Created
May 25, 2024 00:48
-
-
Save piaudonn/4e9808fb082bf3f1be903d92c8d7d551 to your computer and use it in GitHub Desktop.
List and export Hunting queries
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "version": "Notebook/1.0", | |
| "items": [ | |
| { | |
| "type": 9, | |
| "content": { | |
| "version": "KqlParameterItem/1.0", | |
| "parameters": [ | |
| { | |
| "id": "01c4696f-3534-431f-abc6-2c62798620e0", | |
| "version": "KqlParameterItem/1.0", | |
| "name": "Sentinel", | |
| "type": 5, | |
| "isRequired": true, | |
| "typeSettings": { | |
| "resourceTypeFilter": { | |
| "microsoft.operationalinsights/workspaces": true | |
| }, | |
| "additionalResourceOptions": [], | |
| "showDefault": false | |
| } | |
| }, | |
| { | |
| "id": "fab30982-33f2-44cd-aa4e-d2bfe98d6c4d", | |
| "version": "KqlParameterItem/1.0", | |
| "name": "Category", | |
| "label": "Filter category", | |
| "type": 2, | |
| "isRequired": true, | |
| "typeSettings": { | |
| "additionalResourceOptions": [], | |
| "showDefault": false | |
| }, | |
| "jsonData": "[{ \"value\": \"@.properties.category=='Hunting Queries'\", \"label\": \"Hunting Queries only\", \"selected\":true },{ \"value\": \"@.properties.category=='Hunt Queries'\", \"label\": \"Hunt Queries only\" },{ \"value\": \"@.properties.category=='Hunting Queries' || @.properties.category=='Hunt Queries'\", \"label\": \"Both\" }]", | |
| "timeContext": { | |
| "durationMs": 86400000 | |
| } | |
| } | |
| ], | |
| "style": "pills", | |
| "queryType": 0, | |
| "resourceType": "microsoft.operationalinsights/workspaces" | |
| }, | |
| "name": "Params" | |
| }, | |
| { | |
| "type": 3, | |
| "content": { | |
| "version": "KqlItem/1.0", | |
| "query": "{\"version\":\"ARMEndpoint/1.0\",\"data\":null,\"headers\":[],\"method\":\"GET\",\"path\":\"{Sentinel:id}/savedSearches/\",\"urlParams\":[{\"key\":\"api-version\",\"value\":\"2023-09-01\"}],\"batchDisabled\":false,\"transformers\":[{\"type\":\"jsonpath\",\"settings\":{\"tablePath\":\"$.value[?({Category})].properties\",\"columns\":[{\"path\":\"$.category\",\"columnid\":\"Category\",\"columnType\":\"string\"},{\"path\":\"$.displayName\",\"columnid\":\"Name\",\"columnType\":\"string\"},{\"path\":\"$.query\",\"columnid\":\"Query\",\"columnType\":\"string\"}]}}]}", | |
| "size": 0, | |
| "title": "List all hunting queries", | |
| "showRefreshButton": true, | |
| "exportedParameters": [ | |
| { | |
| "fieldName": "Query", | |
| "parameterName": "KQLQuery", | |
| "parameterType": 1 | |
| }, | |
| { | |
| "fieldName": "Name", | |
| "parameterName": "QueryName", | |
| "parameterType": 1 | |
| } | |
| ], | |
| "showExportToExcel": true, | |
| "queryType": 12, | |
| "gridSettings": { | |
| "formatters": [ | |
| { | |
| "columnMatch": "Query", | |
| "formatter": 0, | |
| "formatOptions": { | |
| "customColumnWidthSetting": "250ch" | |
| } | |
| }, | |
| { | |
| "columnMatch": "Tactics", | |
| "formatter": 0, | |
| "formatOptions": { | |
| "customColumnWidthSetting": "33ch" | |
| } | |
| } | |
| ], | |
| "rowLimit": 750, | |
| "filter": true, | |
| "sortBy": [ | |
| { | |
| "itemKey": "Name", | |
| "sortOrder": 1 | |
| } | |
| ] | |
| }, | |
| "sortBy": [ | |
| { | |
| "itemKey": "Name", | |
| "sortOrder": 1 | |
| } | |
| ] | |
| }, | |
| "name": "ListQueries" | |
| } | |
| ], | |
| "fromTemplateId": "sentinel-UserWorkbook", | |
| "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment