From b2d50b06be8eb80e5cff0c6425775420e58c7b64 Mon Sep 17 00:00:00 2001 From: Amine Tarhini <35249048+atarhini@users.noreply.github.com> Date: Wed, 25 Sep 2024 20:45:44 -0700 Subject: [PATCH] Dashboard JSON and Log Source (#60) --- .../dashboards/IAM Domain Audit.json | 1448 +++++++++++++++++ .../omc_ociAuditLogSource_1726864185327.zip | Bin 0 -> 1516 bytes 2 files changed, 1448 insertions(+) create mode 100644 knowlege-content/iam-domain-audit/dashboards/IAM Domain Audit.json create mode 100644 knowlege-content/iam-domain-audit/log-sources/omc_ociAuditLogSource_1726864185327.zip diff --git a/knowlege-content/iam-domain-audit/dashboards/IAM Domain Audit.json b/knowlege-content/iam-domain-audit/dashboards/IAM Domain Audit.json new file mode 100644 index 0000000..60a2dea --- /dev/null +++ b/knowlege-content/iam-domain-audit/dashboards/IAM Domain Audit.json @@ -0,0 +1,1448 @@ +{ + "dashboards": [ + { + "dashboardId": "ocid1.managementdashboard.oc1..aaaaaaaashmnic7k3oqvwum6zlsji2j76332elmbccvbkuxzochnh4irp4na", + "providerId": "log-analytics", + "providerName": "Logging Analytics", + "providerVersion": "3.0.0", + "tiles": [ + { + "displayName": "Tab Widget Group 1", + "savedSearchId": "OOBSS-management-dashboard-container", + "row": 0, + "column": 0, + "height": 20, + "width": 12, + "nls": {}, + "uiConfig": { + "internalKey": "OOBSS-management-dashboard-container", + "vizType": "tileContainer", + "containerInfo": { + "layout": { + "type": "tab" + }, + "subTiles": [ + { + "displayName": "Audit Log", + "savedSearchId": "OOBSS-management-dashboard-container", + "row": 8, + "column": 0, + "height": 20, + "width": 12, + "nls": {}, + "uiConfig": { + "internalKey": "OOBSS-management-dashboard-container", + "vizType": "tileContainer", + "containerInfo": { + "subTiles": [ + { + "displayName": "Audit Log", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaanaa7kmxkfbi2s3xeymrdprlekdk7j35chs5hsybaolimv4v3tjwq", + "row": 0, + "column": 0, + "height": 20, + "width": 12, + "nls": {}, + "uiConfig": {}, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": { + "time": "$(dashboard.params.time)", + "log-analytics-log-group-compartment": "$(dashboard.params.log-analytics-loggroup-filter)", + "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", + "log-analytics-region": "$(dashboard.params.regionFilter)" + }, + "description": null + } + ] + } + }, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": {}, + "description": null + }, + { + "displayName": "Successful Logins", + "savedSearchId": "OOBSS-management-dashboard-container", + "row": 0, + "column": 0, + "height": 20, + "width": 12, + "nls": {}, + "uiConfig": { + "internalKey": "OOBSS-management-dashboard-container", + "vizType": "tileContainer", + "containerInfo": { + "subTiles": [ + { + "displayName": "Successful Logins", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaavppmuczqhjds4grdjkr6oouwhvu75kzytp2cgufgo662hienu2ya", + "row": 0, + "column": 0, + "height": 20, + "width": 12, + "nls": {}, + "uiConfig": {}, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": { + "time": "$(dashboard.params.time)", + "log-analytics-log-group-compartment": "$(dashboard.params.log-analytics-loggroup-filter)", + "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", + "log-analytics-region": "$(dashboard.params.regionFilter)" + }, + "description": null + } + ] + } + }, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": {}, + "description": null + }, + { + "displayName": "Unsuccessful Logins", + "savedSearchId": "OOBSS-management-dashboard-container", + "row": 0, + "column": 0, + "height": 20, + "width": 12, + "nls": {}, + "uiConfig": { + "internalKey": "OOBSS-management-dashboard-container", + "vizType": "tileContainer", + "containerInfo": { + "subTiles": [ + { + "displayName": "Unsuccessful Logins", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaa2b6uowbs57aveb5jaienyrnamkw4sl4dbja3meclfrg3adczhn6q", + "row": 0, + "column": 0, + "height": 20, + "width": 12, + "nls": {}, + "uiConfig": {}, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": { + "time": "$(dashboard.params.time)", + "log-analytics-log-group-compartment": "$(dashboard.params.log-analytics-loggroup-filter)", + "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", + "log-analytics-region": "$(dashboard.params.regionFilter)" + }, + "description": null + } + ] + } + }, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": {}, + "description": null + }, + { + "displayName": "Application Access", + "savedSearchId": "OOBSS-management-dashboard-container", + "row": 0, + "column": 0, + "height": 20, + "width": 12, + "nls": {}, + "uiConfig": { + "internalKey": "OOBSS-management-dashboard-container", + "vizType": "tileContainer", + "containerInfo": { + "subTiles": [ + { + "displayName": "Application Access", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaavokfycbue5nzpuajhim2i577ub75irun26vco3jjs2tv67jvk4na", + "row": 0, + "column": 0, + "height": 20, + "width": 12, + "nls": {}, + "uiConfig": {}, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": { + "time": "$(dashboard.params.time)", + "log-analytics-log-group-compartment": "$(dashboard.params.log-analytics-loggroup-filter)", + "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", + "log-analytics-region": "$(dashboard.params.regionFilter)" + }, + "description": null + } + ] + } + }, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": {}, + "description": null + }, + { + "displayName": "Application Role Assignment", + "savedSearchId": "OOBSS-management-dashboard-container", + "row": 0, + "column": 0, + "height": 20, + "width": 12, + "nls": {}, + "uiConfig": { + "internalKey": "OOBSS-management-dashboard-container", + "vizType": "tileContainer", + "containerInfo": { + "subTiles": [ + { + "displayName": "Application Role Assignment", + "savedSearchId": "ocid1.managementsavedsearch.oc1..aaaaaaaa5uhcsv7naj7plaeda3fc2ykc2ufojzbjs6llaoe7euffnzk7ymgq", + "row": 0, + "column": 0, + "height": 20, + "width": 12, + "nls": {}, + "uiConfig": {}, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": { + "time": "$(dashboard.params.time)", + "log-analytics-log-group-compartment": "$(dashboard.params.log-analytics-loggroup-filter)", + "log-analytics-entity": "$(dashboard.params.log-analytics-entity-filter)", + "log-analytics-region": "$(dashboard.params.regionFilter)" + }, + "description": null + } + ] + } + }, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": {}, + "description": null + } + ] + } + }, + "dataConfig": [], + "state": "DEFAULT", + "drilldownConfig": [], + "parametersMap": {}, + "description": null + } + ], + "displayName": "IAM Domain Audit", + "description": "IAM Domain Audit Dashboard", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "isOobDashboard": false, + "isShowInHome": false, + "metadataVersion": "2.0", + "isShowDescription": true, + "screenImage": "todo: provide value[mandatory]", + "nls": {}, + "uiConfig": { + "isFilteringEnabled": false, + "isTimeRangeEnabled": true, + "isRefreshEnabled": true + }, + "dataConfig": [], + "type": "normal", + "isFavorite": false, + "savedSearches": [ + { + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaavppmuczqhjds4grdjkr6oouwhvu75kzytp2cgufgo662hienu2ya", + "displayName": "Successful Logins", + "providerId": "log-analytics", + "providerVersion": "3.0.0", + "providerName": "Logging Analytics", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "isOobSavedSearch": false, + "description": "Successful Logins", + "nls": {}, + "type": "WIDGET_SHOW_IN_DASHBOARD", + "uiConfig": { + "timeSelection": { + "timePeriod": "l24hr" + }, + "showTitle": true, + "visualizationType": "table", + "visualizationOptions": {}, + "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' = sso.session.create.success | fields -*, -'Log Source', Time as Date, 'Identity Domain', 'User Name' as Login, 'Event ID' as Result, Provider", + "scopeFilters": { + "filters": [ + { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaa53uu2d7z77v44jhvjsinojzsxjroeutt3ty5wqhp46izfg4o7pda", + "label": "orasenatdpltsecitom02 (root)" + } + ] + }, + { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, + { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea" + }, + "values": [] + }, + { + "type": "LogSet", + "flags": {}, + "values": [] + }, + { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "label": "obs_mgmt_comp" + } + ] + }, + { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "us-phoenix-1" + } + ] + } + ], + "isGlobal": false, + "LogGroup": { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaa53uu2d7z77v44jhvjsinojzsxjroeutt3ty5wqhp46izfg4o7pda", + "label": "orasenatdpltsecitom02 (root)" + } + ] + }, + "MetricCompartment": { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, + "Entity": { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea" + }, + "values": [] + }, + "LogSet": { + "type": "LogSet", + "flags": {}, + "values": [] + }, + "ResourceCompartment": { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "label": "obs_mgmt_comp" + } + ] + }, + "Region": { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "us-phoenix-1" + } + ] + } + }, + "vizType": "lxSavedSearchWidgetType", + "enableWidgetInApp": true + }, + "dataConfig": [], + "screenImage": " ", + "metadataVersion": "2.0", + "widgetTemplate": "visualizations/chartWidgetTemplate.html", + "widgetVM": "visualizations/chartWidget", + "freeformTags": {}, + "definedTags": {}, + "parametersConfig": [ + { + "name": "log-analytics-log-group-compartment", + "displayName": "Log Group Compartment", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-4a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-4a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-entity", + "displayName": "Entity", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-2a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-2a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-log-set", + "displayName": "Log Set", + "required": true, + "hidden": "$(window.logSetNotEnabled)", + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-3a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-3a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-region", + "displayName": "Region", + "required": false, + "defaultFilterIds": [ + "OOBSS-management-dashboard-region-filter" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-region-filter" + } + }, + "valueFormat": { + "type": "array" + } + }, + { + "name": "time", + "displayName": "$(bundle.globalSavedSearch.TIME)", + "required": true, + "hidden": true + }, + { + "name": "flex" + } + ], + "featuresConfig": { + "crossService": { + "shared": true + } + }, + "drilldownConfig": [] + }, + { + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaa2b6uowbs57aveb5jaienyrnamkw4sl4dbja3meclfrg3adczhn6q", + "displayName": "Unsuccessful Logins", + "providerId": "log-analytics", + "providerVersion": "3.0.0", + "providerName": "Logging Analytics", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "isOobSavedSearch": false, + "description": "Unsuccessful Logins", + "nls": {}, + "type": "WIDGET_SHOW_IN_DASHBOARD", + "uiConfig": { + "timeSelection": { + "timePeriod": "l7day" + }, + "showTitle": true, + "visualizationType": "table", + "visualizationOptions": {}, + "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' = sso.authentication.failure | fields -*, -'Log Source', Time as Date, 'Identity Domain', 'Security Actor Display Name' as User, 'Event ID' as Result, Comment as Comments", + "scopeFilters": { + "filters": [ + { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaa53uu2d7z77v44jhvjsinojzsxjroeutt3ty5wqhp46izfg4o7pda", + "label": "orasenatdpltsecitom02 (root)" + } + ] + }, + { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, + { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea" + }, + "values": [] + }, + { + "type": "LogSet", + "flags": {}, + "values": [] + }, + { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "label": "obs_mgmt_comp" + } + ] + }, + { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "US West (Phoenix)" + } + ] + } + ], + "isGlobal": false, + "LogGroup": { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaa53uu2d7z77v44jhvjsinojzsxjroeutt3ty5wqhp46izfg4o7pda", + "label": "orasenatdpltsecitom02 (root)" + } + ] + }, + "MetricCompartment": { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, + "Entity": { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea" + }, + "values": [] + }, + "LogSet": { + "type": "LogSet", + "flags": {}, + "values": [] + }, + "ResourceCompartment": { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "label": "obs_mgmt_comp" + } + ] + }, + "Region": { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "US West (Phoenix)" + } + ] + } + }, + "vizType": "lxSavedSearchWidgetType", + "enableWidgetInApp": true + }, + "dataConfig": [], + "screenImage": " ", + "metadataVersion": "2.0", + "widgetTemplate": "visualizations/chartWidgetTemplate.html", + "widgetVM": "visualizations/chartWidget", + "freeformTags": {}, + "definedTags": {}, + "parametersConfig": [ + { + "name": "log-analytics-log-group-compartment", + "displayName": "Log Group Compartment", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-4a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-4a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-entity", + "displayName": "Entity", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-2a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-2a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-log-set", + "displayName": "Log Set", + "required": true, + "hidden": "$(window.logSetNotEnabled)", + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-3a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-3a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-region", + "displayName": "Region", + "required": false, + "defaultFilterIds": [ + "OOBSS-management-dashboard-region-filter" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-region-filter" + } + }, + "valueFormat": { + "type": "array" + } + }, + { + "name": "time", + "displayName": "$(bundle.globalSavedSearch.TIME)", + "required": true, + "hidden": true + }, + { + "name": "flex" + } + ], + "featuresConfig": { + "crossService": { + "shared": true + } + }, + "drilldownConfig": [] + }, + { + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaa5uhcsv7naj7plaeda3fc2ykc2ufojzbjs6llaoe7euffnzk7ymgq", + "displayName": "Application Role Assignment", + "providerId": "log-analytics", + "providerVersion": "3.0.0", + "providerName": "Logging Analytics", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "isOobSavedSearch": false, + "description": "Application Role Assignment", + "nls": {}, + "type": "WIDGET_SHOW_IN_DASHBOARD", + "uiConfig": { + "timeSelection": { + "numUnits": 3, + "units": "MONTHS", + "timePeriod": "relative" + }, + "showTitle": true, + "visualizationType": "table", + "visualizationOptions": {}, + "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' in (admin.approle.add.member.success, admin.approle.remove.member.success) | fields -*, -'Log Source', Time as Date, 'Identity Domain', 'Security Actor Display Name' as Approver, Program as 'Application Name', 'Destination Resource' as Beneficiary, 'Destination Resource Type' as 'User/Group', Resource as 'Application Role Name'", + "scopeFilters": { + "filters": [ + { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaa53uu2d7z77v44jhvjsinojzsxjroeutt3ty5wqhp46izfg4o7pda", + "label": "orasenatdpltsecitom02 (root)" + } + ] + }, + { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, + { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea" + }, + "values": [] + }, + { + "type": "LogSet", + "flags": {}, + "values": [] + }, + { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "label": "obs_mgmt_comp" + } + ] + }, + { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "US West (Phoenix)" + } + ] + } + ], + "isGlobal": false, + "LogGroup": { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaa53uu2d7z77v44jhvjsinojzsxjroeutt3ty5wqhp46izfg4o7pda", + "label": "orasenatdpltsecitom02 (root)" + } + ] + }, + "MetricCompartment": { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, + "Entity": { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea" + }, + "values": [] + }, + "LogSet": { + "type": "LogSet", + "flags": {}, + "values": [] + }, + "ResourceCompartment": { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "label": "obs_mgmt_comp" + } + ] + }, + "Region": { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "US West (Phoenix)" + } + ] + } + }, + "vizType": "lxSavedSearchWidgetType", + "enableWidgetInApp": true + }, + "dataConfig": [], + "screenImage": " ", + "metadataVersion": "2.0", + "widgetTemplate": "visualizations/chartWidgetTemplate.html", + "widgetVM": "visualizations/chartWidget", + "freeformTags": {}, + "definedTags": {}, + "parametersConfig": [ + { + "name": "log-analytics-log-group-compartment", + "displayName": "Log Group Compartment", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-4a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-4a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-entity", + "displayName": "Entity", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-2a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-2a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-log-set", + "displayName": "Log Set", + "required": true, + "hidden": "$(window.logSetNotEnabled)", + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-3a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-3a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-region", + "displayName": "Region", + "required": false, + "defaultFilterIds": [ + "OOBSS-management-dashboard-region-filter" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-region-filter" + } + }, + "valueFormat": { + "type": "array" + } + }, + { + "name": "time", + "displayName": "$(bundle.globalSavedSearch.TIME)", + "required": true, + "hidden": true + }, + { + "name": "flex" + } + ], + "featuresConfig": { + "crossService": { + "shared": true + } + }, + "drilldownConfig": [] + }, + { + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaavokfycbue5nzpuajhim2i577ub75irun26vco3jjs2tv67jvk4na", + "displayName": "Application Access", + "providerId": "log-analytics", + "providerVersion": "3.0.0", + "providerName": "Logging Analytics", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "isOobSavedSearch": false, + "description": "Application Access", + "nls": {}, + "type": "WIDGET_SHOW_IN_DASHBOARD", + "uiConfig": { + "timeSelection": { + "timePeriod": "l24hr" + }, + "showTitle": true, + "visualizationType": "table", + "visualizationOptions": {}, + "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' in (sso.session.create.success, sso.authentication.failure, sso.session.modify.success) | fields -*, -'Log Source', Time as Date, 'Identity Domain', 'Security Actor Display Name' as User, 'User Name' as Login, 'Event ID' as 'Success/Failure', Application, 'Application ID'", + "scopeFilters": { + "filters": [ + { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaa53uu2d7z77v44jhvjsinojzsxjroeutt3ty5wqhp46izfg4o7pda", + "label": "orasenatdpltsecitom02 (root)" + } + ] + }, + { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, + { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea" + }, + "values": [] + }, + { + "type": "LogSet", + "flags": {}, + "values": [] + }, + { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "label": "obs_mgmt_comp" + } + ] + }, + { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "US West (Phoenix)" + } + ] + } + ], + "isGlobal": false, + "LogGroup": { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaa53uu2d7z77v44jhvjsinojzsxjroeutt3ty5wqhp46izfg4o7pda", + "label": "orasenatdpltsecitom02 (root)" + } + ] + }, + "MetricCompartment": { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, + "Entity": { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea" + }, + "values": [] + }, + "LogSet": { + "type": "LogSet", + "flags": {}, + "values": [] + }, + "ResourceCompartment": { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "label": "obs_mgmt_comp" + } + ] + }, + "Region": { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "US West (Phoenix)" + } + ] + } + }, + "vizType": "lxSavedSearchWidgetType", + "enableWidgetInApp": true + }, + "dataConfig": [], + "screenImage": " ", + "metadataVersion": "2.0", + "widgetTemplate": "visualizations/chartWidgetTemplate.html", + "widgetVM": "visualizations/chartWidget", + "freeformTags": {}, + "definedTags": {}, + "parametersConfig": [ + { + "name": "log-analytics-log-group-compartment", + "displayName": "Log Group Compartment", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-4a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-4a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-entity", + "displayName": "Entity", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-2a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-2a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-log-set", + "displayName": "Log