Skip to content

Commit 4c324fa

Browse files
jame2Ojame2O
committed
feat: add "Current Score %" tile to Cockpit OOB
1 parent 80ff42f commit 4c324fa

1 file changed

Lines changed: 122 additions & 32 deletions

File tree

plugins/MicrosoftDefender/v1/defaultContent/cockpit.dash.json

Lines changed: 122 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,10 @@
66
"contents": [
77
{
88
"static": false,
9-
"w": 2,
9+
"w": 1,
1010
"moved": false,
1111
"h": 2,
12-
"x": 0,
12+
"x": 1,
1313
"y": 0,
1414
"i": "fa1468d7-af16-4947-ba21-d6628350c862",
1515
"z": 0,
@@ -91,6 +91,96 @@
9191
}
9292
}
9393
},
94+
{
95+
"static": false,
96+
"w": 1,
97+
"moved": false,
98+
"h": 2,
99+
"x": 0,
100+
"y": 0,
101+
"i": "ace1ef46-a2d5-41ee-a868-b214742392b7",
102+
"z": 0,
103+
"config": {
104+
"timeframe": "none",
105+
"dataStream": {
106+
"dataSourceConfig": {
107+
"version": "2.0",
108+
"tables": [
109+
{
110+
"config": {
111+
"timeframe": "none",
112+
"activePluginConfigIds": [
113+
"{{configId}}"
114+
],
115+
"dataStream": {
116+
"name": "secureScoreHistory",
117+
"filter": {
118+
"multiOperation": "and",
119+
"filters": [
120+
{
121+
"column": "createdDateTime",
122+
"unit": "days",
123+
"operation": "datewithinlast",
124+
"value": "1"
125+
}
126+
]
127+
},
128+
"id": "{{dataStreams.secureScoreHistory}}",
129+
"pluginConfigId": "{{configId}}"
130+
}
131+
},
132+
"tableName": "dataset1"
133+
}
134+
],
135+
"sql": "SELECT\n \"id\",\n \"currentScore\" / COALESCE(\"maxScore\", 1) AS \"score_ratio\"\nFROM\n \"dataset1\""
136+
},
137+
"metadata": [
138+
{
139+
"shape": [
140+
"percent",
141+
{
142+
"thousandsSeparator": true,
143+
"asZeroToOne": true
144+
}
145+
],
146+
"name": "score_ratio"
147+
},
148+
{
149+
"pattern": ".*"
150+
}
151+
],
152+
"id": "datastream-sql"
153+
},
154+
"scope": {
155+
"query": "g.V().has('id', within(ids_101Q6gd64IVkeoOip3rP))",
156+
"bindings": {
157+
"ids_101Q6gd64IVkeoOip3rP": [
158+
"node-1dwkxV4HX7weIEfnX1SJ0yanRi4ZRTdjDSDUa-rb51OklLHaz1kod9h6nV"
159+
]
160+
},
161+
"queryDetail": {
162+
"ids": [
163+
"node-1dwkxV4HX7weIEfnX1SJ0yanRi4ZRTdjDSDUa-rb51OklLHaz1kod9h6nV"
164+
]
165+
}
166+
},
167+
"_type": "tile/data-stream",
168+
"description": "",
169+
"activePluginConfigIds": [
170+
"{{configId}}"
171+
],
172+
"title": "Current Score %",
173+
"visualisation": {
174+
"type": "data-stream-scalar",
175+
"config": {
176+
"data-stream-scalar": {
177+
"value": "currentScore",
178+
"comparisonColumn": "none"
179+
}
180+
}
181+
}
182+
}
183+
},
94184
{
95185
"static": false,
96186
"w": 2,
@@ -394,15 +484,15 @@
394484
"w": 1,
395485
"moved": false,
396486
"h": 2,
397-
"x": 1,
487+
"x": 0,
398488
"y": 4,
399-
"i": "18116acd-6097-4b27-a0f3-9d8cee0c7611",
489+
"i": "6aa1942a-8390-4023-9454-b5accc992f77",
400490
"z": 0,
401491
"config": {
402492
"dataStream": {
403493
"name": "advancedHuntingQuery",
404494
"dataSourceConfig": {
405-
"query": "DeviceEvents\n| where ActionType in (\"UserAccountCreated\",\"ScheduledTaskCreated\",\"ScheduledTaskDeleted\",\"UserAccountModified\",\"UserAccountAddedToLocalGroup\")\n| project Timestamp, DeviceName, ActionType"
495+
