a5989b5",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - eDiscovery search started or exported",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-039b43cf4c7fc3823a5989b5)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_S23nHPQl": {
"meta": {
"kpi_id": "da-itsi-cp-m365-d9f19da945babcdba8476088",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Remediation action taken by admin on emails or URL or sender",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-d9f19da945babcdba8476088)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_SmgYba2K": {
"meta": {
"kpi_id": "da-itsi-cp-m365-005c3f1e83457829d81f00f6",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Malware campaign detected after delivery",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-005c3f1e83457829d81f00f6)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_Spsqbzoa": {
"meta": {
"kpi_id": "da-itsi-cp-m365-ff3e9770c49ed7a45ffe3b84",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Phish delivered due to an ETR override",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-ff3e9770c49ed7a45ffe3b84)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_TwYKtIyo": {
"meta": {
"kpi_id": "da-itsi-cp-m365-9f412f2ba47006224e7f1bbb",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Unusual increase in email reported as phish",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9f412f2ba47006224e7f1bbb)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_UPaPYxm6": {
"meta": {
"kpi_id": "da-itsi-cp-m365-35a40df6a4b5a4d655cf4066",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email reported by user as malware or phish",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-35a40df6a4b5a4d655cf4066)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_Y6IwBvGD": {
"meta": {
"kpi_id": "da-itsi-cp-m365-9a98c6411cf1054c3ad37c23",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Form blocked due to potential phishing attempt",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9a98c6411cf1054c3ad37c23)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_YnDq7wLF": {
"name": "SV_service_degradation",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceDegradation\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_bHGWKEHp": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-exchange-performance",
"service_id": "da-itsi-cp-m365-m365-exchange-performance"
},
"name": "O365_Exchange_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-exchange-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_cKi7WOpX": {
"meta": {
"kpi_id": "da-itsi-cp-m365-4ecdcf1629fe1dbda1e73b2c",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email sending limit exceeded",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-4ecdcf1629fe1dbda1e73b2c)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_cfGSE4oD": {
"meta": {
"kpi_id": "da-itsi-cp-m365-b2e7e08b7c45daa9d2d1ffcf",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Malware campaign detected in SharePoint and OneDrive",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-b2e7e08b7c45daa9d2d1ffcf)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_diArV7Gu": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365",
"service_id": "da-itsi-cp-m365-m365"
},
"name": "O365 - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_hEomd24i": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-management",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-management)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_iDvy3I5y": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-availability",
"service_id": "da-itsi-cp-m365-m365-sharepoint-online-availability"
},
"name": "O365_SharePoint_Online_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-sharepoint-online-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_kEmJGZGh": {
"meta": {
"kpi_id": "da-itsi-cp-m365-a5b963ff18821c61b301f437",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - User restricted from sending email",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-a5b963ff18821c61b301f437)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_mQ9gLHEF": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-onedrive-availability",
"service_id": "da-itsi-cp-m365-m365-onedrive-availability"
},
"name": "O365_OneDrive_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-onedrive-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_mtIXHc7y": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-exchange-availability",
"service_id": "da-itsi-cp-m365-m365-exchange-availability"
},