Set", + "required": true, + "hidden": "$(window.logSetNotEnabled)", + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-3a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-3a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-region", + "displayName": "Region", + "required": false, + "defaultFilterIds": [ + "OOBSS-management-dashboard-region-filter" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-region-filter" + } + }, + "valueFormat": { + "type": "array" + } + }, + { + "name": "time", + "displayName": "$(bundle.globalSavedSearch.TIME)", + "required": true, + "hidden": true + }, + { + "name": "flex" + } + ], + "featuresConfig": { + "crossService": { + "shared": true + } + }, + "drilldownConfig": [] + }, + { + "id": "ocid1.managementsavedsearch.oc1..aaaaaaaanaa7kmxkfbi2s3xeymrdprlekdk7j35chs5hsybaolimv4v3tjwq", + "displayName": "Audit Log", + "providerId": "log-analytics", + "providerVersion": "3.0.0", + "providerName": "Logging Analytics", + "compartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "isOobSavedSearch": false, + "description": "Audit Log", + "nls": {}, + "type": "WIDGET_SHOW_IN_DASHBOARD", + "uiConfig": { + "timeSelection": { + "timePeriod": "l24hr" + }, + "showTitle": true, + "visualizationType": "table", + "visualizationOptions": {}, + "queryString": "'Log Source' = 'OCI Audit Logs' and 'Event ID' in (sso.app.access.success, sso.app.access.failure, sso.session.create.success, sso.authentication.failure, sso.session.delete.success, admin.user.create.success, admin.user.activated.success, admin.user.deactivated.success, admin.user.update.success, admin.user.delete.success, admin.user.password.reset.success, admin.me.password.reset.success, admin.me.password.change.success, admin.policy.create.success, admin.rule.create.success, admin.policy.update.success, admin.rule.update.success, admin.passwordpolicy.create.success, admin.passwordpolicy.update.success, admin.grant.create.success, admin.grant.delete.success, admin.group.create.success, admin.group.add.member.success, admin.group.remove.member.success, admin.group.delete.success, admin.app.create.success, admin.app.update.success, admin.app.delete.success, admin.app.activated.success, admin.app.deactivated.success, notification.delivery.success, notification.delivery.failure, sso.auth.factor.initiated, sso.bypasscode.create.success) | fields -*, -'Log Source', Time as Date, 'Identity Domain', 'User Name' as Actor, 'Event ID', 'Event Description', 'Event Source' as Target", + "scopeFilters": { + "filters": [ + { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaa53uu2d7z77v44jhvjsinojzsxjroeutt3ty5wqhp46izfg4o7pda", + "label": "orasenatdpltsecitom02 (root)" + } + ] + }, + { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, + { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea" + }, + "values": [] + }, + { + "type": "LogSet", + "flags": {}, + "values": [] + }, + { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "label": "obs_mgmt_comp" + } + ] + }, + { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "US West (Phoenix)" + } + ] + } + ], + "isGlobal": false, + "LogGroup": { + "type": "LogGroup", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.tenancy.oc1..aaaaaaaa53uu2d7z77v44jhvjsinojzsxjroeutt3ty5wqhp46izfg4o7pda", + "label": "orasenatdpltsecitom02 (root)" + } + ] + }, + "MetricCompartment": { + "type": "MetricCompartment", + "flags": {}, + "values": [] + }, + "Entity": { + "type": "Entity", + "flags": { + "IncludeDependents": true, + "ScopeCompartmentId": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea" + }, + "values": [] + }, + "LogSet": { + "type": "LogSet", + "flags": {}, + "values": [] + }, + "ResourceCompartment": { + "type": "ResourceCompartment", + "flags": { + "IncludeSubCompartments": true + }, + "values": [ + { + "value": "ocid1.compartment.oc1..aaaaaaaallhcqvvf6go3nougmrhmggmukucyjq3q6ikzkfc7hyjjc5h5ctea", + "label": "obs_mgmt_comp" + } + ] + }, + "Region": { + "type": "Region", + "flags": {}, + "values": [ + { + "value": "us-phoenix-1", + "label": "US West (Phoenix)" + } + ] + } + }, + "vizType": "lxSavedSearchWidgetType", + "enableWidgetInApp": true + }, + "dataConfig": [], + "screenImage": " ", + "metadataVersion": "2.0", + "widgetTemplate": "visualizations/chartWidgetTemplate.html", + "widgetVM": "visualizations/chartWidget", + "freeformTags": {}, + "definedTags": {}, + "parametersConfig": [ + { + "name": "log-analytics-log-group-compartment", + "displayName": "Log Group Compartment", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-4a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-4a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-entity", + "displayName": "Entity", + "required": true, + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-2a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-2a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-log-set", + "displayName": "Log Set", + "required": true, + "hidden": "$(window.logSetNotEnabled)", + "defaultFilterIds": [ + "OOBSS-management-dashboard-filter-3a" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-filter-3a" + } + }, + "valueFormat": { + "type": "object" + } + }, + { + "name": "log-analytics-region", + "displayName": "Region", + "required": false, + "defaultFilterIds": [ + "OOBSS-management-dashboard-region-filter" + ], + "editUi": { + "inputType": "savedSearch", + "filterTile": { + "filterId": "OOBSS-management-dashboard-region-filter" + } + }, + "valueFormat": { + "type": "array" + } + }, + { + "name": "time", + "displayName": "$(bundle.globalSavedSearch.TIME)", + "required": true, + "hidden": true + }, + { + "name": "flex" + } + ], + "featuresConfig": { + "crossService": { + "shared": true + } + }, + "drilldownConfig": [] + } + ], + "parametersConfig": [ + { + "savedSearchId": "OOBSS-management-dashboard-filter-4a", + "width": 4, + "state": "DEFAULT", + "parametersMap": { + "isStoreInLocalStorage": true + }, + "name": "log-analytics-loggroup-filter", + "localStorageKey": "log-analytics-loggroup-filter" + }, + { + "savedSearchId": "OOBSS-management-dashboard-filter-2a", + "width": 6, + "state": "DEFAULT", + "parametersMap": { + "isStoreInLocalStorage": true + }, + "name": "log-analytics-entity-filter", + "localStorageKey": "log-analytics-entity-filter" + }, + { + "savedSearchId": "OOBSS-management-dashboard-region-filter", + "width": 2, + "state": "DEFAULT", + "parametersMap": { + "isStoreInLocalStorage": true + }, + "name": "regionFilter", + "localStorageKey": "regionFilter" + }, + { + "name": "time", + "displayName": "$(bundle.globalSavedSearch.TIME)", + "src": "$(context.time)" + } + ], + "featuresConfig": { + "crossService": { + "shared": true + }, + "serviceTypes": [ + "log-analytics", + "management-dashboard" + ], + "dependencies": [ + { + "libProviderId": "management-dashboard", + "version": "1.88.1" + } + ] + }, + "drilldownConfig": [], + "freeformTags": {}, + "definedTags": {} + } + ] +} \ No newline at end of file diff --git a/knowlege-content/iam-domain-audit/log-sources/omc_ociAuditLogSource_1726864185327.zip b/knowlege-content/iam-domain-audit/log-sources/omc_ociAuditLogSource_1726864185327.zip new file mode 100644 index 0000000000000000000000000000000000000000..c547e92883272ca7045327afe2c2c482ad3ed1e0 GIT binary patch literal 1516 zcmWIWW@Zs#;Nak3*tXatk^u>D1KG*>c_pcNC3+RPIZq?*7e6u+sC&Nt!;6i3A31nD zka*0~x+GQYdJ3Oa?TTnOb^Qf%bbsp1bg=q+fA^-18yhFcT;FYH!r!?xw)XzN3t3Ao z!dDw?m?ogD=h|=bD*Xu4!6oO9?s2c1d*{yu#c7v9ewa*Ps&ertdU|b6wB_<7g;utO zx-9~$+{L2YV{g~h)T}u@V-v$GpSEukvaB3*J91;Lh?_)YpSu$A`$&@Hfh`a6uifAF zDx<~F`GUaDBGHpO?yq>PE}9cNeNEu{%V*CYt(;`?_gnDpy*XRu#7?sxZLO&YTHPMu zwCL;3xOkhoD3`U~|4e3YPqF^=a?8cMxH7%y-g7^1`!z=xg|M$J$exyJnLP6dPtQ(c zyZ^n%m=+tet^LUVEB1z#bK09X>UP&(WN&-L`bPIpifp6y)skb(1#d3JtTTI}#r5Ks z_>-ddY|7eCH%{=dEQ<_#(VS%1Z}MqZd8X4EM+M>gQk{`LQ~QLMO_o??vDDP^oJa3< zFXtC#GP{51aW*QRO4HwwzS1vMD}3+rjfV`LJboLJnPzR-=HFIeZLws^uWrTpL5~lc z2-b+b%2aqR#XMbKkNv35*41l%?l3sBGw!7{U!#4Cr1+g9i;}+Vt2n+*eq~dLaw?y_ zNB!FyS5KykB?zf)xTMGFsA@ruSIWa<|2&t8Wvk08MQ!?BUIj5e zyfO9Xt4T@BbKmAKb9x$efuHfm&9>9*PkH2g4{rCE;67y%vt-+g&7VB3EB|%TFE}7+ z+H$Su6GQfbcXKBxujhI{wdm>0oQ*z7MNdRSNv!imIBRX-y9vMK(QtP?>8R zZ*A>4 zl~k0326$&N8}i)!En?T;e<4=WWVVjeE}erGn~Xa8RFh9P?yP-lA$;Opt)qYZp{_O0 z+@l!R$bSnLs$l$;Gx3YYX%oF;b3V4QN?w@bv@$|2QbFGBg88!Op#7&7MZf#_{@4N) zn;`Znp$a^&-UL2b|5Q#P=5YbDMt|RC#q_RoOfT8Av)v~N`5o}O^Kjk!5T$oP$-1|# zD|ZTNTXcVqn^{mf$K-6u)E$=51uxnCUUtU+jcVAmx%gJhhW%OR_-ER*w|q_d#|ZNH zR@Ta(gCK7)f;`U1B*K6wW|0F0RLr6Rq(T>6BeJ2OFhhVGU>GApFu