Forum Discussion
Looking for ideas to create a 'situational awareness dashboard'
Hi there, I'm going to be creating a dashboard/workbook that represents all alerts and events associated with a given country (say...maybe Russia?). Has anyone created something like this already? ...
I have a work in progress here (based on my workbook in the Sentinel Github, but now a few versions ahead, as I add features).
You can click on a either of the "Top nnnn" grids to see GeoLoaction details on any selected IP
The reports require, these Datasources:
SigninLogs, and one or more of the following W3CIISLog, DNSEvents, WireData, VMConnection, WindowsFirewall, CommonSecurityLog
My Public IP Workbook might also help with some examples for Azure REsources - esp under the [Computer] tab
link: https://raw.githubusercontent.com/clivewatson/KQLpublic/master/KQL/Workbooks/PublicIP/PublicIP v0.2.3release.workbook
- Thanks Clive.
I'll try to add alerts by IP entities to this to see associated incidents.
Much appreciated.
