Merge pull request #1 from microsoft/master

Getting latest from the main fork

Azure Services/Azure Monitor/Workbooks/Antimalware Assessment.json

@@ -1,18 +1,6 @@
 {
   "version": "Notebook/1.0",
   "items": [
-    {
-      "type": 1,
-      "content": {
-        "json": "** Author **\r\n[Bruno Gabrielli](mailto:bruno.gabrielli@microsoft.com)\r\n\r\n** Version 1.1 **\r\n2020-09-24\r\n- Added default selected value to Subscription, Workspace and Server parameters.\r\n\r\n** Version 1.0 **\r\n2020-06-17\r\n - Initial version\r\n\r\nReference link for ProtectionStatusRank and ThreatStatusRank:\r\n[http://diogenes63.rssing.com/chan-9384353/latest.php](http://diogenes63.rssing.com/chan-9384353/latest.php)"
-      },
-      "conditionalVisibility": {
-        "parameterName": "_",
-        "comparison": "isEqualTo",
-        "value": "_"
-      },
-      "name": "text - 0"
-    },
     {
       "type": 1,
       "content": {
@@ -24,61 +12,24 @@
       "type": 9,
       "content": {
         "version": "KqlParameterItem/1.0",
+        "crossComponentResources": [
+          "{Workspaces}"
+        ],
         "parameters": [
           {
-            "id": "4288fdd0-f0bf-464f-8e5a-254b303a846b",
-            "version": "KqlParameterItem/1.0",
-            "name": "DefaultWorkspace",
-            "type": 5,
-            "isRequired": true,
-            "value": "value::1",
-            "isHiddenWhenLocked": true,
-            "typeSettings": {
-              "resourceTypeFilter": {
-                "microsoft.operationalinsights/workspaces": true
-              },
-              "additionalResourceOptions": [
-                "value::1"
-              ]
-            }
-          },
-          {
-            "id": "a46832ff-ac1b-4cad-a57b-bcb8c3e1bf0b",
-            "version": "KqlParameterItem/1.0",
-            "name": "ContextFree",
-            "type": 1,
-            "query": "{\"version\":\"1.0.0\",\"content\":\"\\\"{DefaultWorkspace}\\\"\",\"transformers\":null}",
-            "isHiddenWhenLocked": true,
-            "queryType": 8
-          },
-          {
-            "id": "d882a725-07ff-48ea-8b7d-9210610c46e4",
+            "id": "6928a6d5-54a2-46aa-b940-f4056c59e55f",
             "version": "KqlParameterItem/1.0",
-            "name": "Selection",
+            "name": "DefaultSubscription_Internal",
             "type": 1,
-            "query": "where type =~ 'microsoft.operationalinsights/workspaces'\r\n| extend match = strcat(\"'\", id, \"'\") =~ \"{DefaultWorkspace:value}\"\r\n| order by match desc, name asc\r\n| take 1\r\n| project value = tostring(pack('sub', subscriptionId, 'rg', resourceGroup, 'ws', id))",
+            "isRequired": true,
+            "query": "where type =~ 'microsoft.operationalinsights/workspaces'\r\n| take 1\r\n| project subscriptionId",
             "crossComponentResources": [
               "value::selected"
             ],
             "isHiddenWhenLocked": true,
             "queryType": 1,
             "resourceType": "microsoft.resourcegraph/resources"
-          }
-        ],
-        "style": "pills",
-        "queryType": 0,
-        "resourceType": "microsoft.operationalinsights/workspaces"
-      },
-      "name": "parameters - 2"
-    },
-    {
-      "type": 9,
-      "content": {
-        "version": "KqlParameterItem/1.0",
-        "crossComponentResources": [
-          "{Workspaces}"
-        ],
-        "parameters": [
+          },
           {
             "id": "df4c53c0-b444-435e-a2f2-7fec0eec89a5",
             "version": "KqlParameterItem/1.0",
@@ -88,7 +39,7 @@
             "multiSelect": true,
             "quote": "'",
             "delimiter": ",",
-            "query": "summarize by subscriptionId\r\n| project value = strcat('/subscriptions/', subscriptionId), label = subscriptionId, selected = iff(subscriptionId =~ todynamic('{Selection}').sub, true, false)",
+            "query": "summarize by subscriptionId\r\n| project value = strcat(\"/subscriptions/\", subscriptionId), label = subscriptionId, selected = iff(subscriptionId =~ '{DefaultSubscription_Internal}', true, false)",
             "crossComponentResources": [
               "value::selected"
             ],
@@ -115,7 +66,7 @@
             "multiSelect": true,
             "quote": "'",
             "delimiter": ",",
-            "query": "where type =~ 'microsoft.operationalinsights/workspaces'\r\n| project id, selected = iff(id =~ todynamic('{Selection}').ws, true, false), custId= properties.customerId",
+            "query": "where type =~ 'microsoft.operationalinsights/workspaces'\r\n| project id, selected = iff(id =~ todynamic('{DefaultSubscription_Internal}').ws, true, false), custId= properties.customerId",
             "crossComponentResources": [
               "{Subscriptions}"
             ],
@@ -140,7 +91,7 @@
             "type": 4,
             "isRequired": true,
             "value": {
-              "durationMs": 1209600000
+              "durationMs": 7776000000
             },
             "typeSettings": {
