admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e66421659c'
${ noResults }
Deploiement_Server/deployment-apps/DA-ITSI-CP-m365/itsi/glass_tables/da-itsi-cp-m365-m365-securi...

5416 lines
213 KiB
Raw Blame History

{
"definition": {
"data_sources": {
"ds_083zujwS": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-yammer-availability",
"service_id": "da-itsi-cp-m365-m365-yammer-availability"
},
"name": "O365_Yammer_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-yammer-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_0RymRlVs": {
"meta": {
"kpi_id": "da-itsi-cp-m365-725a71f8dd373be182e37ce7",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual file share activity (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-725a71f8dd373be182e37ce7)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_0a7gzTjo": {
"meta": {
"kpi_id": "da-itsi-cp-m365-5bf5606cfaaf9f1e1906e0c7",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Phish not zapped because ZAP is disabled",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-5bf5606cfaaf9f1e1906e0c7)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_19eDLbgn_ds_6Er8tBuW_ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_StayInformed_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"stayInformed\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_1grVt6E8": {
"name": "GEO_LoginSuccessFail",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=AzureActiveDirectory Operation=UserLoggedIn OR Operation=UserLoginFailed\n|iplocation ActorIpAddress |stats count by Country | geom geo_countries featureIdField=Country"
},
"type": "ds.search"
},
"ds_1tgPt3mh": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-azuread-performance",
"service_id": "da-itsi-cp-m365-m365-azuread-performance"
},
"name": "O365_AzureAD_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-azuread-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_3uckpPxG": {
"meta": {
"kpi_id": "da-itsi-cp-m365-8523be4e51e4d22cd0adfc5f",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Tenant restricted from sending email",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-8523be4e51e4d22cd0adfc5f)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_4W0qIgiG": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-performance",
"service_id": "da-itsi-cp-m365-m365-sharepoint-online-performance"
},
"name": "O365_SharePoint_Online_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-sharepoint-online-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_5Fa6sA9o": {
"meta": {
"kpi_id": "da-itsi-cp-m365-0c81b2d51abae61cec0ef3f9",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Activity from infrequent country",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-0c81b2d51abae61cec0ef3f9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_6Er8tBuW_ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_StayInformed_Normal",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"stayInformed\" severity=\"normal\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_6IyfamOT": {
"meta": {
"kpi_id": "da-itsi-cp-m365-70105ff25be7a7fa3667f158",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Activity performed by terminated user",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-70105ff25be7a7fa3667f158)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_6lonf6pu": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-teams-performance",
"service_id": "da-itsi-cp-m365-m365-teams-performance"
},
"name": "O365_Teams_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-teams-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_7c3Ve7MN": {
"meta": {
"kpi_id": "da-itsi-cp-m365-c1181e5da7c68badae4466e7",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email messages containing malware removed after delivery",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-c1181e5da7c68badae4466e7)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_91frjQDi": {
"meta": {
"kpi_id": "da-itsi-cp-m365-e255403f15e56c7362f54c5a",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Ransomware activity",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e255403f15e56c7362f54c5a)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_A3bqtW6K": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-detection",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-detection)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_A9GJW0TB": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-detection",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-detection)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_APzAWCjg_ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_PreventFixIssues_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"preventOrFixIssue\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_ChlhtDKE": {
"meta": {
"kpi_id": "da-itsi-cp-m365-78c060e47fa9f2064318598d",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Suspicious inbox manipulation rule",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-78c060e47fa9f2064318598d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_CwNHa74t": {
"meta": {
"kpi_id": "da-itsi-cp-m365-4e404594ca7f78ca1d5d0ab4",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Suspicious email sending patterns detected",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-4e404594ca7f78ca1d5d0ab4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_DPVZeJmE": {
"meta": {
"kpi_id": "da-itsi-cp-m365-1b5f52a6ba5583b91bcb7ee6",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual file deletion activity (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-1b5f52a6ba5583b91bcb7ee6)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_FiQTjw0t": {
"meta": {
"kpi_id": "da-itsi-cp-m365-9fa342e6bd6fa0c75ecfd9e4",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Phish delivered because a user's Junk Mail Folder is disabled",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9fa342e6bd6fa0c75ecfd9e4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_FxISLgeA": {
"meta": {
"kpi_id": "da-itsi-cp-m365-53826bcd8ecfef46793dce12",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual administrative activity (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-53826bcd8ecfef46793dce12)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_GvG2lfFy": {
"meta": {
"kpi_id": "da-itsi-cp-m365-335970fbaba5102dfcc7001e",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - A potentially malicious URL click was detected",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-335970fbaba5102dfcc7001e)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_HCyL3oA6": {
"meta": {
"kpi_id": "da-itsi-cp-m365-7ca96b5a3c7a8582ea11f1b3",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - User restricted from sharing forms and collecting responses",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-7ca96b5a3c7a8582ea11f1b3)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_HdhuUeLu": {
"meta": {
"kpi_id": "da-itsi-cp-m365-439461d009e2f0ff6ecf39b9",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Multiple storage deletion activities",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-439461d009e2f0ff6ecf39b9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_HkHxV06x": {
"meta": {
"kpi_id": "da-itsi-cp-m365-3be36f063bddcaf8fc2cd0f9",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Multiple VM creation activities",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-3be36f063bddcaf8fc2cd0f9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_IyVRZOxX": {
"meta": {
"kpi_id": "da-itsi-cp-m365-cea39bad8b93e87524d52526",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Malware detection",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-cea39bad8b93e87524d52526)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_IzbYJAsR": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-powebi-availability",
"service_id": "da-itsi-cp-m365-m365-powebi-availability"
},
"name": "O365_PoweBI_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-powebi-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_JOW31gSa": {
"meta": {
"kpi_id": "da-itsi-cp-m365-7dd5b60d312252feaf09984f",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Tenant restricted from sending unprovisioned email",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-7dd5b60d312252feaf09984f)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_JptaDvdF": {
"meta": {
"kpi_id": "da-itsi-cp-m365-2ef1fa92d295f04314c86998",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Admin Submission Result Completed",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-2ef1fa92d295f04314c86998)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_JqDqXdyB": {
"meta": {
"kpi_id": "da-itsi-cp-m365-9de0cedd8cad34b312b6c607",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Phish delivered due to an IP allow policy",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9de0cedd8cad34b312b6c607)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_JtBldVTw_ds_PWYF5H9e_ds_tZa7bJJY": {
"name": "Copy of M_PlanForChange_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_K8u5tNdp": {
"meta": {
