Sign-in activity monitoring.json

{"version":18,"variables":[{"key":"Product","visible":true,"type":"query","version":1,"editable":true,"input":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| summarize values=collectDistinct(cloud.provider)\n| fields result=if(arraySize(values) > 0, values, else:\"None\")","multiple":true,"defaultValue":["3420b2ac-f1cf-4b24-b62d-61ba1ba8ed05*"]},{"key":"Status","visible":true,"type":"query","version":1,"editable":true,"input":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| summarize values=collectDistinct(audit.result)\n| fields result=if(arraySize(values) > 0, values, else:\"None\")","multiple":true,"defaultValue":["3420b2ac-f1cf-4b24-b62d-61ba1ba8ed05*"]},{"key":"User","visible":true,"type":"query","version":1,"editable":true,"input":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| summarize values=collectDistinct(audit.identity)\n| fields result=if(arraySize(values) > 0, values, else:\"None\")","multiple":true,"defaultValue":["3420b2ac-f1cf-4b24-b62d-61ba1ba8ed05*"]},{"key":"User_Ip_Address","visible":true,"type":"query","version":1,"editable":true,"input":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| summarize values=collectDistinct(client.ip)\n| fields result=if(arraySize(values) > 0, values, else:\"None\")","multiple":true,"defaultValue":["3420b2ac-f1cf-4b24-b62d-61ba1ba8ed05*"]},{"key":"Browser","visible":true,"type":"query","version":1,"editable":true,"input":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| summarize values=collectDistinct(browser.name)\n| fields result=if(arraySize(values) > 0, values, else:\"None\")","multiple":true,"defaultValue":["3420b2ac-f1cf-4b24-b62d-61ba1ba8ed05*"]},{"key":"Device_OS","visible":true,"type":"query","version":1,"editable":true,"input":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| summarize values=collectDistinct(device.os.name)\n| fields result=if(arraySize(values) > 0, values, else:\"None\")","multiple":true,"defaultValue":["3420b2ac-f1cf-4b24-b62d-61ba1ba8ed05*"]},{"key":"Country","visible":true,"type":"query","version":1,"editable":true,"input":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| summarize values=collectDistinct(actor.geo.country.name)\n| fields result=if(arraySize(values) > 0, values, else:\"None\")","multiple":true,"defaultValue":["3420b2ac-f1cf-4b24-b62d-61ba1ba8ed05*"]},{"key":"City","visible":true,"type":"query","version":1,"editable":true,"input":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| summarize values=collectDistinct(actor.geo.city.name)\n| fields result=if(arraySize(values) > 0, values, else:\"None\")","multiple":true,"defaultValue":["3420b2ac-f1cf-4b24-b62d-61ba1ba8ed05*"]},{"key":"Target_Service","visible":true,"type":"query","version":1,"editable":true,"input":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| summarize values=collectDistinct(object.name)\n| fields result=if(arraySize(values) > 0, values, else:\"None\")","multiple":true,"defaultValue":["3420b2ac-f1cf-4b24-b62d-61ba1ba8ed05*"]},{"key":"Result_Code","visible":true,"type":"query","version":1,"editable":true,"input":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| summarize values=collectDistinct(result.code)\n| fields result=if(arraySize(values) > 0, values, else:\"None\")","multiple":true,"defaultValue":["3420b2ac-f1cf-4b24-b62d-61ba1ba8ed05*"]},{"key":"Client_Application","visible":true,"type":"query","version":1,"editable":true,"input":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| summarize values=collectDistinct(client.app.name)\n| fields result=if(arraySize(values) > 0, values, else:\"None\")","multiple":true,"defaultValue":["3420b2ac-f1cf-4b24-b62d-61ba1ba8ed05*"]}],"tiles":{"0":{"title":"Last 50 sign-in attempts","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| sort timestamp desc\n| fields Time=audit.time, `Result message`=result.message, `Result code`=result.code, `Target service`=object.name,\n         User=audit.identity, `Client application`=client.app.name, Browser=browser.name, \n         `Client IP`=client.ip, City=actor.geo.city.name\n| sort Time desc\n| limit 50","visualization":"table","visualizationSettings":{"thresholds":[{"id":1,"field":"Result message","title":"","isEnabled":true,"rules":[{"id":0,"color":{"Default":"var(--dt-colors-charts-categorical-color-09-default, #649438)"},"comparator":"=","label":"","value":"Success"},{"id":1,"color":{"Default":"var(--dt-colors-charts-loglevel-emergency-default, #ae132d)"},"comparator":"!