From 13f000821d28f21605ffc0097904a7885abd4719 Mon Sep 17 00:00:00 2001 From: jujufugh Date: Fri, 26 Apr 2024 16:48:30 -0400 Subject: [PATCH] Trend of Identity API Calls widget --- .../Identity Security.json | 1065 ++++++++++++----- 1 file changed, 758 insertions(+), 307 deletions(-) diff --git a/knowlege-content/MAP/security-fundamentals-dashboards/Identity Security.json b/knowlege-content/MAP/security-fundamentals-dashboards/Identity Security.json index a48c494..f07f0e4 100644 --- a/knowlege-content/MAP/security-fundamentals-dashboards/Identity Security.json +++ b/knowlege-content/MAP/security-fundamentals-dashboards/Identity Security.json @@ -1,14 +1,14 @@ { "dashboards": [ { - "dashboardId": "ocid1.managementdashboard.oc1..aaaaaaaayjbm7spwcse2ikv74qrrrerv4jfqrwajpdoh2gzpvq7xrc24l55q", + "dashboardId": "ocid1.managementdashboard.oc1..aaaaaaaax2jggor6xip43d6yk4zw25vb4cwfjwuqvf3qqjjbw7otpfrvtmfa", "providerId": "log-analytics", "providerName": "Logging Analytics", "providerVersion": "3.0.0", "tiles": [ { "displayName": "Successful Logins", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaantd6x6nnomrxdfx6zxdleal7hv4jr7uvw5fmlf2o4jo2bqo4mmia", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaajnobylo4g63vtuwlqtjhdbdbjqugmvazm4ypr57kwyd6vmbivqcq", "row": 0, "column": 0, "height": 3, @@ -23,14 +23,14 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "Failed Logins", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaatk2qtwuwow57egy3zyf3iohkctbyfnmes33enm2mme7eg63clmmq", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaailxpv5wg3fm43pxjld4jr2nolt67qwfzm54vb24pv7ee74cjby2q", "row": 0, "column": 4, "height": 3, @@ -45,14 +45,14 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "User Password Reset", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaaxecwwbuzoblibevdrw23zcpspb7quw57frhzr34nfgrd3b46prra", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaac5g26e3575kzmht4d7tqrwiq5gkmtgxi42ynk3nxx7alcmvgd43a", "row": 0, "column": 8, "height": 3, @@ -67,14 +67,14 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "User Creation", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaagdoax4exqze7ljua6m5tvirwnlczfxkiizftawbcomsi4dipicdq", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaauloe4i2ar5youugrfhwgryq6dcejt2ejkuh6zw2utnnvpiw3xztq", "row": 3, "column": 0, "height": 3, @@ -89,14 +89,14 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "Dormant Users", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaadxo43rrqzfwgasya5k26dfms4tvkerqapv73asd3dxisdytlkiva", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaa3qpd5udinrqosaj4ub3e3fdyy3b4kyozeve36klio3sgcusih2bq", "row": 3, "column": 4, "height": 3, @@ -111,15 +111,15 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "Top Identity Events Producers", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaaay6vwkkmsixjb7qb3kbwqkkhbcekgu7qwtsqd3irwh6duk4mqouq", - "row": 9, + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaab7pyyoowxzct2i32q3dtfsg4ol47np6ht7rio4vw7bigx3yfpnxq", + "row": 17, "column": 8, "height": 3, "width": 4, @@ -133,14 +133,14 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "Group Changes", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaalk35v2jycsgsizdgcrdtxpnwzfh3ow5ifbc7poreghzfq2z3cnwa", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaao2gvqcm543fxtu4wsvotvzamwzuxiq3e5swt5wzlaipatycg3dsa", "row": 6, "column": 0, "height": 3, @@ -155,14 +155,14 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "User Changes", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaaqib7gbvygmvvacrxh4zcwmr4fj3arhiq4wmqojubbcu3rvzeypzq", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaaqzvxwr6wwnrjgt6hnr2kh2r4yku62as3kpxkdunzkvn365r7egna", "row": 6, "column": 4, "height": 3, @@ -177,14 +177,14 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "IAM Policy Update", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaap7256ugpcbh32yxt3z7v52zvzd7dnmgbykisyjej2dogwljq6wda", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaat5xjog5zohhmy4uywj6dtbo23bibdqah3rnrn4vutkyjkv33ecya", "row": 6, "column": 8, "height": 3, @@ -199,15 +199,15 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "API Key Creation ", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaanhuqhowcuw2rsgks455s7n5jrnrbmmdmyqagl7bmdxi7plbf6zhq", - "row": 9, + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaa5rlc62roajtnjpmungxduzg7dctij4f2jg6kszjy5y6rlu5xjyqq", + "row": 17, "column": 0, "height": 3, "width": 4, @@ -221,15 +221,15 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "IDP Changes", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaaehmcaezjujn6z2xxiff42cyo7ljqe5muqlhzuqrwajxr775hycta", - "row": 9, + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaatmyqtppm4cuarvr6re2ngjxhzcfitavv2lop2jgnrihefqhprthq", + "row": 17, "column": 4, "height": 3, "width": 4, @@ -243,14 +243,14 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "Account Locks per day", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaa35fr2hogujw42nueppsxndaapkpofktcolzq66bsioxdtxuggafq", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaay33emkzyxwi6dr2pr4737vhevgaqav43pyelgw35wx3vuom7n7wa", "row": 3, "column": 8, "height": 3, @@ -265,15 +265,15 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null }, { "displayName": "Geostats for Unsuccessful Logins", - "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaaatpyzrkigxz32w65s6bsjvhicwbpuvr75h45khcbqczalws3mkpa", - "row": 12, + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaa6pkp53djo27fzcwp7wymzfyg2gfj5hasc2s3g3v44yffkojbi2vq", + "row": 20, "column": 0, "height": 4, "width": 12, @@ -287,7 +287,29 @@ "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", "time": "$(dashboard.params.time)", "flex": { - "Security Destination Endpoint Additional Attributes": "$(dashboard.params.log-analytics-log-field-filter)" + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" + } + }, + "description": null + }, + { + "displayName": "Trend of Identity API Calls", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaapti7zwscfliag4su33azm22aaibjwj4ra77m2pwzayxyizrxa66a", + "row": 9, + "column": 0, + "height": 8, + "width": 12, + "nls": {}, + "uiConfig": {}, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": { + "log-analytics-log-group-compartment": "$(dashboard.params.log-analytics-loggroup-filter)", + "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", + "time": "$(dashboard.params.time)", + "flex": { + "Domain": "$(dashboard.params.log-analytics-log-field-filter)" } }, "description": null @@ -295,7 +317,7 @@ ], "displayName": "Identity Security", "description": "SFD Identity Dashboard", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobDashboard": false, "isShowInHome": false, "metadataVersion": "2.0", @@ -312,14 +334,14 @@ "isFavorite": false, "savedSearches": [ { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaadxo43rrqzfwgasya5k26dfms4tvkerqapv73asd3dxisdytlkiva", - "displayName": "Dormant Users", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaat5xjog5zohhmy4uywj6dtbo23bibdqah3rnrn4vutkyjkv33ecya", + "displayName": "IAM Policy Update", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, - "description": "SFD Dormant Users", + "description": "SFD IAM Policy Update", "nls": {}, "type": "WIDGET_SHOW_IN_DASHBOARD", "uiConfig": { @@ -329,132 +351,220 @@ "timePeriod": "relative" }, "showTitle": true, - "visualizationType": "tile", + "visualizationType": "table_histogram", "visualizationOptions": { - "inputTextEnabled": true, - "changeLabel": "Dormant Users (30 days)", - "formatNumber": false, "customVizOpt": { - "LINK_CLASSIFY_SETTINGS": { - "Dormant Users": { - "chartHeight": 200, - "chartType": [ - "trend" - ], - "classifyColorPalette": { - "1": "default", - "7": "func2_unique_udfs4", - "8": "default", - "9": "usrname" - }, - "classifyColorPaletteCustom": { - "7": {}, - "9": {} - }, - "classifyFilters": { - "classifyNarrowResults": [ - "on" - ], - "selectAllFilters": [ - "on" - ], - "selectedClassifyFilters": [ - 6, - 7, - 8 - ], - "showClassifyFilters": [] - }, - "colorColumn": 9, - "descendingXAxis": [ - null - ], - "descendingYAxis": [ - null - ], - "drilldown": "on", - "groupAlias": "Groups", - "groupAliasS": "Group", - "showAnomaly": [ - "off" - ], - "showBaseline": [ - "off" - ], - "showDimensions": [ - "on" - ], - "sizeColumn": 8, - "swapXY": [ - "off" - ], - "zeroXAxis": [ - "on" - ], - "zeroYAxis": [ - "on" - ] - } + "GEOMAP_SETTINGS": { + "basemap": "bi_world_map_light", + "clusterColor": "rgb(192, 192, 192)", + "filterOnZoom": false, + "isShowLegend": true, + "lat": 2273030.9269876885, + "lon": 0, + "mapZoom": 1, + "pointColor": "rgb(0, 0, 255)", + "srid": 3857, + "toggleClusters": false }, - "LINK_SEARCH_SETTINGS": { - "chartHeightVal": 200, - "chartOptions": [ - "bar" - ], - "chartType": "bar", - "chartWidthVal": 60, - "columnAliases": {}, - "dashboardOptions": { - "showAnalyzeTab": [], - "showChartsTab": [], - "showSummary": [], - "showTable": [], - "showTabs": [ - "on" - ] - }, - "groupAliasP": "Groups", - "groupAliasS": "Group", - "hiddenCharts": { - "groupColumn": true + "primaryFieldIname": "mbody" + } + }, + "queryString": "Type like '%identity%policy%' and Method != get | fields -Entity, 'User Name', Event, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source' | timestats count", + "scopeFilters": { + "filters": [ + { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true }, - "hiddenClassifyCharts": {}, - "hiddenColumns": { - "g_duration": true, - "g_endepoch": true, - "g_startepoch": true, - "query_end_time": true, - "query_start_time": true, - "trend_interval": true, - "trend_interval_unit": true + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "label": "ociateam (root)" + } + ] + }, + { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq" }, - "highlightColumnStatus": {}, - "linkSummaryInput": "", - "logAliasP": "Log Records", - "mergeHighlightColumns": [], - "showAllRegions": [], - "showCombinedCharts": [ - "off" - ], - "showNonUnitRawData": [], - "showStack": [ - "off" - ], - "showToolTips": [ - "on" - ], - "showUnitRawData": [], - "smartGroup": [ - "off" - ], - "styleDefaults": { - "lineType": "curved", - "markerDisplayed": "on" + "values": [] + }, + { + "type": "LogSet", + "flags": {}, + "values": [] + }, + { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "US West (Phoenix)" + } + ] + } + ], + "isGlobal": false, + "LogGroup": { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "label": "ociateam (root)" + } + ] + }, + "Entity": { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq" + }, + "values": [] + }, + "LogSet": { + "type": "LogSet", + "flags": {}, + "values": [] + }, + "Region": { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "US West (Phoenix)" } + ] + } + }, + "vizType": "lxSavedSearchWidgetType", + "enableWidgetInApp": true + }, + "dataConfig": [], + "screenImage": " ", + "metadataVersion": "2.0", + "widgetTemplate": "visualizations/chartWidgetTemplate.html", + "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", + "freeformTags": {}, + "definedTags": {}, + "parametersConfig": [ + { + "name": "log-analytics-log-group-compartment", + "displayName": "Log Group Compartment", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-4a" + ], + "editUi": { + "inputType": "none" + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-entity", + "displayName": "Entity", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-2a" + ], + "editUi": { + "inputType": "none" + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-log-set", + "displayName": "Log Set", + "required": true, + "hidden": "$(window.logSetNotEnabled)", + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-3a" + ], + "editUi": { + "inputType": "none" + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-region", + "displayName": "Region", + "required": false, + "defaultFilterIds": [ + "OOBSS-management-dashboard-region-filter" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-region-filter" } } }, - "queryString": "Time between * and * and 'Event ID' = sso.session.create.success | stats latest('Event End Time') as 'Last Login' by 'User Name' | where 'Last Login' < dateRelative(30day) | sort -'Last Login'", + { + "name": "time", + "displayName": "$(bundle.globalSavedSearch.TIME)", + "required": true, + "hidden": true + }, + { + "name": "flex" + } + ], + "featuresConfig": { + "crossService": { + "shared": true + } + }, + "drilldownConfig": [] + }, + { + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaajnobylo4g63vtuwlqtjhdbdbjqugmvazm4ypr57kwyd6vmbivqcq", + "displayName": "Successful Logins", + "providerId": "log-analytics", + "providerVersion": "3.0.0", + "providerName": "Logging Analytics", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "isOobSavedSearch": false, + "description": "SFD Successful Logins per day", + "nls": {}, + "type": "WIDGET_SHOW_IN_DASHBOARD", + "uiConfig": { + "timeSelection": { + "timePeriod": "l14day" + }, + "showTitle": true, + "visualizationType": "table_histogram", + "visualizationOptions": { + "customVizOpt": { + "GEOMAP_SETTINGS": { + "basemap": "bi_world_map_light", + "clusterColor": "rgb(192, 192, 192)", + "filterOnZoom": false, + "isShowLegend": true, + "lat": 2273030.9269876885, + "lon": 0, + "mapZoom": 1, + "pointColor": "rgb(0, 0, 255)", + "srid": 3857, + "toggleClusters": false + }, + "primaryFieldIname": "mbody" + } + }, + "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' = sso.session.create.success | fields -Entity, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', -'Security Destination Endpoint Domain', 'User Name', 'Event ID', Domain as 'Identity Domain' | timestats span = 1day count", "scopeFilters": { "filters": [ { @@ -530,7 +640,7 @@ ] } }, - "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaadxo43rrqzfwgasya5k26dfms4tvkerqapv73asd3dxisdytlkiva", + "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaantd6x6nnomrxdfx6zxdleal7hv4jr7uvw5fmlf2o4jo2bqo4mmia", "vizType": "lxSavedSearchWidgetType", "enableWidgetInApp": true }, @@ -539,7 +649,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -617,14 +727,14 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaaay6vwkkmsixjb7qb3kbwqkkhbcekgu7qwtsqd3irwh6duk4mqouq", - "displayName": "Top Identity Events Producers", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaay33emkzyxwi6dr2pr4737vhevgaqav43pyelgw35wx3vuom7n7wa", + "displayName": "Account Locks per day", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, - "description": "SFD Top Identity Events Producers", + "description": "SFD Account Locks per day", "nls": {}, "type": "WIDGET_SHOW_IN_DASHBOARD", "uiConfig": { @@ -632,13 +742,13 @@ "timePeriod": "l60min" }, "showTitle": true, - "visualizationType": "pie", + "visualizationType": "table_histogram", "visualizationOptions": { "customVizOpt": { "primaryFieldIname": "mbody" } }, - "queryString": "Type like '%identity%' and 'User Name' != 'identity-soup' and Principal not like '%cloudguard%' and 'User Agent String' not like 'cloud-infra/%' and 'User Agent String' not like 'cloud infra%' and not natv | eval 'User