"kpi_id": "da-itsi-cp-m365-b018769b1369129e8f467ab9",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Form flagged and confirmed as phishing",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-b018769b1369129e8f467ab9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_LCJDIgEA": {
"meta": {
"kpi_id": "da-itsi-cp-m365-308db1b4e0a8b93083d63189",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Creation of forwarding/redirect rule",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-308db1b4e0a8b93083d63189)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_M7cfBfKD": {
"meta": {
"kpi_id": "da-itsi-cp-m365-e3d64fcd5f4743eae1c4fa18",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email messages containing phish URLs removed after delivery",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e3d64fcd5f4743eae1c4fa18)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_MB73wN2g_ds_tZa7bJJY": {
"name": "M_PreventFixIssues_Normal",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"preventOrFixIssue\" severity=\"normal\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_MXJZLvxK": {
"meta": {
"kpi_id": "da-itsi-cp-m365-f1dd06f3514cabf98288559d",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Misleading OAuth app name",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-f1dd06f3514cabf98288559d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_Mw0eQtbg": {
"meta": {
"kpi_id": "da-itsi-cp-m365-34b5cb3b724026b9e1e052d0",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Suspicious Email Forwarding Activity",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-34b5cb3b724026b9e1e052d0)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_NbOuEYe0": {
"meta": {
"kpi_id": "da-itsi-cp-m365-00d20a88bad4d66da569d8cd",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Admin triggered manual investigation of email",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-00d20a88bad4d66da569d8cd)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_OFBAMaHl": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365",
"service_id": "da-itsi-cp-m365-m365"
},
"name": "O365 - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_OSmztg8T": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-teams-availability",
"service_id": "da-itsi-cp-m365-m365-teams-availability"
},
"name": "O365_Teams_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-teams-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_OiYe7Yx4": {
"meta": {
"kpi_id": "da-itsi-cp-m365-ee6e4dad771d573ea72ebde5",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual file download (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-ee6e4dad771d573ea72ebde5)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_P9Fmc8jM": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-powerbi-performance",
"service_id": "da-itsi-cp-m365-m365-powerbi-performance"
},
"name": "O365_PowerBI_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-powerbi-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_PPUj5qKV": {
"meta": {
"kpi_id": "da-itsi-cp-m365-e2bcc3f70d857a221996dfae",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual impersonated activity (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e2bcc3f70d857a221996dfae)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_PWYF5H9e_ds_tZa7bJJY": {
"name": "M_PlanForChange_High",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"high\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_QKp1TbC8": {
"name": "STATS_LoginSuccess",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:management:activity\" Workload=AzureActiveDirectory Operation=UserLoggedIn"
},
"type": "ds.search"
},
"ds_R5D2vp8g": {
"meta": {
"kpi_id": "da-itsi-cp-m365-039b43cf4c7fc3823a5989b5",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - eDiscovery search started or exported",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-039b43cf4c7fc3823a5989b5)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_S23nHPQl": {
"meta": {
"kpi_id": "da-itsi-cp-m365-d9f19da945babcdba8476088",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Remediation action taken by admin on emails or URL or sender",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-d9f19da945babcdba8476088)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_S4JkpLcw": {
"meta": {
"kpi_id": "da-itsi-cp-m365-e068b071c2ab0484b8e0088b",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Preview: Multiple Power BI report sharing activities",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e068b071c2ab0484b8e0088b)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_SWoWEcgq": {
"meta": {
"kpi_id": "da-itsi-cp-m365-39d7e3fb2f19c99fff964f71",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Risky sign-in",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-39d7e3fb2f19c99fff964f71)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_SeTDp3tf": {
"meta": {
"kpi_id": "da-itsi-cp-m365-5c246ff1644c8289b88e1e00",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Multiple failed login attempts",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-5c246ff1644c8289b88e1e00)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_SmgYba2K": {
"meta": {
"kpi_id": "da-itsi-cp-m365-005c3f1e83457829d81f00f6",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Malware campaign detected after delivery",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-005c3f1e83457829d81f00f6)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_Spsqbzoa": {
"meta": {
"kpi_id": "da-itsi-cp-m365-ff3e9770c49ed7a45ffe3b84",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Phish delivered due to an ETR override",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-ff3e9770c49ed7a45ffe3b84)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_TwYKtIyo": {
"meta": {
"kpi_id": "da-itsi-cp-m365-9f412f2ba47006224e7f1bbb",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Unusual increase in email reported as phish",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9f412f2ba47006224e7f1bbb)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_UPaPYxm6": {
"meta": {
"kpi_id": "da-itsi-cp-m365-35a40df6a4b5a4d655cf4066",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email reported by user as malware or phish",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-35a40df6a4b5a4d655cf4066)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_V4TbdOXR": {
"meta": {
"kpi_id": "da-itsi-cp-m365-33f7d1dfed53a52c8b23d636",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Suspicious OAuth app file download activities",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-33f7d1dfed53a52c8b23d636)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_Y6IwBvGD": {
"meta": {
"kpi_id": "da-itsi-cp-m365-9a98c6411cf1054c3ad37c23",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Form blocked due to potential phishing attempt",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9a98c6411cf1054c3ad37c23)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_YnDq7wLF": {
"name": "SV_service_degradation",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceDegradation\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_bHGWKEHp": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-exchange-performance",
"service_id": "da-itsi-cp-m365-m365-exchange-performance"
},
"name": "O365_Exchange_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-exchange-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_cKi7WOpX": {
"meta": {
"kpi_id": "da-itsi-cp-m365-4ecdcf1629fe1dbda1e73b2c",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email sending limit exceeded",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-4ecdcf1629fe1dbda1e73b2c)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_cfGSE4oD": {
"meta": {
"kpi_id": "da-itsi-cp-m365-b2e7e08b7c45daa9d2d1ffcf",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Malware campaign detected in SharePoint and OneDrive",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-b2e7e08b7c45daa9d2d1ffcf)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_cplJ88yB": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-management",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-management)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_diArV7Gu": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365",
"service_id": "da-itsi-cp-m365-m365"
},
"name": "O365 - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_eqcIwRxM": {
"meta": {
"kpi_id": "da-itsi-cp-m365-94bdd447b34e462623ba7ad8",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Impossible travel",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-94bdd447b34e462623ba7ad8)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_fFgWwN2t": {
"meta": {
"kpi_id": "da-itsi-cp-m365-d201d46cdda4083443f8b146",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Preview: Suspicious change of CloudTrail logging service",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-d201d46cdda4083443f8b146)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_gOcfSjLP": {
"meta": {
"kpi_id": "da-itsi-cp-m365-e62b37aeba6eb6910d9b3fb4",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Preview: Suspicious Power BI report sharing",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-e62b37aeba6eb6910d9b3fb4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_hEomd24i": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-threat-management",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-threat-management)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_iDvy3I5y": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-sharepoint-online-availability",