=","label":"","value":"Success"}]}],"chartSettings":{"xAxisScaling":"auto","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"Time,Result message,Target service,User,Client application,Browser,Client IP,City","valueAxisLabel":"Result code","tooltipVariant":"single"},"colorPalette":"categorical","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":["actor.geo.location.lat","actor.geo.location.lon","dt.active_gate.debug.event.id"],"xAxisLabel":"Time","xAxisIsLabelVisible":false,"leftYAxisSettings":{},"fieldMapping":{"timestamp":"Time","leftAxisValues":["Result code"]}},"singleValue":{"showLabel":true,"label":"timestamp","prefixIcon":"","recordField":"timestamp","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{"[\"content\"]":394,"[\"Result code\"]":140.06},"columnTypeOverrides":[{"fields":[],"id":1732021936784,"value":"log-content"}],"enableThresholdInRow":false,"sortBy":{"columnId":"[\"timestamp\"]","direction":"descending"}},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["audit.identity","client.app.name","client.ip","result.code","result.message","browser.name","device.id","actor.geo.city.name","object.name"],"dataMappings":{"value":"audit.identity"},"colorMode":"color-palette","colorPalette":"categorical"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[],"variant":"single","displayedFields":["User","Client IP","Result code","Result message","Browser","City"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"timestamp","displayedFields":["timestamp","audit.identity","client.app.name","client.ip","result.code","browser.name","device.id","actor.geo.city.name","content"]},"tooltip":{}},"querySettings":{"maxResultRecords":100000,"defaultScanLimitGbytes":50000,"maxResultMegaBytes":1000,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-30d","to":"now()"},"tileTimeframeEnabled":false}},"3":{"title":"Sign-in activity outcomes over time","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| makeTimeseries {\n  Success = countIf(audit.result==\"Succeeded\", default:0),\n  Failure = countIf(audit.result!=\"Succeeded\", default:0)\n}, time:audit.time","visualization":"barChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"auto","gapPolicy":"connect","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"smooth","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"interval","valueAxisLabel":"interval","tooltipVariant":"single"},"colorPalette":"categorical","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":["interval","actor.geo.location.lat","actor.geo.location.lon","dt.active_gate.debug.event.id","location.geoCoordinates.latitude","location.geoCoordinates.longitude","status.errorCode"],"seriesOverrides":[{"seriesId":["Success"],"override":{"color":{"Default":"var(--dt-colors-charts-categorical-color-09-default, #649438)"}}},{"seriesId":["Failure"],"override":{"color":{"Default":"var(--dt-colors-charts-categorical-color-12-default, #cd3741)"}}}],"xAxisLabel":"timeframe","xAxisIsLabelVisible":false,"leftYAxisSettings":{}},"singleValue":{"showLabel":true,"label":"client.app.name","prefixIcon":"","recordField":"client.app.name","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","sparklineSettings":{"record":"Failure"}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{"[\"audit.time\"]":267.96875},"columnTypeOverrides":[{"fields":["content"],"id":1738323155327,"value":"log-content"}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":[],"dataMappings":{},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"interval","rangeAxis":""}],"variant":"single","displayedFields":[]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"interval"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"countryCode":"actor.geo.country.name","dimension":"timestamp","displayedFields":["interval"],"value":"interval","longitude":"interval"},"tooltip":{"showCustomFields":false}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-30d","to":"now()"},"tileTimeframeEnabled":false}},"17":{"title":"Successful sign-in rate","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize tot = count(), success = countIf(audit.result==\"Succeeded\")\n| fields rate = round(toDouble(success)/toDouble(tot) * 100, decimals:2)","visualization":"singleValue","visualizationSettings":{"thresholds":[{"id":1,"field":"rate","title":"","isEnabled":true,"rules":[{"id":0,"color":{"Default":"var(--dt-colors-charts-status-ideal-default, #2f6863)"},"comparator":"≥","label":"","value":0},{"id":1,"color":{"Default":"var(--dt-colors-charts-status-warning-default, #eca440)"},"comparator":"≥","label":""},{"id":2,"color":{"Default":"var(--dt-colors-charts-status-critical-default, #c4233b)"},"comparator":"≥","label":""}]}],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"rate","valueAxisLabel":"rate","tooltipVariant":"single"},"colorPalette":"categorical","valueRepresentation":"absolute","truncationMode":"middle"},"singleValue":{"showLabel":false,"label":"rate","prefixIcon":"SuccessIcon","recordField":"rate","autoscale":true,"alignment":"center","trend":{"trendType":"auto","upward":{"Default":"var(--dt-colors-charts-diverging-red-green-color-10-default, #2a7453)"},"downward":{"Default":"var(--dt-colors-charts-diverging-red-blue-color-02-default, #ae132d)"},"neutral":{"Default":"var(--dt-colors-charts-diverging-red-blue-color-10-default, #134fc9)"},"isVisible":true,"isRelative":true,"isLabelVisible":false,"label":"","trendField":"rate"},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":[],"dataMappings":{},"colorMode":"color-palette","colorPalette":"categorical"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"rate","rangeAxis":""}],"variant":"single","displayedFields":[]},"valueBoundaries":{"min":"auto","max":"auto"},"label":{"showLabel":true,"label":"rate"},"icon":{"showIcon":false,"icon":""},"autoSelectVisualization":false,"dataMapping":{"displayedFields":["rate"],"value":"rate","longitude":"rate"},"tooltip":{"showCustomFields":false},"min":"auto","max":"auto","colorModeType":{"color":{"Default":"var(--dt-colors-charts-categorical-color-09-default, #649438)"},"customNumericColors":[]},"unitsOverrides":[{"identifier":"rate","unitCategory":"percentage","baseUnit":"percent","displayUnit":null,"decimals":0,"suffix":"","delimiter":false,"added":1740394240096}]},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-30d","to":"now()"},"tileTimeframeEnabled":false}},"18":{"title":"Failed sign-in rate","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize tot = count(), failure = countIf(audit.result!=\"Succeeded\")\n| fields rate = round(toDouble(failure)/toDouble(tot) * 100, decimals:2)","visualization":"singleValue","visualizationSettings":{"thresholds":[{"id":1,"field":"rate","title":"","isEnabled":true,"rules":[{"id":0,"color":{"Default":"var(--dt-colors-charts-status-ideal-default, #2f6863)"},"comparator":"≥","label":""},{"id":1,"color":{"Default":"var(--dt-colors-charts-status-warning-default, #eca440)"},"comparator":"≥","label":""},{"id":2,"color":{"Default":"var(--dt-colors-charts-status-critical-default, #c4233b)"},"comparator":"≥","label":"","value":0}]}],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"rate","valueAxisLabel":"rate","tooltipVariant":"single"},"colorPalette":"categorical","valueRepresentation":"absolute","truncationMode":"middle"},"singleValue":{"showLabel":false,"label":"rate","prefixIcon":"WarningFailedIcon","recordField":"rate","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":[],"dataMappings":{},"colorMode":"color-palette","colorPalette":"categorical"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"rate","rangeAxis":""}],"variant":"single","displayedFields":[]},"valueBoundaries":{"min":"auto","max":"auto"},"label":{"showLabel":false,"label":"rate"},"icon":{"showIcon":false,"icon":""},"autoSelectVisualization":false,"dataMapping":{"displayedFields":["rate"],"value":"rate","longitude":"rate"},"tooltip":{"showCustomFields":false},"unitsOverrides":[{"identifier":"rate","unitCategory":"percentage","baseUnit":"percent","displayUnit":null,"decimals":0,"suffix":"","delimiter":false,"added":1740394259596}]},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-30d","to":"now()"},"tileTimeframeEnabled":false}},"22":{"title":"Top 10 sign-in devices","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize { Success = countIf(audit.result==\"Succeeded\"), Failure = countIf(audit.result!=\"Succeeded\") }, by:{Browser=browser.name, OS=device.os.name}\n| sort Success+Failure desc\n| limit 10","visualization":"categoricalBarChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{"Success":{"color":{"Default":"var(--dt-colors-charts-apdex-excellent-default, #2a7453)"},"added":7472395.699999999},"Failure":{"color":{"Default":"var(--dt-colors-charts-loglevel-emergency-default, #ae132d)"},"added":7476565.299999999}},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"Browser,OS","valueAxisLabel":"Success,Failure","tooltipVariant":"single","categoryAxis":["Browser","OS"],"valueAxis":["Success","Failure"]},"colorPalette":"categorical","valueRepresentation":"absolute","truncationMode":"middle","legend":{"hidden":false},"xAxisLabel":"timestamp","xAxisIsLabelVisible":false,"hiddenLegendFields":["actor.geo.city","actor.geo.country","browser","client.app","device","device.os","object","actor.geo.location.lat","actor.geo.location.lon","dt.active_gate.debug.event.id"],"leftYAxisSettings":{}},"singleValue":{"showLabel":false,"label":"count()","prefixIcon":"BandChartIcon","recordField":"count()","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["content"],"id":1740391229074,"value":"log-content"}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["browser.name","device.os.name"],"dataMappings":{"value":"count"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"Success","rangeAxis":""},{"valueAxis":"Failure","rangeAxis":""}],"variant":"single","displayedFields":["Browser","OS"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"count"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"browser.name","displayedFields":["browser.name","device.os.name","count"],"value":"count","longitude":"count"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}}},"25":{"type":"markdown","content":"## Top sign-in activity breakdown\nThis section provides a breakdown of the top 10 locations, target services, client applications, devices, and users with sign-in activity."