"name": "O365_Exchange_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-exchange-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_nSJVmBZI": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-azuread-availability",
"service_id": "da-itsi-cp-m365-m365-azuread-availability"
},
"name": "O365_AzureAD_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-azuread-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_ncxoJa95": {
"meta": {
"kpi_id": "da-itsi-cp-m365-2fd6695634044151e6a32eee",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Successful exact data match upload",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-2fd6695634044151e6a32eee)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_pFzL0388": {
"meta": {
"kpi_id": "da-itsi-cp-m365-badccea130915197605e1250",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Failed exact data match upload",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-badccea130915197605e1250)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_pdohGLDI": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-yammer-performance",
"service_id": "da-itsi-cp-m365-m365-yammer-performance"
},
"name": "O365_Yammer_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-yammer-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_pkkMijtJ": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-security",
"service_id": "da-itsi-cp-m365-m365-security"
},
"name": "O365_Security - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-security)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_qf5Odg58": {
"name": "SV_service_interruption",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceInterruption\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_sWtjDtCY": {
"meta": {
"kpi_id": "da-itsi-cp-m365-af1f6fffe44ddaa3242707ad",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Malware campaign detected and blocked",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-af1f6fffe44ddaa3242707ad)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_t0kZ7Eme": {
"name": "SV_investigating",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"investigating\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_tZa7bJJY": {
"name": "M_PlanForChange_Normal",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"normal\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_vNZD8LDw": {
"name": "SV_service_restored",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceRestored\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_vjtep4Mt": {
"meta": {
"kpi_id": "da-itsi-cp-m365-6543fc19e5b43a24acb4f9e1",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email messages containing malicious file removed after delivery\u200b",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-6543fc19e5b43a24acb4f9e1)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_vtjODuQ4": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-onedrive-performance",
"service_id": "da-itsi-cp-m365-m365-onedrive-performance"
},
"name": "O365_OneDrive_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-onedrive-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_xe6ZHJYv": {
"meta": {
"kpi_id": "da-itsi-cp-m365-fbf479a0530fe57af9776410",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - MIP AutoLabel simulation completed",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-fbf479a0530fe57af9776410)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_y7c2PMC0": {
"meta": {
"kpi_id": "da-itsi-cp-m365-494e7910f769e401e422bd22",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Malware not zapped because ZAP is disabled",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-494e7910f769e401e422bd22)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_ziNb4LvN": {
"meta": {
"kpi_id": "da-itsi-cp-m365-dcd5a864c27b4f1b0f4e6dcf",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email messages containing malicious URL removed after delivery\u200b",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-dcd5a864c27b4f1b0f4e6dcf)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
}
},
"defaults": {
"dataSources": {
"global": {
"options": {
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
},
"refresh": "$global_refresh_rate$",
"refreshType": "delay"
}
}
}
},
"description": "",
"inputs": {
"input_global_refresh_rate": {
"data_sources": {},
"options": {
"defaultValue": "300s",
"items": [
{
"label": "1 Minute",
"value": "60s"
},
{
"label": "5 Minutes",
"value": "300s"
},
{
"label": "30 Minutes",
"value": "1800s"
},
{
"label": "1 Hour",
"value": "3600s"
},
{
"label": "24 Hours",
"value": "86400s"
}
],
"token": "global_refresh_rate"
},
"title": "Global Refresh Rate",
"type": "input.dropdown"
},
"input_global_trp": {
"data_sources": {},
"options": {