"service_id": "da-itsi-cp-m365-m365-sharepoint-online-availability"
},
"name": "O365_SharePoint_Online_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-sharepoint-online-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_iMkpBdOw": {
"meta": {
"kpi_id": "da-itsi-cp-m365-dbd94f6bbdc658d6b777efc1",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Unusual addition of credentials to an OAuth app",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-dbd94f6bbdc658d6b777efc1)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_kEmJGZGh": {
"meta": {
"kpi_id": "da-itsi-cp-m365-a5b963ff18821c61b301f437",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - User restricted from sending email",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-a5b963ff18821c61b301f437)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_lmnRgCPJ": {
"meta": {
"kpi_id": "da-itsi-cp-m365-b48c41aca99df54f077082c3",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Multiple delete VM activities",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-b48c41aca99df54f077082c3)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_m6nQCit8": {
"meta": {
"kpi_id": "da-itsi-cp-m365-1179499a9bbe188261dc59b6",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Data exfiltration to unsanctioned apps",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-1179499a9bbe188261dc59b6)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_mQ9gLHEF": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-onedrive-availability",
"service_id": "da-itsi-cp-m365-m365-onedrive-availability"
},
"name": "O365_OneDrive_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-onedrive-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_mtIXHc7y": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-exchange-availability",
"service_id": "da-itsi-cp-m365-m365-exchange-availability"
},
"name": "O365_Exchange_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-exchange-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_n7Kbwg3j": {
"meta": {
"kpi_id": "da-itsi-cp-m365-2c1ee3c3072dc1a59d92d9c9",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Activity from anonymous IP addresses",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-2c1ee3c3072dc1a59d92d9c9)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_nSJVmBZI": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-azuread-availability",
"service_id": "da-itsi-cp-m365-m365-azuread-availability"
},
"name": "O365_AzureAD_Availability - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-azuread-availability)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_ncxoJa95": {
"meta": {
"kpi_id": "da-itsi-cp-m365-2fd6695634044151e6a32eee",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Successful exact data match upload",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-2fd6695634044151e6a32eee)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_pFzL0388": {
"meta": {
"kpi_id": "da-itsi-cp-m365-badccea130915197605e1250",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Failed exact data match upload",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-badccea130915197605e1250)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_pdohGLDI": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-yammer-performance",
"service_id": "da-itsi-cp-m365-m365-yammer-performance"
},
"name": "O365_Yammer_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-yammer-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_pkkMijtJ": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-security",
"service_id": "da-itsi-cp-m365-m365-security"
},
"name": "O365_Security - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-security)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_qI2sr98f": {
"meta": {
"kpi_id": "da-itsi-cp-m365-bc3fd6b828df45db7cf1c41c",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Suspicious email deletion activity (by user)",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-bc3fd6b828df45db7cf1c41c)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_qf5Odg58": {
"name": "SV_service_interruption",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceInterruption\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_sOuC6KP0": {
"meta": {
"kpi_id": "da-itsi-cp-m365-27c1e7c5de9f8f8f9259d2f5",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Suspicious inbox forwarding",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-27c1e7c5de9f8f8f9259d2f5)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_sWtjDtCY": {
"meta": {
"kpi_id": "da-itsi-cp-m365-af1f6fffe44ddaa3242707ad",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Malware campaign detected and blocked",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-af1f6fffe44ddaa3242707ad)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_t0kZ7Eme": {
"name": "SV_investigating",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"investigating\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_t8tkHKBL": {
"meta": {
"kpi_id": "da-itsi-cp-m365-6977aee5803a6401e3eeb079",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Malicious OAuth app consent",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-6977aee5803a6401e3eeb079)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_tZa7bJJY": {
"name": "M_PlanForChange_Normal",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:updateMessage\" category=\"planForChange\" severity=\"normal\" | timechart dc(id)"
},
"type": "ds.search"
},
"ds_vNZD8LDw": {
"name": "SV_service_restored",
"options": {
"query": "`m365_cp_default_index` sourcetype=\"o365:service:healthIssue\" classification=incident status=\"serviceRestored\" | dedup id | timechart count"
},
"type": "ds.search"
},
"ds_vjtep4Mt": {
"meta": {
"kpi_id": "da-itsi-cp-m365-6543fc19e5b43a24acb4f9e1",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email messages containing malicious file removed after delivery\u200b",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-6543fc19e5b43a24acb4f9e1)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_vtjODuQ4": {
"meta": {
"kpi_id": "SHKPI-da-itsi-cp-m365-m365-onedrive-performance",
"service_id": "da-itsi-cp-m365-m365-onedrive-performance"
},
"name": "O365_OneDrive_Performance - ServiceHealthScore",
"options": {
"query": "`get_full_itsi_summary_kpi(SHKPI-da-itsi-cp-m365-m365-onedrive-performance)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_wManXMy2": {
"meta": {
"kpi_id": "da-itsi-cp-m365-9da46ed16abfd5cbaedb709a",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Leaked credentials",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-9da46ed16abfd5cbaedb709a)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_xe6ZHJYv": {
"meta": {
"kpi_id": "da-itsi-cp-m365-fbf479a0530fe57af9776410",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - MIP AutoLabel simulation completed",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-fbf479a0530fe57af9776410)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_xizAFB3w": {
"meta": {
"kpi_id": "da-itsi-cp-m365-de58bc9bbc4768406116b8c4",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Misleading publisher name for an OAuth app",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-de58bc9bbc4768406116b8c4)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_y7c2PMC0": {
"meta": {
"kpi_id": "da-itsi-cp-m365-494e7910f769e401e422bd22",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Malware not zapped because ZAP is disabled",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-494e7910f769e401e422bd22)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_yZUQHbXW": {
"meta": {
"kpi_id": "da-itsi-cp-m365-3add69e6499e96fbff2fe40d",
"service_id": "da-itsi-cp-m365-m365-threat-detection"
},
"name": "O365_Threat Detection - Activity from suspicious IP addresses",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-3add69e6499e96fbff2fe40d)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
},
"ds_ziNb4LvN": {
"meta": {
"kpi_id": "da-itsi-cp-m365-dcd5a864c27b4f1b0f4e6dcf",
"service_id": "da-itsi-cp-m365-m365-threat-management"
},
"name": "O365_Threat Management - Email messages containing malicious URL removed after delivery\u200b",
"options": {
"query": "`get_full_itsi_summary_kpi(da-itsi-cp-m365-dcd5a864c27b4f1b0f4e6dcf)` `service_level_kpi_only` | timechart cont=false latest(alert_value) AS alert_value, latest(alert_color) AS alert_color"
},
"type": "ds.search"
}
},
"defaults": {
"dataSources": {
"global": {
"options": {
"queryParameters": {
"earliest": "$global_time.earliest$",
"latest": "$global_time.latest$"
},
"refresh": "$global_refresh_rate$",
"refreshType": "delay"
}
}
}
},
"description": "",
"inputs": {
"input_global_refresh_rate": {
"data_sources": {},
"options": {
"defaultValue": "300s",
"items": [
{
"label": "1 Minute",
"value": "60s"
},
{
"label": "5 Minutes",
"value": "300s"
},
{
"label": "30 Minutes",
"value": "1800s"
},
{
"label": "1 Hour",
"value": "3600s"
},
{
"label": "24 Hours",
"value": "86400s"
}
],
"token": "global_refresh_rate"
},
"title": "Global Refresh Rate",