},"36":{"title":"Top 10 users by failed sign-in attempts","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter audit.result!=\"Succeeded\"\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize {Failures = count(), `Client applications` = collectDistinct(client.app.name), `IPs` = collectDistinct(client.ip)}, by:{User=audit.identity}\n| sort Failures desc\n| limit 10","visualization":"table","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"User,Client applications,IPs","valueAxisLabel":"Failures","tooltipVariant":"single"},"colorPalette":"blue-steel","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":[]},"singleValue":{"showLabel":true,"label":"client.app.name","prefixIcon":"","recordField":"client.app.name","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{"[\"Failures\"]":87.28},"columnTypeOverrides":[],"sortBy":{"columnId":"[\"Client applications\"]","direction":"ascending"}},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["audit.identity"],"dataMappings":{"value":"failureCount"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"Failures","rangeAxis":""}],"variant":"single","displayedFields":["User"]},"valueBoundaries":{"min":"auto","max":"auto"},"label":{"showLabel":false,"label":"failureCount"},"icon":{"showIcon":false,"icon":""},"autoSelectVisualization":false,"dataMapping":{"dimension":"audit.identity","displayedFields":["audit.identity","failureCount"],"value":"failureCount","longitude":"failureCount"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-7d","to":"now()"},"tileTimeframeEnabled":false}},"45":{"title":"Top 10 IP addresses by failed sign-in attempts","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter audit.result!=\"Succeeded\"\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize {Failures = count(), Users = collectDistinct(audit.identity), \n            `Target services` = collectDistinct(client.app.name)}, by:{`Client IP`=client.ip, City=actor.geo.city.name}\n| sort Failures desc\n| limit 10","visualization":"table","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"Client IP,City,Users,Target services","valueAxisLabel":"Failures","tooltipVariant":"single"},"colorPalette":"blue-steel","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":[]},"singleValue":{"showLabel":true,"label":"client.app.name","prefixIcon":"","recordField":"client.app.name","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":true,"lineWrapIds":[["users"]],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{"[\"City\"]":112.05,"[\"Failures\"]":104.28,"[\"Users\"]":231.84,"[\"Target services\"]":298.44,"[\"Client IP\"]":144.69},"columnTypeOverrides":[]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["client.ip"],"dataMappings":{"value":"failureCount"},"colorMode":"color-palette","colorPalette":"blue","min":null,"max":null},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"Failures","rangeAxis":""}],"variant":"single","displayedFields":["Client IP"]},"valueBoundaries":{"min":"auto","max":"auto"},"label":{"showLabel":false,"label":"failureCount"},"icon":{"showIcon":false,"icon":""},"autoSelectVisualization":false,"dataMapping":{"dimension":"client.ip","displayedFields":["client.ip","failureCount"],"value":"failureCount","longitude":"failureCount"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-7d","to":"now()"},"tileTimeframeEnabled":false}},"50":{"title":"Multi-factor authentication rate","description":"Percentage of sign-in attempts using multi-factor authentication mechanisms.","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize {tot = count(), mfaCount = countIf(authentication.is_multifactor == true)}\n| fields rate = round(toDouble(mfaCount)/toDouble(tot) * 