Name' = if('User Name' = 'null', 'Unknown User', 'User Name') | stats count as logrecords by 'User Name'", + "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' = admin.me.locked.success | fields -Entity, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', -'Security Destination Endpoint Domain', Resource as 'User Name', 'Event ID', Domain as 'Identity Domain' | timestats span = 1day count", "scopeFilters": { "filters": [ { @@ -714,6 +824,7 @@ ] } }, + "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaa35fr2hogujw42nueppsxndaapkpofktcolzq66bsioxdtxuggafq", "vizType": "lxSavedSearchWidgetType", "enableWidgetInApp": true }, @@ -722,7 +833,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -800,43 +911,229 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaaehmcaezjujn6z2xxiff42cyo7ljqe5muqlhzuqrwajxr775hycta", - "displayName": "IDP Changes", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaapti7zwscfliag4su33azm22aaibjwj4ra77m2pwzayxyizrxa66a", + "displayName": "Trend of Identity API Calls", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, - "description": "SFD IDP Changes", + "description": "", "nls": {}, "type": "WIDGET_SHOW_IN_DASHBOARD", "uiConfig": { "timeSelection": { - "numUnits": 90, + "numUnits": 7, "units": "DAYS", "timePeriod": "relative" }, "showTitle": true, - "visualizationType": "records_histogram", + "visualizationType": "link", "visualizationOptions": { + "showLogScale": true, "customVizOpt": { - "GEOMAP_SETTINGS": { - "basemap": "bi_world_map_light", - "clusterColor": "rgb(192, 192, 192)", - "filterOnZoom": false, - "isShowLegend": true, - "lat": 2273030.9269876885, - "lon": 0, - "mapZoom": 1, - "pointColor": "rgb(0, 0, 255)", - "srid": 3857, - "toggleClusters": false - }, - "primaryFieldIname": "mbody", - "primaryFieldDname": "Original Log Content" + "LINK_CLASSIFY_SETTINGS": {}, + "LINK_SEARCH_SETTINGS": { + "groupAliasS": "Group", + "groupAliasP": "Groups", + "logAliasP": "Log Records", + "showUnitRawData": [], + "showNonUnitRawData": [ + "off" + ], + "ms": [], + "selectedTableField": null, + "mergeHighlightColumns": [ + "off" + ], + "groupAdditionalTables": [ + "on" + ], + "columnAliases": {}, + "hiddenCharts": { + "groupColumn": true + }, + "hiddenLinkWidgets": { + "linkwidgetOption_HeaderId": true, + "linkwidgetOption_SummaryId": false, + "linkwidgetOption_AnalyzeId": false, + "linkwidgetOption_TSChartId": false, + "linkwidgetOption_HistogramId": true, + "linkwidgetOption_TableId": false, + "linkwidgetOption_ExtraTableId": false + }, + "hiddenColumns": { + "g_duration": true, + "query_start_time": true, + "query_end_time": true, + "trend_interval": true, + "trend_interval_unit": true + }, + "highlightColumnStatus": {}, + "hiddenClassifyCharts": {}, + "hiddenTableFields": {}, + "showCombinedCharts": [ + "on" + ], + "showStack": [ + "off" + ], + "smartGroup": [ + "off" + ], + "hideYAxis": [ + "off" + ], + "styleDefaults": { + "lineType": "curved", + "markerDisplayed": "on" + }, + "chartOptions": "bar", + "chartType": "bar", + "chartHeightVal": 200, + "chartWidthVal": 60, + "showToolTips": [ + "on" + ], + "dashboardWidgetOptions": { + "showTabs": [], + "showSummary": [], + "showAnalyzeTab": [ + "on" + ], + "showTSCharts": [ + "on" + ], + "showChartsTab": [ + "on" + ], + "showTable": [], + "showExtraTable": [] + }, + "linkSummaryInput": "", + "timeseries": { + "timestats1": { + "showCombinedCharts": [ + "on" + ], + "showStack": [ + "off" + ], + "smartGroup": [ + "on" + ], + "showLegend": [], + "hideYAxis": [], + "chartOptions": "lineWithMarker", + "chartType": "line", + "chartHeightVal": 200, + "chartWidthVal": 60, + "showToolTips": [], + "colorColumn": 0, + "hiddenTSCharts": {}, + "timeSeriesColorPalette": { + "0": null, + "1": null, + "2": "unassigned_id", + "3": "default", + "4": "default", + "5": "default" + }, + "timeSeriesColorPaletteCustom": { + "0": {}, + "1": {}, + "2": { + "high": "400" + } + }, + "tsFilters": { + "selectAllFilters": [ + "off" + ], + "showTSFilters": [ + "on" + ], + "selectedTSFilters": [ + "path", + "timestats1_func1_sum_g_count" + ], + "filterSelectedKeyMapByFilterIndex": [ + [] + ], + "legendTypeMap": { + "timestats1_func1_sum_g_count": { + "type": "default", + "zeroBucket": true + } + } + } + }, + "timecluster1": { + "showCombinedCharts": [ + "on" + ], + "showStack": [ + "off" + ], + "smartGroup": [ + "on" + ], + "showLegend": [ + "off" + ], + "hideYAxis": [ + "off" + ], + "chartOptions": "bandWithArea", + "chartType": "combo", + "chartHeightVal": 200, + "chartWidthVal": 60, + "showToolTips": [ + "off" + ], + "colorColumn": 0, + "hiddenTSCharts": {}, + "timeSeriesColorPalette": { + "0": "path", + "1": "srcip", + "2": "func2_unique_status", + "3": "timecluster_id", + "4": "default", + "5": "default", + "8": "default" + }, + "timeSeriesColorPaletteCustom": { + "0": {}, + "1": {}, + "2": { + "no|false|not ok|bad|out of memory|reject.