"type": "input.dropdown"
},
"input_global_trp": {
"data_sources": {},
"options": {
"defaultValue": "-24h@h, now",
"token": "global_time"
},
"title": "Global Time Range",
"type": "input.timerange"
}
},
"layout": {
"global_inputs": [
"input_global_trp",
"input_global_refresh_rate"
],
"options": {
"background_color": "#FFFFFF",
"background_image": {
"size_type": "contain",
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-o365-background",
"x": 0.0,
"y": 0.0
},
"display": "auto-scale",
"height": 1080.0,
"show_title_and_description": true,
"width": 1920.0
},
"structure": [
{
"item": "viz_e07npRtT",
"position": {
"from": {
"x": 4,
"y": 64
},
"to": {
"x": 496,
"y": 64
}
},
"type": "line"
},
{
"item": "viz_GqEHllzp",
"position": {
"from": {
"x": 504,
"y": 64
},
"to": {
"x": 985,
"y": 64
}
},
"type": "line"
},
{
"item": "viz_pXzllOTn",
"position": {
"from": {
"x": 992,
"y": 64
},
"to": {
"x": 1477,
"y": 64
}
},
"type": "line"
},
{
"item": "viz_SO7qXdVQ",
"position": {
"from": {
"x": 1486,
"y": 64
},
"to": {
"x": 1915,
"y": 65
}
},
"type": "line"
},
{
"item": "viz_A7qtMRVE",
"position": {
"from": {
"x": 1488,
"y": 174
},
"to": {
"x": 1917,
"y": 175
}
},
"type": "line"
},
{
"item": "viz_zF9Wj4Db",
"position": {
"from": {
"x": 994,
"y": 265
},
"to": {
"x": 1479,
"y": 265
}
},
"type": "line"
},
{
"item": "viz_fGYSmSBO",
"position": {
"from": {
"x": 506,
"y": 303
},
"to": {
"x": 987,
"y": 303
}
},
"type": "line"
},
{
"item": "viz_PbbrPMyo",
"position": {
"from": {
"x": 1488,
"y": 294
},
"to": {
"x": 1917,
"y": 295
}
},
"type": "line"
},
{
"item": "viz_4DWqvA8O",
"position": {
"from": {
"x": -6,
"y": 526
},
"to": {
"x": 486,
"y": 526
}
},
"type": "line"
},
{
"item": "viz_druTJqGo",
"position": {
"from": {
"x": -4,
"y": 764
},
"to": {
"x": 488,
"y": 764
}
},
"type": "line"
},
{
"item": "viz_1iiLDkYH",
"position": {
"from": {
"x": 501,
"y": 525
},
"to": {
"x": 982,
"y": 525
}
},
"type": "line"
},
{
"item": "viz_DOLGDqRS",
"position": {
"from": {
"x": 503,
"y": 676
},
"to": {
"x": 984,
"y": 676
}
},
"type": "line"
},
{
"item": "viz_Q7m8dKqi",
"position": {
"from": {
"x": 499,
"y": 785
},
"to": {
"x": 980,
"y": 785
}
},
"type": "line"
},
{
"item": "viz_zRota3sv",
"position": {
"from": {
"x": 996,
"y": 526
},
"to": {
"x": 1477,
"y": 526
}
},
"type": "line"
},
{
"item": "viz_M291DEZJ",
"position": {
"from": {
"x": 501,
"y": 895
},
"to": {
"x": 982,
"y": 895
}
},
"type": "line"
},
{
"item": "viz_MhpOv3aw",
"position": {
"h": 690,
"w": 420,
"x": 1490,
"y": 350
},
"type": "block"
},
{
"item": "viz_J6KwDTd8",
"position": {
"h": 140,
"w": 140,
"x": 1500,
"y": 360
},
"type": "block"
},
{
"item": "viz_nIrV6Ji9",
"position": {
"h": 140,
"w": 140,
"x": 1500,
"y": 360
},
"type": "block"
},
{
"item": "viz_xXeloVvu",
"position": {
"h": 50,
"w": 102,
"x": 1520,
"y": 500
},
"type": "block"
},
{
"item": "viz_kUriycSm",
"position": {
"h": 90,
"w": 110,
"x": 1510,
"y": 560
},
"type": "block"
},
{
"item": "viz_6dWLMKtj",
"position": {
"h": 50,
"w": 300,
"x": 1490,
"y": 670
},
"type": "block"
},
{
"item": "viz_iv6RxEqP",
"position": {
"h": 30,
"w": 300,
"x": 0,
"y": 0
},
"type": "block"
},
{
"item": "viz_zJNts59u",
"position": {
"h": 40,
"w": 30,
"x": 1490,
"y": 790
},
"type": "block"
},
{
"item": "viz_Msnfwxsk",
"position": {
"h": 30,
"w": 30,
"x": 1490,
"y": 830
},
"type": "block"
},
{
"item": "viz_JCCVvLNl",
"position": {
"h": 40,
"w": 40,
"x": 1487,
"y": 750
},
"type": "block"
},
{
"item": "viz_knrg7InH",
"position": {
"h": 30,
"w": 30,
"x": 1490,
"y": 870
},
"type": "block"
},
{
"item": "viz_f1nnmVoq",
"position": {
"h": 30,
"w": 30,
"x": 1490,
"y": 910
},
"type": "block"
},
{
"item": "viz_HLeZ2fmX",
"position": {
"h": 39,
"w": 120,
"x": 1590,
"y": 710
},
"type": "block"
},
{
"item": "viz_X5QKAF37",
"position": {
"h": 39,
"w": 120,
"x": 1760,
"y": 710
},
"type": "block"
},
{
"item": "viz_yOaoYAxD",
"position": {
"h": 40,
"w": 170,
"x": 1550,
"y": 750
},
"type": "block"
},
{
"item": "viz_UwnHVqVF",
"position": {
"h": 40,
"w": 170,
"x": 1550,
"y": 790
},
"type": "block"
},
{
"item": "viz_iwFY6Ssb",
"position": {
"h": 40,
"w": 170,
"x": 1550,
"y": 830
},
"type": "block"
},
{
"item": "viz_flBLmnqx",
"position": {
"h": 40,
"w": 170,
"x": 1550,
"y": 870
},
"type": "block"
},
{
"item": "viz_bUafuQtj",
"position": {
"h": 40,
"w": 170,
"x": 1720,
"y": 910
},
"type": "block"
},
{
"item": "viz_lpsEPULV",
"position": {
"h": 40,
"w": 170,
"x": 1720,
"y": 870
},
"type": "block"
},
{
"item": "viz_faHkI0RF",
"position": {
"h": 40,
"w": 170,
"x": 1720,
"y": 830
},
"type": "block"
},
{
"item": "viz_Qnh2MTYs",
"position": {
"h": 40,
"w": 170,
"x": 1720,
"y": 790
},
"type": "block"
},
{
"item": "viz_uHMieKhH",
"position": {
"h": 40,
"w": 170,
"x": 1720,
"y": 750
},
"type": "block"
},
{
"item": "viz_NOE2ckl3",
"position": {
"h": 40,
"w": 170,
"x": 1720,
"y": 950
},
"type": "block"
},
{
"item": "viz_bPHMNgGr",
"position": {
"h": 40,
"w": 170,
"x": 1550,
"y": 950
},
"type": "block"
},
{
"item": "viz_EjMvfKEx",
"position": {
"h": 32,
"w": 34,
"x": 1490,
"y": 950
},
"type": "block"
},
{
"item": "viz_yXyIxA4f",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 80
},
"type": "block"
},
{
"item": "viz_o7uaQZLl",
"position": {
"h": 40,
"w": 170,
"x": 1550,
"y": 910
},
"type": "block"
},
{
"item": "viz_fFKPc8bn",
"position": {
"h": 39,
"w": 280,
"x": 230,
"y": 40
},
"type": "block"
},
{
"item": "viz_5E8nKEXP",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 70
},
"type": "block"
},
{
"item": "viz_NbXQU8FX",
"position": {
"h": 50,
"w": 310,
"x": 0,
"y": 120
},
"type": "block"
},
{
"item": "viz_kywMljXX",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 110
},
"type": "block"
},
{
"item": "viz_eeCzp2Ul",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 160
},
"type": "block"
},
{
"item": "viz_yX6yjECc",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 150
},
"type": "block"
},
{
"item": "viz_UuzxaZMP",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 80
},
"type": "block"
},
{
"item": "viz_ZNtvfCGp",
"position": {
"h": 39,
"w": 310,
"x": 680,
"y": 40
},
"type": "block"
},
{
"item": "viz_njWrjxyu",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 70
},
"type": "block"
},
{
"item": "viz_l1YN5Sig",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 120
},
"type": "block"
},
{
"item": "viz_dg6XCg5A",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 110
},
"type": "block"
},
{
"item": "viz_RTKIBRTS",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 160
},
"type": "block"
},
{
"item": "viz_VRrzLAHZ",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 150
},
"type": "block"
},
{
"item": "viz_ESz9mVYO",
"position": {
"h": 39,
"w": 290,
"x": 1190,
"y": 40
},
"type": "block"
},
{
"item": "viz_IwUtEHGT",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 200
},
"type": "block"
},
{
"item": "viz_3Iowfd7k",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 190
},
"type": "block"
},
{
"item": "viz_fvbZF8GH",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 80
},
"type": "block"
},
{
"item": "viz_vuAzorOL",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 70
},
"type": "block"
},
{
"item": "viz_kJ0GERvm",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 120
},
"type": "block"
},
{
"item": "viz_nQ77O1zs",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 110
},
"type": "block"
},
{
"item": "viz_Htl2h1HP",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 160
},
"type": "block"
},
{
"item": "viz_1E10aEuW",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 150
},
"type": "block"
},
{
"item": "viz_ZBuNBTtI",
"position": {
"h": 50,
"w": 240,
"x": 1490,
"y": 80
},
"type": "block"
},
{
"item": "viz_46Ax7e4W",
"position": {
"h": 39,
"w": 200,
"x": 1720,
"y": 40
},
"type": "block"
},
{
"item": "viz_FPonYmN1",
"position": {
"h": 40,
"w": 170,
"x": 1740,
"y": 70
},
"type": "block"
},
{
"item": "viz_uajhi8uF",
"position": {
"h": 50,
"w": 240,
"x": 1490,
"y": 120
},
"type": "block"
},
{
"item": "viz_uV1lEu9i",
"position": {
"h": 40,
"w": 170,
"x": 1740,
"y": 110
},
"type": "block"
},
{
"item": "viz_3rVie7Mv",
"position": {
"h": 50,
"w": 230,
"x": 1490,
"y": 190
},
"type": "block"
},
{
"item": "viz_iHzuZnIE",
"position": {
"h": 40,
"w": 170,
"x": 1740,
"y": 180
},
"type": "block"
},
{
"item": "viz_i8zBAwOD",
"position": {
"h": 39,
"w": 160,
"x": 1780,
"y": 150
},
"type": "block"
},
{
"item": "viz_VYaVWqZl",
"position": {
"h": 50,
"w": 240,
"x": 1490,
"y": 230
},
"type": "block"
},
{
"item": "viz_rJBKxdF7",
"position": {
"h": 40,
"w": 170,
"x": 1740,
"y": 220
},
"type": "block"
},
{
"item": "viz_zBUo1kTi",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 240
},
"type": "block"
},
{
"item": "viz_Y2nD0ueG",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 230
},
"type": "block"
},
{
"item": "viz_ayb46Es4",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 200
},
"type": "block"
},
{
"item": "viz_LnPbuW7n",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 240
},
"type": "block"
},
{
"item": "viz_WtqcgXRV",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 280
},
"type": "block"
},
{
"item": "viz_3SR1CB1a",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 320
},
"type": "block"
},
{
"item": "viz_HRZaAZoY",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 360
},
"type": "block"
},
{
"item": "viz_3ueBQk4g",
"position": {
"h": 30,