100, decimals:2)","visualization":"singleValue","visualizationSettings":{"thresholds":[{"id":1,"field":"rate","title":"","isEnabled":true,"rules":[{"id":0,"color":{"Default":"var(--dt-colors-charts-categorical-color-01-default, #134fc9)"},"comparator":"≥","label":"","value":0},{"id":1,"color":{"Default":"var(--dt-colors-charts-status-warning-default, #eca440)"},"comparator":"≥","label":""},{"id":2,"color":{"Default":"var(--dt-colors-charts-status-critical-default, #c4233b)"},"comparator":"≥","label":""}]}],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"connect","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"rate","valueAxisLabel":"rate","tooltipVariant":"single"},"colorPalette":"categorical","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":[],"seriesOverrides":[{"seriesId":["totalCount"],"override":{"color":{"Default":"var(--dt-colors-charts-categorical-color-01-default, #134fc9)"}}},{"seriesId":["successCount"],"override":{"color":{"Default":"var(--dt-colors-charts-categorical-color-09-default, #649438)"}}},{"seriesId":["failureCount"],"override":{"color":{"Default":"var(--dt-colors-charts-categorical-color-12-default, #cd3741)"}}}]},"singleValue":{"showLabel":false,"label":"rate","prefixIcon":"SecurityResolvedIcon","recordField":"rate","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":[],"dataMappings":{},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"rate","rangeAxis":""}],"variant":"single","displayedFields":[]},"valueBoundaries":{"min":"auto","max":"auto"},"label":{"showLabel":false,"label":"tot"},"icon":{"showIcon":false,"icon":""},"autoSelectVisualization":false,"dataMapping":{"displayedFields":["rate"],"value":"tot","longitude":"rate"},"tooltip":{"showCustomFields":false},"unitsOverrides":[{"identifier":"rate","unitCategory":"percentage","baseUnit":"percent","displayUnit":null,"decimals":0,"suffix":"","delimiter":false,"added":1740394270654}]},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-30d","to":"now()"},"tileTimeframeEnabled":false}},"52":{"title":"Sign-in error list by number of failed attempts","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter audit.result!=\"Succeeded\"\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| filterOut result.details == \"\" or isFalseOrNull(result.details)\n| summarize {\n  Failures = count(),\n  Users = collectDistinct(audit.identity),\n  `Client applications` = collectDistinct(client.app.name),\n  IPs = collectDistinct(client.ip)\n}, by:{Code=result.code, Message=result.details}\n| sort {Failures,direction:\"descending\"}","visualization":"table","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"Message,Users,Client applications,IPs","valueAxisLabel":"Code,Failures","tooltipVariant":"single"},"colorPalette":"blue-steel","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":[]},"singleValue":{"showLabel":true,"label":"client.app.name","prefixIcon":"","recordField":"client.app.name","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":true,"lineWrapIds":[["Code"],["Message"],["Failures"],["Users"],["Client applications"],["IPs"]],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{"[\"error\"]":514.0625,"[\"errorMsg\"]":312.0625,"[\"Users\"]":392,"[\"Client applications\"]":397,"[\"Code\"]":129.63,"[\"Failures\"]":111.31},"columnTypeOverrides":[]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["errorMsg"],"dataMappings":{"value":"failureCount"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"Failures","rangeAxis":""}],"variant":"single","displayedFields":["Code","Message"]},"valueBoundaries":{"min":"auto","max":"auto"},"label":{"showLabel":false,"label":"failureCount"},"icon":{"showIcon":false,"icon":""},"autoSelectVisualization":false,"dataMapping":{"dimension":"errorMsg","displayedFields":["errorMsg","failureCount"],"value":"failureCount","longitude":"failureCount"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-7d","to":"now()"},"tileTimeframeEnabled":false}},"54":{"type":"markdown","content":"# Sign-in activity monitoring\n\nThis dashboard is designed to provide a comprehensive overview of user sign-in activities within your cloud environments. "},"61":{"title":"Total sign-in attempts by country","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize count = count(), \n  by:{actor.geo.city.name, actor.geo.country.name, \n      actor.geo.location.lon, actor.geo.location.lat}","visualization":"choropleth","visualizationSettings":{"autoSelectVisualization":false,"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"actor.geo.city.name,actor.geo.country.name","valueAxisLabel":"actor.geo.location.lon,actor.geo.location.lat,count","tooltipVariant":"single"},"colorPalette":"blue-steel","valueRepresentation":"absolute","truncationMode":"middle","xAxisLabel":"timestamp","xAxisIsLabelVisible":false,"hiddenLegendFields":["geo.city","geo.country","actor.geo.city","actor.geo.country","browser","client.app","device","device.os","object","actor.geo.location.lat","actor.geo.location.lon","dt.active_gate.debug.event.id"],"leftYAxisSettings":{}},"singleValue":{"showLabel":false,"label":"count()","prefixIcon":"BandChartIcon","recordField":"count()","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["content"],"id":1740388899349,"value":"log-content"}