"defaultValue": "-24h@h, now",
"token": "global_time"
},
"title": "Global Time Range",
"type": "input.timerange"
}
},
"layout": {
"global_inputs": [
"input_global_trp",
"input_global_refresh_rate"
],
"options": {
"background_color": "#FFFFFF",
"background_image": {
"size_type": "contain",
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-o365-background",
"x": 0.0,
"y": 0.0
},
"display": "auto-scale",
"height": 1080.0,
"show_title_and_description": true,
"width": 1920.0
},
"structure": [
{
"item": "viz_4DWqvA8O",
"position": {
"from": {
"x": -3,
"y": 495
},
"to": {
"x": 489,
"y": 495
}
},
"type": "line"
},
{
"item": "viz_druTJqGo",
"position": {
"from": {
"x": -5,
"y": 734
},
"to": {
"x": 487,
"y": 734
}
},
"type": "line"
},
{
"item": "viz_1iiLDkYH",
"position": {
"from": {
"x": 506,
"y": 495
},
"to": {
"x": 987,
"y": 495
}
},
"type": "line"
},
{
"item": "viz_DOLGDqRS",
"position": {
"from": {
"x": 502,
"y": 645
},
"to": {
"x": 983,
"y": 645
}
},
"type": "line"
},
{
"item": "viz_Q7m8dKqi",
"position": {
"from": {
"x": 500,
"y": 754
},
"to": {
"x": 981,
"y": 754
}
},
"type": "line"
},
{
"item": "viz_zRota3sv",
"position": {
"from": {
"x": 996,
"y": 495
},
"to": {
"x": 1477,
"y": 495
}
},
"type": "line"
},
{
"item": "viz_M291DEZJ",
"position": {
"from": {
"x": 501,
"y": 864
},
"to": {
"x": 982,
"y": 864
}
},
"type": "line"
},
{
"item": "viz_J6KwDTd8",
"position": {
"h": 140,
"w": 140,
"x": 710,
"y": 50
},
"type": "block"
},
{
"item": "viz_nIrV6Ji9",
"position": {
"h": 140,
"w": 140,
"x": 710,
"y": 50
},
"type": "block"
},
{
"item": "viz_kUriycSm",
"position": {
"h": 90,
"w": 110,
"x": 723,
"y": 190
},
"type": "block"
},
{
"item": "viz_6dWLMKtj",
"position": {
"h": 50,
"w": 400,
"x": 1060,
"y": 10
},
"type": "block"
},
{
"item": "viz_zJNts59u",
"position": {
"h": 40,
"w": 30,
"x": 1040,
"y": 120
},
"type": "block"
},
{
"item": "viz_Msnfwxsk",
"position": {
"h": 30,
"w": 30,
"x": 1040,
"y": 160
},
"type": "block"
},
{
"item": "viz_JCCVvLNl",
"position": {
"h": 40,
"w": 40,
"x": 1037,
"y": 80
},
"type": "block"
},
{
"item": "viz_knrg7InH",
"position": {
"h": 30,
"w": 30,
"x": 1040,
"y": 200
},
"type": "block"
},
{
"item": "viz_f1nnmVoq",
"position": {
"h": 30,
"w": 30,
"x": 1040,
"y": 240
},
"type": "block"
},
{
"item": "viz_HLeZ2fmX",
"position": {
"h": 39,
"w": 120,
"x": 1140,
"y": 50
},
"type": "block"
},
{
"item": "viz_X5QKAF37",
"position": {
"h": 39,
"w": 120,
"x": 1310,
"y": 50
},
"type": "block"
},
{
"item": "viz_yOaoYAxD",
"position": {
"h": 40,
"w": 170,
"x": 1100,
"y": 80
},
"type": "block"
},
{
"item": "viz_UwnHVqVF",
"position": {
"h": 40,
"w": 170,
"x": 1100,
"y": 120
},
"type": "block"
},
{
"item": "viz_iwFY6Ssb",
"position": {
"h": 40,
"w": 170,
"x": 1100,
"y": 160
},
"type": "block"
},
{
"item": "viz_flBLmnqx",
"position": {
"h": 40,
"w": 170,
"x": 1100,
"y": 200
},
"type": "block"
},
{
"item": "viz_bUafuQtj",
"position": {
"h": 40,
"w": 170,
"x": 1270,
"y": 240
},
"type": "block"
},
{
"item": "viz_lpsEPULV",
"position": {
"h": 40,
"w": 170,
"x": 1270,
"y": 200
},
"type": "block"
},
{
"item": "viz_faHkI0RF",
"position": {
"h": 40,
"w": 170,
"x": 1270,
"y": 160
},
"type": "block"
},
{
"item": "viz_Qnh2MTYs",
"position": {
"h": 40,
"w": 170,
"x": 1270,
"y": 120
},
"type": "block"
},
{
"item": "viz_uHMieKhH",
"position": {
"h": 40,
"w": 170,
"x": 1270,
"y": 80
},
"type": "block"
},
{
"item": "viz_NOE2ckl3",
"position": {
"h": 40,
"w": 170,
"x": 1270,
"y": 280
},
"type": "block"
},
{
"item": "viz_bPHMNgGr",
"position": {
"h": 40,
"w": 170,
"x": 1100,
"y": 280
},
"type": "block"
},
{
"item": "viz_EjMvfKEx",
"position": {
"h": 32,
"w": 34,
"x": 1040,
"y": 280
},
"type": "block"
},
{
"item": "viz_o7uaQZLl",
"position": {
"h": 40,
"w": 170,
"x": 1100,
"y": 240
},
"type": "block"
},
{
"item": "viz_3ueBQk4g",
"position": {
"h": 30,
"w": 420,
"x": 90,
"y": 10
},
"type": "block"
},
{
"item": "viz_MbHfFphf",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 500
},
"type": "block"
},
{
"item": "viz_GYlYEiNj",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 990
},
"type": "block"
},
{
"item": "viz_3TmGm2Tt",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 780
},
"type": "block"
},
{
"item": "viz_6FWnIwIk",
"position": {
"h": 50,
"w": 310,
"x": 500,
"y": 760
},
"type": "block"
},
{
"item": "viz_acajsYlE",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 800
},
"type": "block"
},
{
"item": "viz_e6YPzDYx",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 700
},
"type": "block"
},
{
"item": "viz_ALXL6Mbh",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 570
},
"type": "block"
},
{
"item": "viz_sovXyfkp",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 610
},