*": "200" + }, + "3": {} + }, + "tsFilters": { + "selectAllFilters": [ + "off" + ], + "showTSFilters": [ + "on" + ], + "selectedTSFilters": [ + "path", + "srcip", + "func2_unique_status", + "timecluster_id", + "timecluster1_func1_sum_g_count" + ], + "filterSelectedKeyMapByFilterIndex": [], + "legendTypeMap": {} + }, + "chartGroup": "none" + } + } + } } }, - "queryString": "Type like 'com.oraclecloud.identitycontrolplane%identityprovider' and Method != get | timestats count", + "queryString": "'Log Source' = 'OCI Audit Logs' and Domain like 'idcs-%' and Path like '%/%' | link span = 1minute Time, Path, 'Source IP' | stats unique('Event ID') as 'Event ID', unique(Status) as Status, unique(Method) as Method, unique('Security Actor Display Name') as Actor | timecluster sum(Count) as Calls by Path, 'Source IP', Status", "scopeFilters": { "filters": [ { @@ -851,6 +1148,11 @@ } ] }, + { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, { "type": "Entity", "flags": { @@ -864,6 +1166,23 @@ "flags": {}, "values": [] }, + { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "label": "ociateam (root)" + } + ] + }, + { + "type": "LogFields", + "flags": {}, + "values": [] + }, { "type": "Region", "flags": {}, @@ -888,6 +1207,11 @@ } ] }, + "MetricCompartment": { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, "Entity": { "type": "Entity", "flags": { @@ -901,6 +1225,23 @@ "flags": {}, "values": [] }, + "ResourceCompartment": { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "label": "ociateam (root)" + } + ] + }, + "LogFields": { + "type": "LogFields", + "flags": {}, + "values": [] + }, "Region": { "type": "Region", "flags": {}, @@ -920,7 +1261,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -978,6 +1319,9 @@ "filterTile": { "filterId": "OOBSS-management-dashboard-region-filter" } + }, + "valueFormat": { + "type": "array" } }, { @@ -998,24 +1342,42 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaalk35v2jycsgsizdgcrdtxpnwzfh3ow5ifbc7poreghzfq2z3cnwa", - "displayName": "Group Changes", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaa5rlc62roajtnjpmungxduzg7dctij4f2jg6kszjy5y6rlu5xjyqq", + "displayName": "API Key Creation ", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, - "description": "SFD Group changes", + "description": "SFD API Key Creation ", "nls": {}, "type": "WIDGET_SHOW_IN_DASHBOARD", "uiConfig": { "timeSelection": { - "timePeriod": "l7day" + "numUnits": 90, + "units": "DAYS", + "timePeriod": "relative" }, "showTitle": true, "visualizationType": "table_histogram", - "visualizationOptions": {}, - "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' in (admin.group.add.member.success, admin.group.remove.member.success) | fields -Entity, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', 'User Name', Resource as 'Group Name', 'Event ID' | timestats span = 1day count", + "visualizationOptions": { + "customVizOpt": { + "GEOMAP_SETTINGS": { + "basemap": "bi_world_map_light", + "clusterColor": "rgb(192, 192, 192)", + "filterOnZoom": false, + "isShowLegend": true, + "lat": 2273030.9269876885, + "lon": 0, + "mapZoom": 1, + "pointColor": "rgb(0, 0, 255)", + "srid": 3857, + "toggleClusters": false + }, + "primaryFieldIname": "mbody" + } + }, + "queryString": "Type = com.oraclecloud.identityControlPlane.UploadApiKey | fields -Entity, 'User Name', Event, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', -'Security Destination Endpoint Domain', -Type | timestats count", "scopeFilters": { "filters": [ { @@ -1091,7 +1453,6 @@ ] } }, - "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaalk35v2jycsgsizdgcrdtxpnwzfh3ow5ifbc7poreghzfq2z3cnwa", "vizType": "lxSavedSearchWidgetType", "enableWidgetInApp": true }, @@ -1100,7 +1461,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -1178,12 +1539,12 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaaatpyzrkigxz32w65s6bsjvhicwbpuvr75h45khcbqczalws3mkpa", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaa6pkp53djo27fzcwp7wymzfyg2gfj5hasc2s3g3v44yffkojbi2vq", "displayName": "Geostats for Unsuccessful Logins", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, "description": "SFD Geostats for Unsuccessful Logins", "nls": {}, @@ -1297,7 +1658,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -1375,14 +1736,14 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaaxecwwbuzoblibevdrw23zcpspb7quw57frhzr34nfgrd3b46prra", - "displayName": "User Password Reset", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaauloe4i2ar5youugrfhwgryq6dcejt2ejkuh6zw2utnnvpiw3xztq", + "displayName": "User Creation", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, - "description": "SFD Password Recoveries per day", + "description": "SFD New Users per day", "nls": {}, "type": "WIDGET_SHOW_IN_DASHBOARD", "uiConfig": { @@ -1393,11 +1754,10 @@ "visualizationType": "table_histogram", "visualizationOptions": { "customVizOpt": { - "primaryFieldIname": "mbody", - "primaryFieldDname": "Original Log Content" + "primaryFieldIname": "mbody" } }, - "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' in (admin.me.password.reset.request.success, admin.me.password.reset.success) | fields -'Log Source', -Label, -'Problem