"query": "DeviceEvents\n| where ActionType in (\"AntivirusDetection\",\"AntivirusDetectionCancelled\",\"AntivirusMalwareActionFailed\")\n| project Timestamp, DeviceName, ActionType"
406496
},
407497
"id": "{{dataStreams.advancedHuntingQuery}}",
408498
"sort": {
@@ -433,7 +523,7 @@
433523
"activePluginConfigIds": [
434524
"{{configId}}"
435525
],
436-
"title": "Persistence & Privilege Escalation",
526+
"title": "Malware & Antivirus Detected",
437527
"visualisation": {
438528
"type": "data-stream-scalar",
439529
"config": {
@@ -453,15 +543,15 @@
453543
"w": 1,
454544
"moved": false,
455545
"h": 2,
456-
"x": 0,
546+
"x": 1,
457547
"y": 4,
458-
"i": "6aa1942a-8390-4023-9454-b5accc992f77",
548+
"i": "18116acd-6097-4b27-a0f3-9d8cee0c7611",
459549
"z": 0,
460550
"config": {
461551
"dataStream": {
462552
"name": "advancedHuntingQuery",
463553
"dataSourceConfig": {
464-
"query": "DeviceEvents\n| where ActionType in (\"AntivirusDetection\",\"AntivirusDetectionCancelled\",\"AntivirusMalwareActionFailed\")\n| project Timestamp, DeviceName, ActionType"
554+
"query": "DeviceEvents\n| where ActionType in (\"UserAccountCreated\",\"ScheduledTaskCreated\",\"ScheduledTaskDeleted\",\"UserAccountModified\",\"UserAccountAddedToLocalGroup\")\n| project Timestamp, DeviceName, ActionType"
465555
},
466556
"id": "{{dataStreams.advancedHuntingQuery}}",
467557
"sort": {
@@ -492,7 +582,7 @@
492582
"activePluginConfigIds": [
493583
"{{configId}}"
494584
],
495-
"title": "Malware & Antivirus Detected",
585+
"title": "Persistence & Privilege Escalation",
496586
"visualisation": {
497587
"type": "data-stream-scalar",
498588
"config": {
@@ -512,15 +602,15 @@
512602
"w": 1,
513603
"moved": false,
514604
"h": 2,
515-
"x": 1,
605+
"x": 2,
516606
"y": 6,
517-
"i": "b94c9951-c17a-40b1-856f-f9a669d8ac44",
607+
"i": "82ea55ee-eb36-4426-9ffc-a3af01c97297",
518608
"z": 0,
519609
"config": {
520610
"dataStream": {
521611
"name": "advancedHuntingQuery",
522612
"dataSourceConfig": {
523-
"query": "DeviceEvents\n| where ActionType in (\"UserAccountCreated\",\"ScheduledTaskCreated\",\"ScheduledTaskDeleted\",\"UserAccountModified\",\"UserAccountAddedToLocalGroup\")\n| project Timestamp, DeviceName, ActionType"
613+
"query": "DeviceEvents\n| where ActionType startswith \"AppControl\"\n| project Timestamp, DeviceName, ActionType"
524614
},
525615
"id": "{{dataStreams.advancedHuntingQuery}}",
526616
"sort": {
@@ -551,7 +641,7 @@
551641
"activePluginConfigIds": [
552642
"{{configId}}"
553643
],
554-
"title": "Persistence & Privilege Escalation",
644+
"title": "Application Control",
555645
"visualisation": {
556646
"type": "data-stream-table",
557647
"config": {
@@ -571,15 +661,15 @@
571661
"w": 1,
572662
"moved": false,
573663
"h": 2,
574-
"x": 2,
664+
"x": 3,
575665
"y": 6,
576-
"i": "82ea55ee-eb36-4426-9ffc-a3af01c97297",
666+
"i": "78729826-2fb5-4879-b90d-6be92c3cca55",
577667
"z": 0,
578668
"config": {
579669
"dataStream": {
580670
"name": "advancedHuntingQuery",
581671
"dataSourceConfig": {
582-
"query": "DeviceEvents\n| where ActionType startswith \"AppControl\"\n| project Timestamp, DeviceName, ActionType"
672+
