Forum Discussion
Looking for ideas to create a 'situational awareness dashboard'
Hi there,
I'm going to be creating a dashboard/workbook that represents all alerts and events associated with a given country (say...maybe Russia?).
Has anyone created something like this already?
The workbook would include stuff like:
- Geo map of traffic from the country of interest to all other destinations
- list of all related unique incidents
- list of top destination IPs
- list of top destination IPs by destination port.
- etc etc.
Thank you for your thoughts/suggestions.
2 Replies
I have a work in progress here (based on my workbook in the Sentinel Github, but now a few versions ahead, as I add features).
You can click on a either of the "Top nnnn" grids to see GeoLoaction details on any selected IP
The reports require, these Datasources:
SigninLogs, and one or more of the following W3CIISLog, DNSEvents, WireData, VMConnection, WindowsFirewall, CommonSecurityLog
My Public IP Workbook might also help with some examples for Azure REsources - esp under the [Computer] tab
link: https://raw.githubusercontent.com/clivewatson/KQLpublic/master/KQL/Workbooks/PublicIP/PublicIP v0.2.3release.workbook- Thanks Clive.
I'll try to add alerts by IP entities to this to see associated incidents.
Much appreciated.