Priority', -'Host Name (Server)', -'Entity Type', -Entity, -'Security Destination Endpoint Domain', 'User Name', 'Event ID', Domain as 'Identity Domain' | timestats span = 1day count", + "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' = admin.user.create.success | fields -Entity, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', -'Security Destination Endpoint Domain', 'Security Resource Name', 'Event ID', Domain as 'Identity Domain' | timestats span = 1day count", "scopeFilters": { "filters": [ { @@ -1473,7 +1833,7 @@ ] } }, - "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaaxecwwbuzoblibevdrw23zcpspb7quw57frhzr34nfgrd3b46prra", + "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaagdoax4exqze7ljua6m5tvirwnlczfxkiizftawbcomsi4dipicdq", "vizType": "lxSavedSearchWidgetType", "enableWidgetInApp": true }, @@ -1482,7 +1842,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -1560,28 +1920,149 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaagdoax4exqze7ljua6m5tvirwnlczfxkiizftawbcomsi4dipicdq", - "displayName": "User Creation", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaa3qpd5udinrqosaj4ub3e3fdyy3b4kyozeve36klio3sgcusih2bq", + "displayName": "Dormant Users", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, - "description": "SFD New Users per day", + "description": "SFD Dormant Users", "nls": {}, "type": "WIDGET_SHOW_IN_DASHBOARD", "uiConfig": { "timeSelection": { - "timePeriod": "l24hr" + "numUnits": 90, + "units": "DAYS", + "timePeriod": "relative" }, "showTitle": true, - "visualizationType": "table_histogram", + "visualizationType": "tile", "visualizationOptions": { + "inputTextEnabled": true, + "changeLabel": "Dormant Users (30 days)", + "formatNumber": false, "customVizOpt": { - "primaryFieldIname": "mbody" + "LINK_CLASSIFY_SETTINGS": { + "Dormant Users": { + "chartHeight": 200, + "chartType": [ + "trend" + ], + "classifyColorPalette": { + "1": "default", + "7": "func2_unique_udfs4", + "8": "default", + "9": "usrname" + }, + "classifyColorPaletteCustom": { + "7": {}, + "9": {} + }, + "classifyFilters": { + "classifyNarrowResults": [ + "on" + ], + "selectAllFilters": [ + "on" + ], + "selectedClassifyFilters": [ + 6, + 7, + 8 + ], + "showClassifyFilters": [] + }, + "colorColumn": 9, + "descendingXAxis": [ + null + ], + "descendingYAxis": [ + null + ], + "drilldown": "on", + "groupAlias": "Groups", + "groupAliasS": "Group", + "showAnomaly": [ + "off" + ], + "showBaseline": [ + "off" + ], + "showDimensions": [ + "on" + ], + "sizeColumn": 8, + "swapXY": [ + "off" + ], + "zeroXAxis": [ + "on" + ], + "zeroYAxis": [ + "on" + ] + } + }, + "LINK_SEARCH_SETTINGS": { + "chartHeightVal": 200, + "chartOptions": [ + "bar" + ], + "chartType": "bar", + "chartWidthVal": 60, + "columnAliases": {}, + "dashboardOptions": { + "showAnalyzeTab": [], + "showChartsTab": [], + "showSummary": [], + "showTable": [], + "showTabs": [ + "on" + ] + }, + "groupAliasP": "Groups", + "groupAliasS": "Group", + "hiddenCharts": { + "groupColumn": true + }, + "hiddenClassifyCharts": {}, + "hiddenColumns": { + "g_duration": true, + "g_endepoch": true, + "g_startepoch": true, + "query_end_time": true, + "query_start_time": true, + "trend_interval": true, + "trend_interval_unit": true + }, + "highlightColumnStatus": {}, + "linkSummaryInput": "", + "logAliasP": "Log Records", + "mergeHighlightColumns": [], + "showAllRegions": [], + "showCombinedCharts": [ + "off" + ], + "showNonUnitRawData": [], + "showStack": [ + "off" + ], + "showToolTips": [ + "on" + ], + "showUnitRawData": [], + "smartGroup": [ + "off" + ], + "styleDefaults": { + "lineType": "curved", + "markerDisplayed": "on" + } + } } }, - "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' = admin.user.create.success | fields -Entity, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', -'Security Destination Endpoint Domain', 'Security Resource Name', 'Event ID', Domain as 'Identity Domain' | timestats span = 1day count", + "queryString": "Time between * and * and 'Event ID' = sso.session.create.success | stats latest('Event End Time') as 'Last Login' by 'User Name' | where 'Last Login' < dateRelative(30day) | sort -'Last Login'", "scopeFilters": { "filters": [ { @@ -1657,7 +2138,7 @@ ] } }, - "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaagdoax4exqze7ljua6m5tvirwnlczfxkiizftawbcomsi4dipicdq", + "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaadxo43rrqzfwgasya5k26dfms4tvkerqapv73asd3dxisdytlkiva", "vizType": "lxSavedSearchWidgetType", "enableWidgetInApp": true }, @@ -1666,7 +2147,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -1744,12 +2225,12 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaaqib7gbvygmvvacrxh4zcwmr4fj3arhiq4wmqojubbcu3rvzeypzq", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaaqzvxwr6wwnrjgt6hnr2kh2r4yku62as3kpxkdunzkvn365r7egna", "displayName": "User Changes", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, "description": "SFD User Changes", "nls": {}, @@ -1846,7 +2327,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -1924,28 +2405,43 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaatk2qtwuwow57egy3zyf3iohkctbyfnmes33enm2mme7eg63clmmq", - "displayName": "Failed Logins", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaatmyqtppm4cuarvr6re2ngjxhzcfitavv2lop2jgnrihefqhprthq", + "displayName": "IDP Changes", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, - "description": "SFD Unsuccessful Logins per day", + "description": "SFD IDP Changes", "nls": {}, "type": "WIDGET_SHOW_IN_DASHBOARD", "uiConfig": { "timeSelection": { - "timePeriod": "l7day" + "numUnits": 90, + "units": "DAYS", + "timePeriod": "relative" }, "showTitle": true, - "visualizationType": "table_histogram", + "visualizationType": "records_histogram", "visualizationOptions": { "customVizOpt": { - "primaryFieldIname": "mbody" + "GEOMAP_SETTINGS": { + "basemap": "bi_world_map_light", + "clusterColor": "rgb(192, 192, 192)", + "filterOnZoom": false, + "isShowLegend": true, + "lat": 2273030.9269876885, + "lon": 0, + "mapZoom": 1, + "pointColor": "rgb(0, 0, 255)", + "srid": 3857, + "toggleClusters": false + }, + "primaryFieldIname": "mbody", + "primaryFieldDname": "Original Log Content" } }, - "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' = sso.authentication.failure | fields -Entity, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', 'User Name', 'Event ID', Domain as 'Identity Domain' | timestats span = 1day count", + "queryString": "Type like 'com.oraclecloud.identitycontrolplane%identityprovider' and Method != get | timestats count", "scopeFilters": { "filters": [ { @@ -2021,7 +2517,6 @@ ] } }, - "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaatk2qtwuwow57egy3zyf3iohkctbyfnmes33enm2mme7eg63clmmq", "vizType": "lxSavedSearchWidgetType", "enableWidgetInApp": true }, @@ -2030,7 +2525,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -2108,42 +2603,29 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaanhuqhowcuw2rsgks455s7n5jrnrbmmdmyqagl7bmdxi7plbf6zhq", - "displayName": "API Key Creation ", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaac5g26e3575kzmht4d7tqrwiq5gkmtgxi42ynk3nxx7alcmvgd43a", + "displayName": "User Password Reset", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, - "description": "SFD API Key Creation ", + "description": "SFD Password Recoveries per day", "nls": {}, "type": "WIDGET_SHOW_IN_DASHBOARD", "uiConfig": { "timeSelection": { - "numUnits": 90, - "units": "DAYS", - "timePeriod": "relative" + "timePeriod": "l14day" }, "showTitle": true, "visualizationType": "table_histogram", "visualizationOptions": { "customVizOpt": { - "GEOMAP_SETTINGS": { - "basemap": "bi_world_map_light", - "clusterColor": "rgb(192, 192, 192)", - "filterOnZoom": false, - "isShowLegend": true, - "lat": 2273030.9269876885, - "lon": 0, - "mapZoom": 1, - "pointColor": "rgb(0, 0, 255)", - "srid": 3857, - "toggleClusters": false - }, - "primaryFieldIname": "mbody" + "primaryFieldIname": "mbody", + "primaryFieldDname": "Original Log Content" } }, - "queryString": "Type = com.oraclecloud.identityControlPlane.UploadApiKey | fields -Entity, 'User Name', Event, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', -'Security Destination Endpoint Domain', -Type | timestats count", + "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' in (admin.me.password.reset.request.success, admin.me.password.reset.success, admin.user.password.change.success) | fields -'Log Source', -Label, -'Problem Priority', -'Host Name (Server)', -'Entity Type', -Entity, 'OCI Resource Name' as User, 'Event ID', Domain | timestats span = 1day count", "scopeFilters": { "filters": [ { @@ -2219,6 +2701,7 @@ ] } }, + "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaaxecwwbuzoblibevdrw23zcpspb7quw57frhzr34nfgrd3b46prra", "vizType": "lxSavedSearchWidgetType", "enableWidgetInApp": true }, @@ -2227,7 +2710,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -2305,14 +2788,14 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaa35fr2hogujw42nueppsxndaapkpofktcolzq66bsioxdtxuggafq", - "displayName": "Account Locks per day", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaab7pyyoowxzct2i32q3dtfsg4ol47np6ht7rio4vw7bigx3yfpnxq", + "displayName": "Top Identity Events Producers", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, - "description": "SFD Account Locks per day", + "description": "SFD Top Identity Events Producers", "nls": {}, "type": "WIDGET_SHOW_IN_DASHBOARD", "uiConfig": { @@ -2320,13 +2803,13 @@ "timePeriod": "l60min" }, "showTitle": true, - "visualizationType": "table_histogram", + "visualizationType": "pie", "visualizationOptions": { "customVizOpt": { "primaryFieldIname": "mbody" } }, - "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' = admin.me.locked.success | fields -Entity, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', -'Security Destination Endpoint Domain', Resource as 'User Name', 'Event ID', Domain as 'Identity Domain' | timestats span = 1day count", + "queryString": "Type like '%identity%' and 'User Name' != 'identity-soup' and Principal not like '%cloudguard%' and 'User Agent String' not like 'cloud-infra/%' and 'User Agent String' not like 'cloud infra%' and not natv | eval 'User Name' = if('User Name' = 'null', 'Unknown User', 'User Name') | stats count as logrecords by 'User Name'", "scopeFilters": { "filters": [ { @@ -2402,7 +2885,6 @@ ] } }, - "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaa35fr2hogujw42nueppsxndaapkpofktcolzq66bsioxdtxuggafq", "vizType": "lxSavedSearchWidgetType", "enableWidgetInApp": true }, @@ -2411,7 +2893,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -2489,42 +2971,24 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaantd6x6nnomrxdfx6zxdleal7hv4jr7uvw5fmlf2o4jo2bqo4mmia", - "displayName": "Successful Logins", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaao2gvqcm543fxtu4wsvotvzamwzuxiq3e5swt5wzlaipatycg3dsa", + "displayName": "Group Changes", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, - "description": "SFD Successful Logins per day", + "description": "SFD Group changes", "nls": {}, "type": "WIDGET_SHOW_IN_DASHBOARD", "uiConfig": { "timeSelection": { - "numUnits": 3, - "units": "DAYS", - "timePeriod": "relative" + "timePeriod": "l7day" }, "showTitle": true, "visualizationType": "table_histogram", - "visualizationOptions": { - "customVizOpt": { - "GEOMAP_SETTINGS": { - "basemap": "bi_world_map_light", - "clusterColor": "rgb(192, 192, 192)", - "filterOnZoom": false, - "isShowLegend": true, - "lat": 2273030.9269876885, - "lon": 0, - "mapZoom": 1, - "pointColor": "rgb(0, 0, 255)", - "srid": 3857, - "toggleClusters": false - }, - "primaryFieldIname": "mbody" - } - }, - "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' = sso.session.create.success | fields -Entity, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', -'Security Destination Endpoint Domain', 'User Name', 'Event ID', Domain as 'Identity Domain' | timestats span = 1day count", + "visualizationOptions": {}, + "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' in (admin.group.add.member.success, admin.group.remove.member.success) | fields -Entity, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', 'User Name', Resource as 'Group Name', 'Event ID' | timestats span = 1day count", "scopeFilters": { "filters": [ { @@ -2600,7 +3064,7 @@ ] } }, - "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaantd6x6nnomrxdfx6zxdleal7hv4jr7uvw5fmlf2o4jo2bqo4mmia", + "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaalk35v2jycsgsizdgcrdtxpnwzfh3ow5ifbc7poreghzfq2z3cnwa", "vizType": "lxSavedSearchWidgetType", "enableWidgetInApp": true }, @@ -2609,7 +3073,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -2687,42 +3151,28 @@ "drilldownConfig": [] }, { - "id": "ocid1.managementsavedsearch.oc1..aaaaaaaap7256ugpcbh32yxt3z7v52zvzd7dnmgbykisyjej2dogwljq6wda", - "displayName": "IAM Policy Update", + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaailxpv5wg3fm43pxjld4jr2nolt67qwfzm54vb24pv7ee74cjby2q", + "displayName": "Failed Logins", "providerId": "log-analytics", "providerVersion": "3.0.0", "providerName": "Logging Analytics", - "compartmentId": "ocid1.tenancy.oc1..aaaaaaaaa3qmjxr43tjexx75r6gwk6vjw22ermohbw2vbxyhczksgjir7xdq", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", "isOobSavedSearch": false, - "description": "SFD IAM Policy Update", + "description": "SFD Unsuccessful Logins per day", "nls": {}, "type": "WIDGET_SHOW_IN_DASHBOARD", "uiConfig": { "timeSelection": { - "numUnits": 90, - "units": "DAYS", - "timePeriod": "relative" + "timePeriod": "l7day" }, "showTitle": true, "visualizationType": "table_histogram", "visualizationOptions": { "customVizOpt": { - "GEOMAP_SETTINGS": { - "basemap": "bi_world_map_light", - "clusterColor": "rgb(192, 192, 192)", - "filterOnZoom": false, - "isShowLegend": true, - "lat": 2273030.9269876885, - "lon": 0, - "mapZoom": 1, - "pointColor": "rgb(0, 0, 255)", - "srid": 3857, - "toggleClusters": false - }, "primaryFieldIname": "mbody" } }, - "queryString": "Type like '%identity%policy%' and Method != get | fields -Entity, 'User Name', Event, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source' | timestats count", + "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' = sso.authentication.failure | fields -Entity, -'Entity Type', -'Host Name (Server)', -'Problem Priority', -Label, -'Log Source', 'User Name', 'Event ID', Domain as 'Identity Domain' | timestats span = 1day count", "scopeFilters": { "filters": [ { @@ -2798,6 +3248,7 @@ ] } }, + "internalKey": "ocid1.managementsavedsearch.oc1..aaaaaaaatk2qtwuwow57egy3zyf3iohkctbyfnmes33enm2mme7eg63clmmq", "vizType": "lxSavedSearchWidgetType", "enableWidgetInApp": true }, @@ -2806,7 +3257,7 @@ "metadataVersion": "2.0", "widgetTemplate": "visualizations/chartWidgetTemplate.html", "widgetVM": "jet-modules/dashboards/widgets/lxSavedSearchWidget", - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {}, "parametersConfig": [ { @@ -2947,7 +3398,7 @@ } }, "drilldownConfig": [], - "freeformTags": {"oracle-sfd":"Identity-1.2"}, + "freeformTags": {}, "definedTags": {} } ]