               "selectableValues": [
@@ -218,7 +169,10 @@
             "timeContextFromParameter": "TimeRange",
             "defaultValue": "value::all",
             "queryType": 0,
-            "resourceType": "microsoft.operationalinsights/workspaces"
+            "resourceType": "microsoft.operationalinsights/workspaces",
+            "value": [
+              "value::all"
+            ]
           },
           {
             "id": "eb816ef5-bf7a-47bd-bbeb-82528e255f9d",
@@ -233,13 +187,27 @@
             "value": null,
             "isHiddenWhenLocked": true,
             "typeSettings": {
-              "additionalResourceOptions": []
+              "additionalResourceOptions": [],
+              "showDefault": false
             },
             "timeContext": {
-              "durationMs": 86400000
+              "durationMs": 0
             },
+            "timeContextFromParameter": "TimeRange",
             "queryType": 0,
             "resourceType": "microsoft.operationalinsights/workspaces"
+          },
+          {
+            "id": "821c0787-9c27-4396-a991-2e291ee40995",
+            "version": "KqlParameterItem/1.0",
+            "name": "Help",
+            "label": "Show Help",
+            "type": 10,
+            "isRequired": true,
+            "typeSettings": {
+              "additionalResourceOptions": []
+            },
+            "jsonData": "[\r\n  { \"value\": \"Yes\", \"label\": \"Yes\"},\r\n  { \"value\": \"No\", \"label\": \"No\", \"selected\":true },\r\n  { \"value\": \"ChangeLog\", \"label\": \"Change Log\"}\r\n]"
           }
         ],
         "style": "pills",
@@ -248,6 +216,34 @@
       },
       "name": "parameters - 3"
     },
+    {
+      "type": 1,
+      "content": {
+        "json": ">** Author **\r\n>[Bruno Gabrielli](mailto:bruno.gabrielli@microsoft.com)\r\n>\r\n>** Version 1.2 **\r\n>2020-12-10\r\n>* Added the Show Help parameter. You can select if you wish to see help for initial configuration (Get Started part) or if you wich to see the this Change Log.\r\n>* Added GetStarted section with documentation to follow to enable Diagnostic Settings for log collection.\r\n>\r\n** Version 1.1 **\r\n>2020-09-24\r\n>- Added default selected value to Subscription, Workspace and Server parameters.\r\n>\r\n>** Version 1.0 **\r\n>2020-06-17\r\n> - Initial version\r\n>\r\n>Reference link for ProtectionStatusRank and ThreatStatusRank:\r\n>[http://diogenes63.rssing.com/chan-9384353/latest.php](http://diogenes63.rssing.com/chan-9384353/latest.php)"
+      },
+      "conditionalVisibility": {
+        "parameterName": "Help",
+        "comparison": "isEqualTo",
+        "value": "ChangeLog"
+      },
+      "customWidth": "66",
+      "name": "changeLog",
+      "styleSettings": {
+        "showBorder": true
+      }
+    },
+    {
+      "type": 1,
+      "content": {
+        "json": "# Get Started #\r\n\r\n-------------------------\r\n\r\nWelcome to the Antimalware Management workbook. This workbook is designed to to ease the report on Virtual Machine protection by product, by protection status as well as other details organized in tabs about unprotected computers. You can select single or multiple virtual machine, subscriptions and workspaces. You can also select a time range with the most common pattern or custom interval.\r\n\r\n## Requirements ##\r\n\r\n* A [Log Analytics workspace.](https://docs.microsoft.com/en-us/azure/azure-monitor/platform/design-logs-deployment?WT.mc_id=Portal-fx)\r\n\r\n* Use of [Antimalware Assessment](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/microsoft.antimalwareoms?tab=overview)\r\n\r\n"
+      },
+      "conditionalVisibility": {
+        "parameterName": "Help",
+        "comparison": "isEqualTo",
+        "value": "Yes"
+      },
+      "name": "getStarted"
+    },
     {
       "type": 1,
       "content": {
@@ -347,27 +343,31 @@
         "style": "tabs",
         "links": [
           {
+            "id": "72606d8b-4185-4c2d-b72f-edad39eb76a3",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
             "linkLabel": "Unprotected Computers",
             "subTarget": "Unprotected",
             "style": "link"
           },
           {
+            "id": "421ffc48-3157-45ad-93f2-a2e3d60ce7a1",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
             "linkLabel": "Protected Computers",
             "subTarget": "Protected",
             "style": "link"
           },
           {
+            "id": "bc73ad97-507d-47e8-b14f-ee160d5d41cc",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
             "linkLabel": "Threated Computers",
             "subTarget": "Threated",
             "style": "link"
           },
           {
+            "id": "65193755-5edb-465c-856e-50ef58a2f075",
             "cellValue": "selectedTab",
             "linkTarget": "parameter",
             "linkLabel": "Not Reporting Computers",
@@ -1403,4 +1403,4 @@
     "Azure Monitor"
   ],
   "$schema": "https://github.com/Microsoft/Application-Insights-Workbooks/blob/master/schema/workbook.json"
-}
+}