"w": 340,
"x": 0,
"y": 460
},
"type": "block"
},
{
"item": "viz_uA9pZmBf",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 190
},
"type": "block"
},
{
"item": "viz_sxYnuNFH",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 230
},
"type": "block"
},
{
"item": "viz_5tXZZwV1",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 270
},
"type": "block"
},
{
"item": "viz_JcKmK6f7",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 310
},
"type": "block"
},
{
"item": "viz_9JXOY4Gm",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 350
},
"type": "block"
},
{
"item": "viz_leE1LqwQ",
"position": {
"h": 50,
"w": 310,
"x": 990,
"y": 200
},
"type": "block"
},
{
"item": "viz_TolyzYYO",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 190
},
"type": "block"
},
{
"item": "viz_y0z9XjBr",
"position": {
"h": 39,
"w": 270,
"x": 1210,
"y": 240
},
"type": "block"
},
{
"item": "viz_hpLoI6sJ",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 270
},
"type": "block"
},
{
"item": "viz_edxLOEOw",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 270
},
"type": "block"
},
{
"item": "viz_7EjYdYLn",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 310
},
"type": "block"
},
{
"item": "viz_5ZsBdWUr",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 310
},
"type": "block"
},
{
"item": "viz_5a71PUFr",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 350
},
"type": "block"
},
{
"item": "viz_ptbnUjOD",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 350
},
"type": "block"
},
{
"item": "viz_Bh0UmeX4",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 390
},
"type": "block"
},
{
"item": "viz_XWROmSjL",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 390
},
"type": "block"
},
{
"item": "viz_4DrdnagR",
"position": {
"h": 50,
"w": 300,
"x": 990,
"y": 430
},
"type": "block"
},
{
"item": "viz_Kzsdg7ps",
"position": {
"h": 40,
"w": 170,
"x": 1300,
"y": 430
},
"type": "block"
},
{
"item": "viz_Umd44sHd",
"position": {
"h": 39,
"w": 150,
"x": 850,
"y": 280
},
"type": "block"
},
{
"item": "viz_erpVALBK",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 320
},
"type": "block"
},
{
"item": "viz_OkKJN0sV",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 310
},
"type": "block"
},
{
"item": "viz_68VfaK37",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 360
},
"type": "block"
},
{
"item": "viz_g3Fjz3Bj",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 350
},
"type": "block"
},
{
"item": "viz_n1qvLBQA",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 400
},
"type": "block"
},
{
"item": "viz_LTzFXuv0",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 390
},
"type": "block"
},
{
"item": "viz_ASboNwDu",
"position": {
"h": 28,
"w": 160,
"x": 1780,
"y": 271
},
"type": "block"
},
{
"item": "viz_3U6anbbB",
"position": {
"h": 50,
"w": 240,
"x": 1490,
"y": 300
},
"type": "block"
},
{
"item": "viz_Gs29Q9B0",
"position": {
"h": 40,
"w": 170,
"x": 1740,
"y": 300
},
"type": "block"
},
{
"item": "viz_MbHfFphf",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 530
},
"type": "block"
},
{
"item": "viz_GYlYEiNj",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 1030
},
"type": "block"
},
{
"item": "viz_3TmGm2Tt",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 810
},
"type": "block"
},
{
"item": "viz_6FWnIwIk",
"position": {
"h": 50,
"w": 320,
"x": 500,
"y": 790
},
"type": "block"
},
{
"item": "viz_acajsYlE",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 830
},
"type": "block"
},
{
"item": "viz_e6YPzDYx",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 730
},
"type": "block"
},
{
"item": "viz_ALXL6Mbh",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 610
},
"type": "block"
},
{
"item": "viz_sovXyfkp",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 650
},
"type": "block"
},
{
"item": "viz_VJ2n8yNY",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 530
},
"type": "block"
},
{
"item": "viz_bSIanwmA",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 950
},
"type": "block"
},
{
"item": "viz_VFzTB4Pr",
"position": {
"h": 50,
"w": 250,
"x": 500,
"y": 980
},
"type": "block"
},
{
"item": "viz_zvFeUNjk",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 770
},
"type": "block"
},
{
"item": "viz_G8vGykMo",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 560
},
"type": "block"
},
{
"item": "viz_rgocUz6k",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 600
},
"type": "block"
},
{
"item": "viz_f7xbUukE",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 560
},
"type": "block"
},
{
"item": "viz_j8l7m0H7",
"position": {
"h": 50,
"w": 330,
"x": 0,
"y": 930
},
"type": "block"
},
{
"item": "viz_J2IQafnT",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 690
},
"type": "block"
},
{
"item": "viz_Z9BBHwYs",
"position": {
"h": 50,
"w": 300,
"x": 500,
"y": 730
},
"type": "block"
},
{
"item": "viz_3qjg5Vht",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 530
},
"type": "block"
},
{
"item": "viz_YlOemvm4",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 560
},
"type": "block"
},
{
"item": "viz_v4edEl0J",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 970
},
"type": "block"
},
{
"item": "viz_jJDeClfA",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 610
},
"type": "block"
},
{
"item": "viz_yCUYsRUy",
"position": {
"h": 50,
"w": 317,
"x": 993,
"y": 640
},
"type": "block"
},
{
"item": "viz_jqzRvUIL",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 890
},
"type": "block"
},
{
"item": "viz_3J60cyjP",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 690
},
"type": "block"
},
{
"item": "viz_qg54wRGO",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 690
},
"type": "block"
},
{
"item": "viz_21cv3AZ5",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 770
},
"type": "block"
},
{
"item": "viz_kKQw0UJA",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 810
},
"type": "block"
},
{
"item": "viz_w7Dve9FX",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 850
},
"type": "block"
},
{
"item": "viz_NSNGBWTO",
"position": {
"h": 50,
"w": 300,
"x": 0,
"y": 890
},
"type": "block"
},
{
"item": "viz_KJxZn4hH",
"position": {
"h": 50,
"w": 260,
"x": 500,
"y": 900
},
"type": "block"
},
{
"item": "viz_AORov7pi",
"position": {
"h": 50,
"w": 300,
"x": 993,
"y": 850
},
"type": "block"
},
{
"item": "viz_OMmqZtJ7",
"position": {
"h": 39,
"w": 130,
"x": 360,
"y": 500
},
"type": "block"
},
{
"item": "viz_uqSpv5Kd",
"position": {
"h": 39,
"w": 60,
"x": 920,
"y": 760
},
"type": "block"
},
{
"item": "viz_TNm0P6KB",
"position": {
"h": 40,
"w": 200,
"x": 1290,
"y": 500
},
"type": "block"
},
{
"item": "viz_hud6a8Zx",
"position": {
"h": 39,
"w": 60,
"x": 920,
"y": 870
},
"type": "block"
},
{
"item": "viz_OZmqKEfh",
"position": {
"h": 39,
"w": 130,
"x": 360,
"y": 740
},
"type": "block"
},
{
"item": "viz_31gsPiP3",
"position": {
"h": 39,
"w": 150,
"x": 850,
"y": 500
},
"type": "block"
},
{
"item": "viz_FdZ5w8Pj",
"position": {
"h": 39,
"w": 150,
"x": 840,
"y": 650
},
"type": "block"
},
{
"item": "viz_oZNyDloj",
"position": {
"h": 40,
"w": 320,
"x": 330,
"y": 0
},
"type": "block"
},
{
"item": "viz_47s57KFg",
"position": {
"h": 40,
"w": 320,
"x": 330,
"y": 460
},
"type": "block"
},
{
"item": "viz_8BVAjxs4",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 900
},
"type": "block"
},
{
"item": "viz_b9xwtvA7",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 940
},
"type": "block"
},
{
"item": "viz_WrqqREjN",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 980
},
"type": "block"
},
{
"item": "viz_PKhHZ17Q",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 1020
},
"type": "block"
},
{
"item": "viz_qLKLkup8",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 525
},
"type": "block"
},
{
"item": "viz_XLekoYpG",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 565
},
"type": "block"
},
{
"item": "viz_nFmEyYO8",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 964
},
"type": "block"
},
{
"item": "viz_8zrD1Br4",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 605
},
"type": "block"
},
{
"item": "viz_oDwFEYgf",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 645
},
"type": "block"
},
{
"item": "viz_QL7YpTvR",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 685
},
"type": "block"
},
{
"item": "viz_pKw4XeqX",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 725
},
"type": "block"
},
{
"item": "viz_GCXiElFj",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 765
},
"type": "block"
},
{
"item": "viz_53O2aGcj",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 805
},
"type": "block"
},
{
"item": "viz_i2P1MkDJ",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 845
},
"type": "block"
},
{
"item": "viz_ZUzEw1ex",
"position": {
"h": 40,
"w": 170,
"x": 1303,
"y": 885
},
"type": "block"
},
{
"item": "viz_Eo3bH8QW",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 524
},
"type": "block"
},
{
"item": "viz_1RAKDpML",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 564
},
"type": "block"
},
{
"item": "viz_TRgHVuSZ",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 604
},
"type": "block"
},
{
"item": "viz_HtSNeBv8",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 644
},
"type": "block"
},
{
"item": "viz_hOioaWYv",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 684
},
"type": "block"
},
{
"item": "viz_QsFqS9sg",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 764
},
"type": "block"
},
{
"item": "viz_Og0GsQk1",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 804
},
"type": "block"
},
{
"item": "viz_RRnJDQ7E",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 844
},
"type": "block"
},
{
"item": "viz_mYQ3Ahj3",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 884
},
"type": "block"
},
{
"item": "viz_tI6cMyj4",
"position": {
"h": 40,
"w": 170,
"x": 310,
"y": 924
},
"type": "block"
},
{
"item": "viz_SUvUV26d",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 528
},
"type": "block"
},
{
"item": "viz_dXNVPqpO",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 568
},
"type": "block"
},
{
"item": "viz_zdJ8HZR9",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 608
},
"type": "block"
},
{
"item": "viz_SfuaNk53",
"position": {
"h": 90,
"w": 240,
"x": 1660,
"y": 560
},
"type": "block"
},
{
"item": "viz_rV6Lbp2z",
"position": {
"h": 90,
"w": 240,
"x": 1660,
"y": 460
},
"type": "block"
},
{
"item": "viz_PLzLkjTj",
"position": {
"h": 90,
"w": 240,
"x": 1660,
"y": 360
},
"type": "block"
},
{
"item": "viz_U34r2Mko",
"position": {
"h": 40,
"w": 170,
"x": 1720,
"y": 990
},
"type": "block"
},
{
"item": "viz_8NtsaDwL",
"position": {
"h": 40,
"w": 170,
"x": 1550,
"y": 990
},
"type": "block"
},
{
"item": "viz_FNrs1dG0",
"position": {
"h": 50,
"w": 50,
"x": 1484,
"y": 980
},
"type": "block"
},
{
"item": "viz_K48PfzX9",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 719
},
"type": "block"
},
{
"item": "viz_LzfYottx",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 679
},
"type": "block"
},
{
"item": "viz_7bFB2xRn",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 828
},
"type": "block"
},
{
"item": "viz_X52TPS4s",
"position": {
"h": 40,
"w": 170,
"x": 810,
"y": 788
},
"type": "block"
},
{
"item": "viz_Lm0jzP0o",
"position": {
"h": 350,
"w": 1920,
"x": 0,
"y": 0
},
"type": "block"
},
{
"item": "viz_YILnsksK",
"position": {
"h": 150,
"w": 990,
"x": 0,
"y": 280
},
"type": "block"
},
{
"item": "viz_z1Nm6ee4",
"position": {
"h": 230,
"w": 530,
"x": 960,
"y": 230
},
"type": "block"
},
{
"item": "viz_2IAzLv4V",
"position": {
"h": 610,
"w": 1490,
"x": 0,
"y": 460
},
"type": "block"
},
{
"item": "viz_FbngVk2R",
"position": {
"h": 300,
"w": 170,
"x": 1490,
"y": 350
},
"type": "block"
},
{
"item": "viz_hL5NidK6",
"position": {
"h": 370,
"w": 420,
"x": 1490,
"y": 670
},
"type": "block"
},
{
"item": "viz_tO1Cyd75",
"position": {
"h": 40,
"w": 280,
"x": 1640,
"y": 0
},
"type": "block"
}
],
"type": "absolute"
},
"title": "M365 Security Dashboard - Overview",
"visualizations": {
"viz_1E10aEuW": {
"data_sources": {
"primary": "ds_gOcfSjLP"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_1RAKDpML": {
"data_sources": {
"primary": "ds_7c3Ve7MN"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_1iiLDkYH": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_21cv3AZ5": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Phish delivered because a user's Junk Mail Folder is disabled"
},
"type": "splunk.markdown"
},
"viz_2IAzLv4V": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-management"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_31gsPiP3": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email: Malicious"
},
"type": "splunk.markdown"
},
"viz_3Iowfd7k": {
"data_sources": {
"primary": "ds_n7Kbwg3j"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_3J60cyjP": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware campaign detected in SharePoint and OneDrive"
},
"type": "splunk.markdown"
},
"viz_3SR1CB1a": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Multiple Failed Login Attempts"
},
"type": "splunk.markdown"
},
"viz_3TmGm2Tt": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Failed exact data match upload"
},
"type": "splunk.markdown"
},
"viz_3U6anbbB": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Preview: Suspicious Change of \nCoudTrail Logging Service"
},
"type": "splunk.markdown"
},
"viz_3qjg5Vht": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Tenant restricted from sending email"
},
"type": "splunk.markdown"
},
"viz_3rVie7Mv": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Impossible Travel"
},
"type": "splunk.markdown"
},
"viz_3ueBQk4g": {
"options": {
"customFontSize": 24.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "**Security: Threat Management**"
},
"type": "splunk.markdown"
},
"viz_46Ax7e4W": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware Ransomeware"
},
"type": "splunk.markdown"
},
"viz_47s57KFg": {
"data_sources": {
"primary": "ds_cplJ88yB"
},
"options": {
"background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_4DWqvA8O": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_4DrdnagR": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Data Exfiltration to Unsanctioned Apps"
},
"type": "splunk.markdown"
},
"viz_53O2aGcj": {
"data_sources": {
"primary": "ds_pFzL0388"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_5E8nKEXP": {
"data_sources": {
"primary": "ds_t8tkHKBL"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_5ZsBdWUr": {
"data_sources": {
"primary": "ds_OiYe7Yx4"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_5a71PUFr": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual File Share Activity (by user)"
},
"type": "splunk.markdown"
},
"viz_5tXZZwV1": {
"data_sources": {
"primary": "ds_SWoWEcgq"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_68VfaK37": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Suspicious Inbox Forwarding"
},
"type": "splunk.markdown"
},
"viz_6FWnIwIk": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Form blocked due to potential phishing attempt"
},
"type": "splunk.markdown"
},
"viz_6dWLMKtj": {
"options": {
"customFontSize": 24.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Performance & Availability"
},
"type": "splunk.markdown"
},
"viz_7EjYdYLn": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual File Download (by user)"
},
"type": "splunk.markdown"
},
"viz_7bFB2xRn": {
"data_sources": {
"primary": "ds_K8u5tNdp"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_8BVAjxs4": {
"data_sources": {
"primary": "ds_S23nHPQl"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_8NtsaDwL": {
"data_sources": {
"primary": "ds_P9Fmc8jM"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_8zrD1Br4": {
"data_sources": {
"primary": "ds_kEmJGZGh"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_9JXOY4Gm": {
"data_sources": {
"primary": "ds_wManXMy2"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_A7qtMRVE": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_ALXL6Mbh": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware campaign detected after delivery"
},
"type": "splunk.markdown"
},
"viz_AORov7pi": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Successful exact data match upload"
},
"type": "splunk.markdown"
},
"viz_ASboNwDu": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Cloud Activities"
},
"type": "splunk.markdown"
},
"viz_Bh0UmeX4": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Multiple Storage Deletion Activities"
},
"type": "splunk.markdown"
},
"viz_DOLGDqRS": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_ESz9mVYO": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "VM / Power BI Suspicious Activities"
},
"type": "splunk.markdown"
},
"viz_EjMvfKEx": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-azuread"
},
"type": "splunk.image"
},
"viz_Eo3bH8QW": {
"data_sources": {
"primary": "ds_UPaPYxm6"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_FNrs1dG0": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-power-bi-24x24"
},
"type": "splunk.image"
},
"viz_FPonYmN1": {
"data_sources": {
"primary": "ds_91frjQDi"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_FbngVk2R": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-executive-overview&action=view"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_FdZ5w8Pj": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email: Suspicious"
},
"type": "splunk.markdown"
},
"viz_G8vGykMo": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email messages containing malicious URL removed after delivery"
},
"type": "splunk.markdown"
},
"viz_GCXiElFj": {
"data_sources": {
"primary": "ds_LCJDIgEA"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_GYlYEiNj": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email sending limit exceeded"
},
"type": "splunk.markdown"
},
"viz_GqEHllzp": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_Gs29Q9B0": {
"data_sources": {
"primary": "ds_fFgWwN2t"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_HLeZ2fmX": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Performance"
},
"type": "splunk.markdown"
},
"viz_HRZaAZoY": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Leaked Credentials"
},
"type": "splunk.markdown"
},
"viz_HtSNeBv8": {
"data_sources": {
"primary": "ds_sWtjDtCY"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_Htl2h1HP": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Preview Suspicious PowerBI Report Sharing"
},
"type": "splunk.markdown"
},
"viz_IwUtEHGT": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Activity from Anonymous IP Address"
},
"type": "splunk.markdown"
},
"viz_J2IQafnT": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Suspicious Email Forwarding Activity"