"type": "block"
},
{
"item": "viz_VJ2n8yNY",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 500
},
"type": "block"
},
{
"item": "viz_bSIanwmA",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 920
},
"type": "block"
},
{
"item": "viz_VFzTB4Pr",
"position": {
"h": 50,
"w": 240,
"x": 500,
"y": 955
},
"type": "block"
},
{
"item": "viz_zvFeUNjk",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 740
},
"type": "block"
},
{
"item": "viz_G8vGykMo",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 530
},
"type": "block"
},
{
"item": "viz_rgocUz6k",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 570
},
"type": "block"
},
{
"item": "viz_f7xbUukE",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 530
},
"type": "block"
},
{
"item": "viz_j8l7m0H7",
"position": {
"h": 50,
"w": 320,
"x": 0,
"y": 895
},
"type": "block"
},
{
"item": "viz_J2IQafnT",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 650
},
"type": "block"
},
{
"item": "viz_Z9BBHwYs",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 690
},
"type": "block"
},
{
"item": "viz_3qjg5Vht",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 500
},
"type": "block"
},
{
"item": "viz_YlOemvm4",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 535
},
"type": "block"
},
{
"item": "viz_v4edEl0J",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 940
},
"type": "block"
},
{
"item": "viz_jJDeClfA",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 580
},
"type": "block"
},
{
"item": "viz_yCUYsRUy",
"position": {
"h": 50,
"w": 317,
"x": 993,
"y": 610
},
"type": "block"
},
{
"item": "viz_jqzRvUIL",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 860
},
"type": "block"
},
{
"item": "viz_3J60cyjP",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 660
},
"type": "block"
},
{
"item": "viz_qg54wRGO",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 650
},
"type": "block"
},
{
"item": "viz_21cv3AZ5",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 740
},
"type": "block"
},
{
"item": "viz_kKQw0UJA",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 780
},
"type": "block"
},
{
"item": "viz_w7Dve9FX",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 820
},
"type": "block"
},
{
"item": "viz_NSNGBWTO",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 860
},
"type": "block"
},
{
"item": "viz_KJxZn4hH",
"position": {
"h": 50,
"w": 280,
"x": 500,
"y": 870
},
"type": "block"
},
{
"item": "viz_AORov7pi",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 820
},
"type": "block"
},
{
"item": "viz_OMmqZtJ7",
"position": {
"h": 39,
"w": 130,
"x": 360,
"y": 470
},
"type": "block"
},
{
"item": "viz_uqSpv5Kd",
"position": {
"h": 39,
"w": 60,
"x": 920,
"y": 730
},
"type": "block"
},
{
"item": "viz_TNm0P6KB",
"position": {
"h": 40,
"w": 200,
"x": 1290,
"y": 470
},
"type": "block"
},
{
"item": "viz_hud6a8Zx",
"position": {
"h": 39,
"w": 60,
"x": 920,
"y": 840
},
"type": "block"
},
{
"item": "viz_OZmqKEfh",
"position": {
"h": 39,
"w": 130,
"x": 360,
"y": 710
},
"type": "block"
},
{
"item": "viz_31gsPiP3",
"position": {
"h": 39,
"w": 140,
"x": 850,
"y": 470
},
"type": "block"
},
{
"item": "viz_FdZ5w8Pj",
"position": {
"h": 39,
"w": 150,
"x": 840,
"y": 620
},
"type": "block"
},
{
"item": "viz_8BVAjxs4",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 867
},
"type": "block"
},
{
"item": "viz_b9xwtvA7",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 907
},
"type": "block"
},
{
"item": "viz_WrqqREjN",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 947
},
"type": "block"
},
{
"item": "viz_PKhHZ17Q",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 987
},
"type": "block"
},
{
"item": "viz_qLKLkup8",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 492
},
"type": "block"
},
{
"item": "viz_XLekoYpG",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 532
},
"type": "block"
},
{
"item": "viz_nFmEyYO8",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 931
},
"type": "block"
},
{
"item": "viz_8zrD1Br4",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 572
},
"type": "block"
},
{
"item": "viz_oDwFEYgf",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 612
},
"type": "block"
},
{
"item": "viz_QL7YpTvR",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 652
},
"type": "block"
},
{
"item": "viz_pKw4XeqX",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 692
},
"type": "block"
},
{
"item": "viz_GCXiElFj",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 732
},
"type": "block"
},
{
"item": "viz_53O2aGcj",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 772
},
"type": "block"
},
{
"item": "viz_i2P1MkDJ",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 812
},