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["actor.geo.city.name","actor.geo.country.name"],"dataMappings":{"value":"count"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"actor.geo.location.lon","rangeAxis":""},{"valueAxis":"actor.geo.location.lat","rangeAxis":""},{"valueAxis":"count","rangeAxis":""}],"variant":"single","displayedFields":["actor.geo.city.name","actor.geo.country.name"]},"valueBoundaries":{"min":"auto","max":"auto"},"label":{"showLabel":false,"label":"count"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"countryCode":"actor.geo.country.name","dimension":"count","displayedFields":["actor.geo.city.name","actor.geo.country.name"],"value":"count","longitude":"actor.geo.location.lon","latitude":"actor.geo.location.lat","radius":"count"},"tooltip":{"showCustomFields":true},"mapView":{"defaultZoom":"world","longitude":0,"latitude":0,"zoom":0},"legend":{"showLegend":true,"position":"auto"}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}}},"63":{"title":"Top 10 client applications","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize { Success = countIf(audit.result==\"Succeeded\"), Failure = countIf(audit.result!=\"Succeeded\") }, by:{Application=client.app.name}\n| sort Success+Failure desc\n| limit 10","visualization":"categoricalBarChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{"Success":{"color":{"Default":"var(--dt-colors-charts-apdex-excellent-default, #2a7453)"},"added":7472395.699999999},"Failure":{"color":{"Default":"var(--dt-colors-charts-loglevel-emergency-default, #ae132d)"},"added":7476565.299999999}},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"Application","valueAxisLabel":"Success,Failure","tooltipVariant":"single","categoryAxis":["Application"],"valueAxis":["Success","Failure"]},"colorPalette":"categorical","valueRepresentation":"absolute","truncationMode":"middle","legend":{"hidden":false},"xAxisLabel":"timestamp","xAxisIsLabelVisible":false,"hiddenLegendFields":["actor.geo.city","actor.geo.country","browser","client.app","device","device.os","object","actor.geo.location.lat","actor.geo.location.lon","dt.active_gate.debug.event.id"],"leftYAxisSettings":{}},"singleValue":{"showLabel":false,"label":"count()","prefixIcon":"BandChartIcon","recordField":"count()","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["content"],"id":1740391229074,"value":"log-content"}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["browser.name","device.os.name"],"dataMappings":{"value":"count"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"Success","rangeAxis":""},{"valueAxis":"Failure","rangeAxis":""}],"variant":"single","displayedFields":["Application"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"count"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"browser.name","displayedFields":["browser.name","device.os.name","count"],"value":"count","longitude":"count"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}}},"67":{"title":"Top 10 sign-in locations","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize { Success = countIf(audit.result==\"Succeeded\"), Failure = countIf(audit.result!=\"Succeeded\") }, by:{City=actor.geo.city.name, Country=actor.geo.country.name}\n| sort Success+Failure desc\n| limit 10","visualization":"categoricalBarChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{"Success":{"color":{"Default":"var(--dt-colors-charts-apdex-excellent-default, #2a7453)"},"added":7472395.699999999},"Failure":{"color":{"Default":"var(--dt-colors-charts-loglevel-emergency-default, #ae132d)"},"added":7476565.299999999}},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"City,Country","valueAxisLabel":"Success,Failure","tooltipVariant":"single","categoryAxis":["City","Country"],"valueAxis":["Success","Failure"]},"colorPalette":"categorical","valueRepresentation":"absolute","truncationMode":"middle","legend":{"hidden":false},"xAxisLabel":"timestamp","xAxisIsLabelVisible":false,"hiddenLegendFields":["actor.geo.city","actor.geo.country","browser","client.app","device","device.os","object","actor.geo.location.lat","actor.geo.location.lon","dt.active_gate.debug.event.id"],"leftYAxisSettings":{}},"singleValue":{"showLabel":false,"label":"count()","prefixIcon":"BandChartIcon","recordField":"count()","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["content"],"id":1740391229074,"value":"log-content"}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["browser.name","device.os.name"],"dataMappings":{"value":"count"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"Success","rangeAxis":""},{"valueAxis":"Failure","rangeAxis":""}],"variant":"single","displayedFields":["City","Country"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"count"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"browser.name","displayedFields":["browser.name","device.os.name","count"],"value":"count","longitude":"count"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}}},"68":{"title":"Top 10 target services","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize { Success = countIf(audit.result==\"Succeeded\"), Failure = countIf(audit.result!