},
"type": "splunk.markdown"
},
"viz_J6KwDTd8": {
"data_sources": {
"primary": "ds_OFBAMaHl"
},
"options": {
"fill_color": "> primary | seriesByName(\"alert_color\") | lastPoint()"
},
"type": "splunk.rectangle"
},
"viz_JCCVvLNl": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-exchange-48x48"
},
"type": "splunk.image"
},
"viz_JcKmK6f7": {
"data_sources": {
"primary": "ds_SeTDp3tf"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_K48PfzX9": {
"data_sources": {
"primary": "ds_CwNHa74t"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_KJxZn4hH": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Remediation action taken by admin on \nemails or URL or sender"
},
"type": "splunk.markdown"
},
"viz_Kzsdg7ps": {
"data_sources": {
"primary": "ds_m6nQCit8"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_LTzFXuv0": {
"data_sources": {
"primary": "ds_qI2sr98f"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_Lm0jzP0o": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_LnPbuW7n": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": " Suspicious OAuth App File Download Activities"
},
"type": "splunk.markdown"
},
"viz_LzfYottx": {
"data_sources": {
"primary": "ds_Mw0eQtbg"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_M291DEZJ": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_MbHfFphf": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email reported by user as malware or phish"
},
"type": "splunk.markdown"
},
"viz_MhpOv3aw": {
"options": {
"fill_color": "#000000",
"stroke_color": "#ffffff",
"stroke_width": 2.0
},
"type": "splunk.rectangle"
},
"viz_Msnfwxsk": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-sharepoint"
},
"type": "splunk.image"
},
"viz_NOE2ckl3": {
"data_sources": {
"primary": "ds_nSJVmBZI"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_NSNGBWTO": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Phish not zapped because ZAP is disabled"
},
"type": "splunk.markdown"
},
"viz_NbXQU8FX": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual Addition of Credential to an OAuth App"
},
"type": "splunk.markdown"
},
"viz_OMmqZtJ7": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email: Malware"
},
"type": "splunk.markdown"
},
"viz_OZmqKEfh": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email: Phishing"
},
"type": "splunk.markdown"
},
"viz_Og0GsQk1": {
"data_sources": {
"primary": "ds_Spsqbzoa"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_OkKJN0sV": {
"data_sources": {
"primary": "ds_ChlhtDKE"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_PKhHZ17Q": {
"data_sources": {
"primary": "ds_cKi7WOpX"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_PLzLkjTj": {
"data_sources": {
"primary": "ds_pkkMijtJ"
},
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-security"
},
"type": "drilldown.customUrl"
}
],
"options": {
"background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"title": "Security Overall",
"type": "splunk.singlevalue"
},
"viz_PbbrPMyo": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_Q7m8dKqi": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_QL7YpTvR": {
"data_sources": {
"primary": "ds_cfGSE4oD"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_Qnh2MTYs": {
"data_sources": {
"primary": "ds_mQ9gLHEF"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_QsFqS9sg": {
"data_sources": {
"primary": "ds_FiQTjw0t"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_RRnJDQ7E": {
"data_sources": {
"primary": "ds_JqDqXdyB"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_RTKIBRTS": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual Administrative Activity (by user)"
},
"type": "splunk.markdown"
},
"viz_SO7qXdVQ": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_SUvUV26d": {
"data_sources": {
"primary": "ds_GvG2lfFy"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_SfuaNk53": {
"data_sources": {
"primary": "ds_hEomd24i"
},
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-management"
},
"type": "drilldown.customUrl"
}
],
"options": {
"background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"title": "Threat Management",
"type": "splunk.singlevalue"
},
"viz_TNm0P6KB": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Security & Compliance"
},
"type": "splunk.markdown"
},
"viz_TRgHVuSZ": {
"data_sources": {
"primary": "ds_SmgYba2K"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_TolyzYYO": {
"data_sources": {
"primary": "ds_S4JkpLcw"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_U34r2Mko": {
"data_sources": {
"primary": "ds_IzbYJAsR"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_Umd44sHd": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Inbox Anomalies"
},
"type": "splunk.markdown"
},
"viz_UuzxaZMP": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Activity Performed by Terminated User"
},
"type": "splunk.markdown"
},
"viz_UwnHVqVF": {
"data_sources": {
"primary": "ds_vtjODuQ4"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_VFzTB4Pr": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Admin triggered manual investigation\nof email"
},
"type": "splunk.markdown"
},
"viz_VJ2n8yNY": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "A potentially malicious URL click was detected"
},
"type": "splunk.markdown"
},
"viz_VRrzLAHZ": {
"data_sources": {
"primary": "ds_FxISLgeA"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_VYaVWqZl": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Activity From Infrequent Country"
},
"type": "splunk.markdown"
},
"viz_WrqqREjN": {
"data_sources": {
"primary": "ds_NbOuEYe0"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_WtqcgXRV": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Risky Sign-In"
},
"type": "splunk.markdown"
},
"viz_X52TPS4s": {
"data_sources": {
"primary": "ds_Y6IwBvGD"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_X5QKAF37": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Availability"
},
"type": "splunk.markdown"
},
"viz_XLekoYpG": {
"data_sources": {
"primary": "ds_JOW31gSa"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_XWROmSjL": {
"data_sources": {
"primary": "ds_HdhuUeLu"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_Y2nD0ueG": {
"data_sources": {
"primary": "ds_PPUj5qKV"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_YILnsksK": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_YlOemvm4": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Tenant restricted from sending unprovisioned email"
},
"type": "splunk.markdown"
},
"viz_Z9BBHwYs": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Suspicious email sending patterns detected"
},
"type": "splunk.markdown"
},
"viz_ZBuNBTtI": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Ransomware Activity"
},
"type": "splunk.markdown"
},
"viz_ZNtvfCGp": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "User / Admin / IP Suspicious Activities"
},
"type": "splunk.markdown"
},
"viz_ZUzEw1ex": {
"data_sources": {
"primary": "ds_R5D2vp8g"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_acajsYlE": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Form flagged and confirmed as phishing"
},
"type": "splunk.markdown"
},
"viz_ayb46Es4": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Misleading Publisher Name for an OAuth App"
},
"type": "splunk.markdown"
},
"viz_b9xwtvA7": {
"data_sources": {
"primary": "ds_JptaDvdF"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_bPHMNgGr": {
"data_sources": {
"primary": "ds_1tgPt3mh"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_bSIanwmA": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Admin submission result completed"
},
"type": "splunk.markdown"
},
"viz_bUafuQtj": {
"data_sources": {
"primary": "ds_083zujwS"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_dXNVPqpO": {
"data_sources": {
"primary": "ds_ziNb4LvN"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_dg6XCg5A": {
"data_sources": {
"primary": "ds_yZUQHbXW"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_druTJqGo": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_e07npRtT": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_e6YPzDYx": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "MIP AutoLabel simulation completed"
},
"type": "splunk.markdown"
},
"viz_edxLOEOw": {
"data_sources": {
"primary": "ds_DPVZeJmE"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_eeCzp2Ul": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Misleading OAuth App Name"
},
"type": "splunk.markdown"
},
"viz_erpVALBK": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Suspicious Inbox Manipulation Rule"
},
"type": "splunk.markdown"
},
"viz_f1nnmVoq": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-yammer"
},
"type": "splunk.image"
},
"viz_f7xbUukE": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email messages containing malware removed after delivery"
},
"type": "splunk.markdown"
},
"viz_fFKPc8bn": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Authorization / Login Anomalies"
},
"type": "splunk.markdown"
},
"viz_fGYSmSBO": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_faHkI0RF": {
"data_sources": {
"primary": "ds_iDvy3I5y"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_flBLmnqx": {
"data_sources": {