"type": "block"
},
{
"item": "viz_ZUzEw1ex",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 852
},
"type": "block"
},
{
"item": "viz_Eo3bH8QW",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 491
},
"type": "block"
},
{
"item": "viz_1RAKDpML",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 531
},
"type": "block"
},
{
"item": "viz_TRgHVuSZ",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 571
},
"type": "block"
},
{
"item": "viz_HtSNeBv8",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 611
},
"type": "block"
},
{
"item": "viz_hOioaWYv",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 651
},
"type": "block"
},
{
"item": "viz_QsFqS9sg",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 731
},
"type": "block"
},
{
"item": "viz_Og0GsQk1",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 771
},
"type": "block"
},
{
"item": "viz_RRnJDQ7E",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 811
},
"type": "block"
},
{
"item": "viz_mYQ3Ahj3",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 851
},
"type": "block"
},
{
"item": "viz_tI6cMyj4",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 891
},
"type": "block"
},
{
"item": "viz_SUvUV26d",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 495
},
"type": "block"
},
{
"item": "viz_dXNVPqpO",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 535
},
"type": "block"
},
{
"item": "viz_zdJ8HZR9",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 575
},
"type": "block"
},
{
"item": "viz_SfuaNk53",
"position": {
"h": 140,
"w": 540,
"x": 20,
"y": 50
},
"type": "block"
},
{
"item": "viz_rV6Lbp2z",
"position": {
"h": 140,
"w": 260,
"x": 300,
"y": 210
},
"type": "block"
},
{
"item": "viz_PLzLkjTj",
"position": {
"h": 140,
"w": 260,
"x": 20,
"y": 210
},
"type": "block"
},
{
"item": "viz_U34r2Mko",
"position": {
"h": 40,
"w": 170,
"x": 1270,
"y": 320
},
"type": "block"
},
{
"item": "viz_8NtsaDwL",
"position": {
"h": 40,
"w": 170,
"x": 1100,
"y": 320
},
"type": "block"
},
{
"item": "viz_FNrs1dG0",
"position": {
"h": 50,
"w": 50,
"x": 1034,
"y": 310
},
"type": "block"
},
{
"item": "viz_K48PfzX9",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 686
},
"type": "block"
},
{
"item": "viz_LzfYottx",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 646
},
"type": "block"
},
{
"item": "viz_7bFB2xRn",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 795
},
"type": "block"
},
{
"item": "viz_X52TPS4s",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 755
},
"type": "block"
},
{
"item": "viz_M0YFpYWe",
"position": {
"h": 30,
"w": 350,
"x": 620,
"y": 10
},
"type": "block"
},
{
"item": "viz_LtgK97zC",
"position": {
"h": 30,
"w": 500,
"x": 10,
"y": 410
},
"type": "block"
},
{
"item": "viz_pTihWbqg",
"position": {
"from": {
"x": -3,
"y": 450
},
"to": {
"x": 1934,
"y": 449
}
},
"type": "line"
},
{
"item": "viz_JDojbhoj",
"position": {
"h": 650,
"w": 1940,
"x": 0,
"y": 410
},
"type": "block"
},
{
"item": "viz_WSwPptsf",
"position": {
"h": 290,
"w": 340,
"x": 620,
"y": 0
},
"type": "block"
},
{
"item": "viz_7NnbqObY",
"position": {
"h": 200,
"w": 580,
"x": 0,
"y": 0
},
"type": "block"
},
{
"item": "viz_sIkKtiVk",
"position": {
"h": 380,
"w": 450,
"x": 1020,
"y": 0
},
"type": "block"
},
{
"item": "viz_JKty0UQN",
"position": {
"h": 40,
"w": 280,
"x": 1640,
"y": 0
},
"type": "block"
}
],
"type": "absolute"
},
"title": "M365 Security Dashboard - Threat Management",
"visualizations": {
"viz_1RAKDpML": {
"data_sources": {
"primary": "ds_7c3Ve7MN"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_1iiLDkYH": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_21cv3AZ5": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Phish delivered because a user's Junk Mail Folder is disabled"
},
"type": "splunk.markdown"
},
"viz_31gsPiP3": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email: Malicious"
},
"type": "splunk.markdown"
},
"viz_3J60cyjP": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware campaign detected in SharePoint and OneDrive"
},
"type": "splunk.markdown"
},
"viz_3TmGm2Tt": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Failed exact data match upload"
},
"type": "splunk.markdown"
},
"viz_3qjg5Vht": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Tenant restricted from sending email"
},
"type": "splunk.markdown"
},
"viz_3ueBQk4g": {
"options": {
"customFontSize": 24.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "**M365 Security: Threat Management**"
},
"type": "splunk.markdown"
},
"viz_4DWqvA8O": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_53O2aGcj": {
"data_sources": {
"primary": "ds_pFzL0388"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_6FWnIwIk": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Form blocked due to potential phishing attempt"