=\"Succeeded\") }, by:{`Target Service`=object.name}\n| sort Failure desc\n| limit 10","visualization":"categoricalBarChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{"Success":{"color":{"Default":"var(--dt-colors-charts-apdex-excellent-default, #2a7453)"},"added":2494872.8999999985},"Failure":{"color":{"Default":"var(--dt-colors-charts-loglevel-emergency-default, #ae132d)"},"added":2498217.700000003}},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"single-color","categoryAxisLabel":"Target Service","valueAxisLabel":"Success,Failure","tooltipVariant":"single","categoryAxis":["Target Service"],"valueAxis":["Success","Failure"]},"colorPalette":"categorical","valueRepresentation":"absolute","truncationMode":"middle","legend":{"hidden":false},"xAxisLabel":"timestamp","xAxisIsLabelVisible":false,"hiddenLegendFields":["actor.geo.city","actor.geo.country","browser","client.app","device","device.os","object","actor.geo.location.lat","actor.geo.location.lon","dt.active_gate.debug.event.id"],"leftYAxisSettings":{}},"singleValue":{"showLabel":false,"label":"count()","prefixIcon":"BandChartIcon","recordField":"count()","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["content"],"id":1740391229074,"value":"log-content"}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["browser.name","device.os.name"],"dataMappings":{"value":"count"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"Success","rangeAxis":""},{"valueAxis":"Failure","rangeAxis":""}],"variant":"single","displayedFields":["Target Service"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"count"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"browser.name","displayedFields":["browser.name","device.os.name","count"],"value":"count","longitude":"count"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}}},"69":{"title":"Top 10 sign-in users","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize { Success = countIf(audit.result==\"Succeeded\"), Failure = countIf(audit.result!=\"Succeeded\") }, by:{User=audit.identity}\n| sort Success+Failure desc\n| limit 10","visualization":"categoricalBarChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{"Success":{"color":{"Default":"var(--dt-colors-charts-apdex-excellent-default, #2a7453)"},"added":7472395.699999999},"Failure":{"color":{"Default":"var(--dt-colors-charts-loglevel-emergency-default, #ae132d)"},"added":7476565.299999999}},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"User","valueAxisLabel":"Success,Failure","tooltipVariant":"single","categoryAxis":["User"],"valueAxis":["Success","Failure"]},"colorPalette":"categorical","valueRepresentation":"absolute","truncationMode":"middle","legend":{"hidden":false},"xAxisLabel":"timestamp","xAxisIsLabelVisible":false,"hiddenLegendFields":["actor.geo.city","actor.geo.country","browser","client.app","device","device.os","object","actor.geo.location.lat","actor.geo.location.lon","dt.active_gate.debug.event.id"],"leftYAxisSettings":{}},"singleValue":{"showLabel":false,"label":"count()","prefixIcon":"BandChartIcon","recordField":"count()","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["content"],"id":1740391229074,"value":"log-content"}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["browser.name","device.os.name"],"dataMappings":{"value":"count"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"Success","rangeAxis":""},{"valueAxis":"Failure","rangeAxis":""}],"variant":"single","displayedFields":["User"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"count"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"browser.name","displayedFields":["browser.name","device.os.name","count"],"value":"count","longitude":"count"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}}},"70":{"title":"Failed sign-in attempts by target service over time","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter audit.result!