Forum Discussion
Looking for ideas to create a 'situational awareness dashboard'
Hi there, I'm going to be creating a dashboard/workbook that represents all alerts and events associated with a given country (say...maybe Russia?). Has anyone created something like this already? ...
I have a work in progress here (based on my workbook in the Sentinel Github, but now a few versions ahead, as I add features).
You can click on a either of the "Top nnnn" grids to see GeoLoaction details on any selected IP
The reports require, these Datasources:
SigninLogs, and one or more of the following W3CIISLog, DNSEvents, WireData, VMConnection, WindowsFirewall, CommonSecurityLog
My Public IP Workbook might also help with some examples for Azure REsources - esp under the [Computer] tab
link: https://raw.githubusercontent.com/clivewatson/KQLpublic/master/KQL/Workbooks/PublicIP/PublicIP v0.2.3release.workbook
Thanks Clive.
I'll try to add alerts by IP entities to this to see associated incidents.
Much appreciated.
I'll try to add alerts by IP entities to this to see associated incidents.
Much appreciated.