},
"type": "splunk.markdown"
},
"viz_6dWLMKtj": {
"options": {
"customFontSize": 24.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "**M365 Performance & Availability**"
},
"type": "splunk.markdown"
},
"viz_7NnbqObY": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-management"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_7bFB2xRn": {
"data_sources": {
"primary": "ds_K8u5tNdp"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_8BVAjxs4": {
"data_sources": {
"primary": "ds_S23nHPQl"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_8NtsaDwL": {
"data_sources": {
"primary": "ds_P9Fmc8jM"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_8zrD1Br4": {
"data_sources": {
"primary": "ds_kEmJGZGh"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_ALXL6Mbh": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware campaign detected after delivery"
},
"type": "splunk.markdown"
},
"viz_AORov7pi": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Successful exact data match upload"
},
"type": "splunk.markdown"
},
"viz_DOLGDqRS": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_EjMvfKEx": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-azuread"
},
"type": "splunk.image"
},
"viz_Eo3bH8QW": {
"data_sources": {
"primary": "ds_UPaPYxm6"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_FNrs1dG0": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-power-bi-24x24"
},
"type": "splunk.image"
},
"viz_FdZ5w8Pj": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email: Suspicious"
},
"type": "splunk.markdown"
},
"viz_G8vGykMo": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email messages containing malicious URL removed after delivery"
},
"type": "splunk.markdown"
},
"viz_GCXiElFj": {
"data_sources": {
"primary": "ds_LCJDIgEA"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_GYlYEiNj": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email sending limit exceeded"
},
"type": "splunk.markdown"
},
"viz_HLeZ2fmX": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Performance"
},
"type": "splunk.markdown"
},
"viz_HtSNeBv8": {
"data_sources": {
"primary": "ds_sWtjDtCY"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_J2IQafnT": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Suspicious Email Forwarding Activity"
},
"type": "splunk.markdown"
},
"viz_J6KwDTd8": {
"data_sources": {
"primary": "ds_OFBAMaHl"
},
"options": {
"fill_color": "> primary | seriesByName(\"alert_color\") | lastPoint()"
},
"type": "splunk.rectangle"
},
"viz_JCCVvLNl": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-exchange-48x48"
},
"type": "splunk.image"
},
"viz_JDojbhoj": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-management"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_JKty0UQN": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-executive-overview&action=view"
},
"type": "drilldown.customUrl"
}
],
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-microsoft-365"
},
"type": "splunk.image"
},
"viz_K48PfzX9": {
"data_sources": {
"primary": "ds_CwNHa74t"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_KJxZn4hH": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Remediation action taken by admin on \nemails or URL or sender"
},
"type": "splunk.markdown"
},
"viz_LtgK97zC": {
"options": {
"customFontSize": 24.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "**M365 Security: Threat Management (details)**"
},
"type": "splunk.markdown"
},
"viz_LzfYottx": {
"data_sources": {
"primary": "ds_Mw0eQtbg"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_M0YFpYWe": {
"options": {
"customFontSize": 24.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "**M365 Security: Overall Health**"
},
"type": "splunk.markdown"
},
"viz_M291DEZJ": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_MbHfFphf": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email reported by user as malware or phish"
},
"type": "splunk.markdown"
},
"viz_Msnfwxsk": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-sharepoint"
},
"type": "splunk.image"
},
"viz_NOE2ckl3": {
"data_sources": {
"primary": "ds_nSJVmBZI"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_NSNGBWTO": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Phish not zapped because ZAP is disabled"
},
"type": "splunk.markdown"
},
"viz_OMmqZtJ7": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email: Malware"
},
"type": "splunk.markdown"
},
"viz_OZmqKEfh": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email: Phishing"
},
"type": "splunk.markdown"
},
"viz_Og0GsQk1": {
"data_sources": {