"query": "DeviceEvents\n| where ActionType in (\"ExploitGuardNetworkProtectionBlocked\",\"ExploitGuardNonMicrosoftSignedBlocked\")\n| project Timestamp, DeviceName, ActionType"
583673
},
584674
"id": "{{dataStreams.advancedHuntingQuery}}",
585675
"sort": {
@@ -610,7 +700,7 @@
610700
"activePluginConfigIds": [
611701
"{{configId}}"
612702
],
613-
"title": "Application Control",
703+
"title": "Exploits",
614704
"visualisation": {
615705
"type": "data-stream-table",
616706
"config": {
@@ -630,15 +720,15 @@
630720
"w": 1,
631721
"moved": false,
632722
"h": 2,
633-
"x": 3,
723+
"x": 0,
634724
"y": 6,
635-
"i": "78729826-2fb5-4879-b90d-6be92c3cca55",
725+
"i": "3b81144e-1593-4d20-a786-aa4341398f66",
636726
"z": 0,
637727
"config": {
638728
"dataStream": {
639729
"name": "advancedHuntingQuery",
640730
"dataSourceConfig": {
641-
"query": "DeviceEvents\n| where ActionType in (\"ExploitGuardNetworkProtectionBlocked\",\"ExploitGuardNonMicrosoftSignedBlocked\")\n| project Timestamp, DeviceName, ActionType"
731+
"query": "DeviceEvents\n| where ActionType in (\"AntivirusDetection\",\"AntivirusDetectionCancelled\",\"AntivirusMalwareActionFailed\")\n| project Timestamp, DeviceName, ActionType"
642732
},
643733
"id": "{{dataStreams.advancedHuntingQuery}}",
644734
"sort": {
@@ -669,15 +759,12 @@
669759
"activePluginConfigIds": [
670760
"{{configId}}"
671761
],
672-
"title": "Exploits",
762+
"title": "Malware & Antivirus Detected",
673763
"visualisation": {
674764
"type": "data-stream-table",
675765
"config": {
676766
"data-stream-table": {
677-
"columnOrder": [
678-
"DeviceName_uniqueValues",
679-
"count"
680-
],
767+
"columnOrder": [],
681768
"hiddenColumns": []
682769
}
683770
}
@@ -689,15 +776,15 @@
689776
"w": 1,
690777
"moved": false,
691778
"h": 2,
692-
"x": 0,
779+
"x": 1,
693780
"y": 6,
694-
"i": "3b81144e-1593-4d20-a786-aa4341398f66",
781+
"i": "b94c9951-c17a-40b1-856f-f9a669d8ac44",
695782
"z": 0,
696783
"config": {
697784
"dataStream": {
698785
"name": "advancedHuntingQuery",
699786
"dataSourceConfig": {
700-
"query": "DeviceEvents\n| where ActionType in (\"AntivirusDetection\",\"AntivirusDetectionCancelled\",\"AntivirusMalwareActionFailed\")\n| project Timestamp, DeviceName, ActionType"
787+
"query": "DeviceEvents\n| where ActionType in (\"UserAccountCreated\",\"ScheduledTaskCreated\",\"ScheduledTaskDeleted\",\"UserAccountModified\",\"UserAccountAddedToLocalGroup\")\n| project Timestamp, DeviceName, ActionType"
701788
},
702789
"id": "{{dataStreams.advancedHuntingQuery}}",
703790
"sort": {
@@ -728,20 +815,23 @@
728815
"activePluginConfigIds": [
729816
"{{configId}}"
730817
],
731-
"title": "Malware & Antivirus Detected",
818+
"title": "Persistence & Privilege Escalation",
732819
"visualisation": {
733820
"type": "data-stream-table",
734821
"config": {
735822
"data-stream-table": {
736-
"columnOrder": [],
823+
"columnOrder": [
824+
"DeviceName_uniqueValues",
825+
"count"
826+
],
737827
"hiddenColumns": []
738828
}
739829
}
740830
}
741831
}
742832
}
743833
],
744-
"version": 68,
834+
"version": 77,
745835
"columns": 4
746836
}
747837
}

0 commit comments

Comments
 (0)