"primary": "ds_6lonf6pu"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_fvbZF8GH": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Multiple Delete VM Activities"
},
"type": "splunk.markdown"
},
"viz_g3Fjz3Bj": {
"data_sources": {
"primary": "ds_sOuC6KP0"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_hL5NidK6": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-overview-dashboard&action=view"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_hOioaWYv": {
"data_sources": {
"primary": "ds_y7c2PMC0"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_hpLoI6sJ": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual File Deletion Activity (by user)"
},
"type": "splunk.markdown"
},
"viz_hud6a8Zx": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Admin"
},
"type": "splunk.markdown"
},
"viz_i2P1MkDJ": {
"data_sources": {
"primary": "ds_ncxoJa95"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_i8zBAwOD": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Geo Anomalies"
},
"type": "splunk.markdown"
},
"viz_iHzuZnIE": {
"data_sources": {
"primary": "ds_eqcIwRxM"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_iv6RxEqP": {
"options": {
"customFontSize": 24.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "**Security: Threat Detection**"
},
"type": "splunk.markdown"
},
"viz_iwFY6Ssb": {
"data_sources": {
"primary": "ds_4W0qIgiG"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_j8l7m0H7": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email messages containing phish URLs removed after delivery"
},
"type": "splunk.markdown"
},
"viz_jJDeClfA": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "User restricted from sending email"
},
"type": "splunk.markdown"
},
"viz_jqzRvUIL": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "eDiscovery search started or exported"
},
"type": "splunk.markdown"
},
"viz_kJ0GERvm": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Multiple VM Creation Activities"
},
"type": "splunk.markdown"
},
"viz_kKQw0UJA": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Phish delivered due to an ETR override"
},
"type": "splunk.markdown"
},
"viz_kUriycSm": {
"data_sources": {
"primary": "ds_diArV7Gu"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "off",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "off"
},
"type": "splunk.singlevalue"
},
"viz_knrg7InH": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-teams"
},
"type": "splunk.image"
},
"viz_kywMljXX": {
"data_sources": {
"primary": "ds_iMkpBdOw"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_l1YN5Sig": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Activity from Suspicious IP Address"
},
"type": "splunk.markdown"
},
"viz_leE1LqwQ": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Preview Multiple PowerBI Report Share Activities"
},
"type": "splunk.markdown"
},
"viz_lpsEPULV": {
"data_sources": {
"primary": "ds_OSmztg8T"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_mYQ3Ahj3": {
"data_sources": {
"primary": "ds_0a7gzTjo"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_n1qvLBQA": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Suspicious Email Deletion Activity (by user)"
},
"type": "splunk.markdown"
},
"viz_nFmEyYO8": {
"data_sources": {
"primary": "ds_TwYKtIyo"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_nIrV6Ji9": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-office-256x256"
},
"type": "splunk.image"
},
"viz_nQ77O1zs": {
"data_sources": {
"primary": "ds_HkHxV06x"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_njWrjxyu": {
"data_sources": {
"primary": "ds_6IyfamOT"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_o7uaQZLl": {
"data_sources": {
"primary": "ds_pdohGLDI"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_oDwFEYgf": {
"data_sources": {
"primary": "ds_HCyL3oA6"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_oZNyDloj": {
"data_sources": {
"primary": "ds_A3bqtW6K"
},
"options": {
"background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_pKw4XeqX": {
"data_sources": {
"primary": "ds_xe6ZHJYv"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_pXzllOTn": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_ptbnUjOD": {
"data_sources": {
"primary": "ds_0RymRlVs"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_qLKLkup8": {
"data_sources": {
"primary": "ds_3uckpPxG"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_qg54wRGO": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware not zapped because ZAP is disabled"
},
"type": "splunk.markdown"
},
"viz_rJBKxdF7": {
"data_sources": {
"primary": "ds_5Fa6sA9o"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_rV6Lbp2z": {
"data_sources": {
"primary": "ds_A9GJW0TB"
},
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection"
},
"type": "drilldown.customUrl"
}
],
"options": {
"background_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"title": "Threat Detection",
"type": "splunk.singlevalue"
},
"viz_rgocUz6k": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Email messages containing malicious file removed after delivery"
},
"type": "splunk.markdown"
},
"viz_sovXyfkp": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware campaign detected and blocked"
},
"type": "splunk.markdown"
},
"viz_sxYnuNFH": {
"data_sources": {
"primary": "ds_V4TbdOXR"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_tI6cMyj4": {
"data_sources": {
"primary": "ds_M7cfBfKD"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_tO1Cyd75": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/glass_table?savedGlassTableId=da-itsi-cp-m365-m365-executive-overview&action=view"
},
"type": "drilldown.customUrl"
}
],
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-microsoft-365"
},
"type": "splunk.image"
},
"viz_uA9pZmBf": {
"data_sources": {
"primary": "ds_xizAFB3w"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_uHMieKhH": {
"data_sources": {
"primary": "ds_mtIXHc7y"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_uV1lEu9i": {
"data_sources": {
"primary": "ds_IyVRZOxX"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_uajhi8uF": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malware Detection"
},
"type": "splunk.markdown"
},
"viz_uqSpv5Kd": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Forms"
},
"type": "splunk.markdown"
},
"viz_v4edEl0J": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual increase in email reported as phish"
},
"type": "splunk.markdown"
},
"viz_vuAzorOL": {
"data_sources": {
"primary": "ds_lmnRgCPJ"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_w7Dve9FX": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Phish delivered due to an IP allow policy"
},
"type": "splunk.markdown"
},
"viz_xXeloVvu": {
"options": {
"customFontSize": 25.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Overall\nHealth"
},
"type": "splunk.markdown"
},
"viz_y0z9XjBr": {
"options": {
"customFontSize": 18.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "File / Data Suspicious Activities"
},
"type": "splunk.markdown"
},
"viz_yCUYsRUy": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "User restricted from sharing forms and collecting responses"
},
"type": "splunk.markdown"
},
"viz_yOaoYAxD": {
"data_sources": {
"primary": "ds_bHGWKEHp"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_yX6yjECc": {
"data_sources": {
"primary": "ds_MXJZLvxK"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_yXyIxA4f": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Malicious OAuth App Consent"
},
"type": "splunk.markdown"
},
"viz_z1Nm6ee4": {
"event_handlers": [
{
"options": {
"newTab": true,
"url": "/app/itsi/homeview?view=standard&viewType=service_topology&earliest=-24h%40h&latest=now&serviceId=da-itsi-cp-m365-m365-threat-detection"
},
"type": "drilldown.customUrl"
}
],
"options": {
"fill_color": "transparent",
"stroke_color": "transparent"
},
"type": "splunk.rectangle"
},
"viz_zBUo1kTi": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Unusual Impersonated Activity (by user)"
},
"type": "splunk.markdown"
},
"viz_zF9Wj4Db": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_zJNts59u": {
"options": {
"preserve_aspect_ratio": true,
"src": "splunk-enterprise-kvstore://da-itsi-cp-m365-onedrive"
},
"type": "splunk.image"
},
"viz_zRota3sv": {
"options": {
"stroke_color": "#ffffff",
"stroke_width": 3.0
},
"type": "abslayout.line"
},
"viz_zdJ8HZR9": {
"data_sources": {
"primary": "ds_vjtep4Mt"
},
"options": {
"background_color": "transparent",
"major_color": "> primary | seriesByName(\"alert_color\") | lastPoint()",
"show_spark_line_tooltip": true,
"spark_line_display": "after",
"spark_line_stroke_color": "#FFFFFF",
"spark_line_values": "> primary | seriesByName(\"alert_value\")",
"trend_display": "percent"
},
"type": "splunk.singlevalue"
},
"viz_zvFeUNjk": {
"options": {
"customFontSize": 14.0,
"font_color": "#ffffff",
"font_size": "custom",
"markdown": "Creation of forwarding/redirect rule"
},
"type": "splunk.markdown"
}
}
},
"description": "",
"gt_version": "beta",
"key": "da-itsi-cp-m365-m365-security-dashboard-overview",
"latest": "now",
"latest_label": "Now",
"selected_swap_service_id": null,
"swap_service_ids": [],
"template_selected_service_id": null,
"template_swappable_service_ids": [],
"title": "M365 Security Dashboard - Overview",
"version": "0.0.38"
}
Reference in new issue View Git Blame Copy Permalink