"primary": "ds_Spsqbzoa"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_PKhHZ17Q": {
"data_sources": {
"primary": "ds_cKi7WOpX"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_PLzLkjTj": {
"data_sources": {
"primary": "ds_pkkMijtJ"
},
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-security"
},
"type": "drilldown.customUrl"
}
],
"options": {
"background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"title": "Security Overall",
"type": "splunk.singlevalue"
},
"viz_Q7m8dKqi": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_QL7YpTvR": {
"data_sources": {
"primary": "ds_cfGSE4oD"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_Qnh2MTYs": {
"data_sources": {
"primary": "ds_mQ9gLHEF"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_QsFqS9sg": {
"data_sources": {
"primary": "ds_FiQTjw0t"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_RRnJDQ7E": {
"data_sources": {
"primary": "ds_JqDqXdyB"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_SUvUV26d": {
"data_sources": {
"primary": "ds_GvG2lfFy"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_SfuaNk53": {
"data_sources": {
"primary": "ds_hEomd24i"
},
"options": {
"background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"title": "Threat Management",
"type": "splunk.singlevalue"
},
"viz_TNm0P6KB": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Security & Compliance"
},
"type": "splunk.markdown"
},
"viz_TRgHVuSZ": {
"data_sources": {
"primary": "ds_SmgYba2K"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_U34r2Mko": {
"data_sources": {
"primary": "ds_IzbYJAsR"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_UwnHVqVF": {
"data_sources": {
"primary": "ds_vtjODuQ4"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_VFzTB4Pr": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Admin triggered manual investigation\nof email"
},
"type": "splunk.markdown"
},
"viz_VJ2n8yNY": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "A potentially malicious URL click was detected"
},
"type": "splunk.markdown"
},
"viz_WSwPptsf": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-executive-overview&action=view"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_WrqqREjN": {
"data_sources": {
"primary": "ds_NbOuEYe0"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_X52TPS4s": {
"data_sources": {
"primary": "ds_Y6IwBvGD"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_X5QKAF37": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Availability"
},
"type": "splunk.markdown"
},
"viz_XLekoYpG": {
"data_sources": {
"primary": "ds_JOW31gSa"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_YlOemvm4": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Tenant restricted from sending unprovisioned email"
},
"type": "splunk.markdown"
},
"viz_Z9BBHwYs": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Suspicious email sending patterns detected"
},
"type": "splunk.markdown"
},
"viz_ZUzEw1ex": {
"data_sources": {
"primary": "ds_R5D2vp8g"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_acajsYlE": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Form flagged and confirmed as phishing"
},
"type": "splunk.markdown"
},
"viz_b9xwtvA7": {
"data_sources": {
"primary": "ds_JptaDvdF"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_bPHMNgGr": {
"data_sources": {
"primary": "ds_1tgPt3mh"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_bSIanwmA": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Admin submission result completed"
},
"type": "splunk.markdown"
},
"viz_bUafuQtj": {
"data_sources": {
"primary": "ds_083zujwS"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_dXNVPqpO": {
"data_sources": {
"primary": "ds_ziNb4LvN"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_druTJqGo": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_e6YPzDYx": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "MIP AutoLabel simulation completed"
},
"type": "splunk.markdown"
},
"viz_f1nnmVoq": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-yammer"
},
"type": "splunk.image"
},
"viz_f7xbUukE": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email messages containing malware removed after delivery"
},
"type": "splunk.markdown"
},
"viz_faHkI0RF": {
"data_sources": {
"primary": "ds_iDvy3I5y"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_flBLmnqx": {
"data_sources": {
"primary": "ds_6lonf6pu"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_hOioaWYv": {
"data_sources": {
"primary": "ds_y7c2PMC0"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_hud6a8Zx": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Admin"
},
"type": "splunk.markdown"
},
"viz_i2P1MkDJ": {
"data_sources": {
"primary": "ds_ncxoJa95"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_iwFY6Ssb": {
"data_sources": {
"primary": "ds_4W0qIgiG"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_j8l7m0H7": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email messages containing phish URLs removed after delivery"
},
"type": "splunk.markdown"
},
"viz_jJDeClfA": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "User restricted from sending email"
},
"type": "splunk.markdown"
},
"viz_jqzRvUIL": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "eDiscovery search started or exported"
},
"type": "splunk.markdown"
},
"viz_kKQw0UJA": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Phish delivered due to an ETR override"
},
"type": "splunk.markdown"
},
"viz_kUriycSm": {
"data_sources": {
"primary": "ds_diArV7Gu"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "off",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "off"
},
"type": "splunk.singlevalue"
},
"viz_knrg7InH": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-teams"
},
"type": "splunk.image"
},
"viz_lpsEPULV": {
"data_sources": {
"primary": "ds_OSmztg8T"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_mYQ3Ahj3": {
"data_sources": {
"primary": "ds_0a7gzTjo"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_nFmEyYO8": {
"data_sources": {
"primary": "ds_TwYKtIyo"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_nIrV6Ji9": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-office-256x256"
},
"type": "splunk.image"
},
"viz_o7uaQZLl": {
"data_sources": {
"primary": "ds_pdohGLDI"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_oDwFEYgf": {
"data_sources": {
"primary": "ds_HCyL3oA6"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_pKw4XeqX": {
"data_sources": {
"primary": "ds_xe6ZHJYv"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_pTihWbqg": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 6.0
},
"type": "abslayout.line"
},
"viz_qLKLkup8": {
"data_sources": {
"primary": "ds_3uckpPxG"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_qg54wRGO": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware not zapped because ZAP is disabled"
},
"type": "splunk.markdown"
},
"viz_rV6Lbp2z": {
"data_sources": {
"primary": "ds_A9GJW0TB"
},
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection"
},
"type": "drilldown.customUrl"
}
],
"options": {
"background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"title": "Threat Detection",
"type": "splunk.singlevalue"
},
"viz_rgocUz6k": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email messages containing malicious file removed after delivery"
},
"type": "splunk.markdown"
},
"viz_sIkKtiVk": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-overview-dashboard&action=view"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_sovXyfkp": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware campaign detected and blocked"
},
"type": "splunk.markdown"
},
"viz_tI6cMyj4": {
"data_sources": {
"primary": "ds_M7cfBfKD"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_uHMieKhH": {
"data_sources": {
"primary": "ds_mtIXHc7y"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_uqSpv5Kd": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Forms"
},
"type": "splunk.markdown"
},
"viz_v4edEl0J": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual increase in email reported as phish"
},
"type": "splunk.markdown"
},
"viz_w7Dve9FX": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Phish delivered due to an IP allow policy"
},
"type": "splunk.markdown"
},
"viz_yCUYsRUy": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "User restricted from sharing forms and collecting responses"
},
"type": "splunk.markdown"
},
"viz_yOaoYAxD": {
"data_sources": {
"primary": "ds_bHGWKEHp"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_zJNts59u": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-onedrive"
},
"type": "splunk.image"
},
"viz_zRota3sv": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_zdJ8HZR9": {
"data_sources": {
"primary": "ds_vjtep4Mt"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_zvFeUNjk": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Creation of forwarding/redirect rule"
},
"type": "splunk.markdown"
}
}
},
"description": "",
"gt_version": "beta",
"key": "da-itsi-cp-m365-m365-security-dashboard-threat-management",
"latest": "now",
"latest_label": "Now",
"selected_swap_service_id": null,
"swap_service_ids": [],
"template_selected_service_id": null,
"template_swappable_service_ids": [],
"title": "M365 Security Dashboard - Threat Management",
"version": "0.0.38"
}
Reference in new issue View Git Blame Copy Permalink