=\"Succeeded\"\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| makeTimeseries count(default:0), by:{`Target Service`=object.name}, time:audit.time","visualization":"areaChart","visualizationSettings":{"thresholds":[{"id":1,"field":"","title":"","isEnabled":true,"rules":[{"id":0,"color":{"Default":"var(--dt-colors-charts-status-ideal-default, #2f6863)"},"comparator":"≥","label":""},{"id":1,"color":{"Default":"var(--dt-colors-charts-status-warning-default, #eca440)"},"comparator":"≥","label":""},{"id":2,"color":{"Default":"var(--dt-colors-charts-status-critical-default, #c4233b)"},"comparator":"≥","label":""}]}],"chartSettings":{"xAxisScaling":"auto","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"smooth","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"Target Service","valueAxisLabel":"interval","tooltipVariant":"single"},"colorPalette":"log-level","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":["interval"],"seriesOverrides":[],"xAxisLabel":"timeframe","xAxisIsLabelVisible":false,"leftYAxisSettings":{},"fieldMapping":{"timestamp":"timeframe","leftAxisValues":["count(default:0)"]}},"singleValue":{"showLabel":true,"label":"client.app.name","prefixIcon":"","recordField":"client.app.name","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","sparklineSettings":{"record":"count(default:0)"}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["count(default:0)"],"value":"sparkline","id":1738323473914}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["client.app.name"],"dataMappings":{"value":"client.app.name"},"colorMode":"color-palette","colorPalette":"categorical"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"interval","rangeAxis":""}],"variant":"single","displayedFields":["Target Service"]},"valueBoundaries":{"min":"auto","max":"auto"},"label":{"showLabel":false,"label":"interval"},"icon":{"showIcon":false,"icon":""},"autoSelectVisualization":false,"dataMapping":{"dimension":"interval","displayedFields":[],"value":"interval","longitude":"interval"},"tooltip":{"showCustomFields":false}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-7d","to":"now()"},"tileTimeframeEnabled":false}},"71":{"title":"Top 10 sign-in IPs","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize { Success = countIf(audit.result==\"Succeeded\"), Failure = countIf(audit.result!=\"Succeeded\") }, by:{IP=client.ip}\n| sort Success+Failure desc\n| limit 10","visualization":"categoricalBarChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{"Success":{"color":{"Default":"var(--dt-colors-charts-apdex-excellent-default, #2a7453)"},"added":7472395.699999999},"Failure":{"color":{"Default":"var(--dt-colors-charts-loglevel-emergency-default, #ae132d)"},"added":7476565.299999999}},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"IP","valueAxisLabel":"Success,Failure","tooltipVariant":"single","categoryAxis":["IP"],"valueAxis":["Success","Failure"]},"colorPalette":"categorical","valueRepresentation":"absolute","truncationMode":"middle","legend":{"hidden":false},"xAxisLabel":"timestamp","xAxisIsLabelVisible":false,"hiddenLegendFields":["actor.geo.city","actor.geo.country","browser","client.app","device","device.os","object","actor.geo.location.lat","actor.geo.location.lon","dt.active_gate.debug.event.id"],"leftYAxisSettings":{}},"singleValue":{"showLabel":false,"label":"count()","prefixIcon":"BandChartIcon","recordField":"count()","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["content"],"id":1740391229074,"value":"log-content"}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["browser.name","device.os.name"],"dataMappings":{"value":"count"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"Success","rangeAxis":""},{"valueAxis":"Failure","rangeAxis":""}],"variant":"single","displayedFields":["IP"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"count"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"browser.name","displayedFields":["browser.name","device.os.name","count"],"value":"count","longitude":"count"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}}},"72":{"title":"Failed sign-in attempts by actor location over time","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter audit.result!=\"Succeeded\"\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| makeTimeseries count(default:0), by:{City=actor.geo.city.name, Country=actor.geo.country.name}, time:audit.time","visualization":"areaChart","visualizationSettings":{"thresholds":[{"id":1,"field":"","title":"","isEnabled":true,"rules":[{"id":0,"color":{"Default":"var(--dt-colors-charts-status-ideal-default, #2f6863)"},"comparator":"≥","label":""},{"id":1,"color":{"Default":"var(--dt-colors-charts-status-warning-default, #eca440)"},"comparator":"≥","label":""},{"id":2,"color":{"Default":"var(--dt-colors-charts-status-critical-default, #c4233b)"},"comparator":"≥","label":""}]}],"chartSettings":{"xAxisScaling":"auto","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"smooth","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"City,Country","valueAxisLabel":"interval","tooltipVariant":"single"},"colorPalette":"purple-rain","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":["interval"],"seriesOverrides":[],"xAxisLabel":"timeframe","xAxisIsLabelVisible":false,"leftYAxisSettings":{},"fieldMapping":{"timestamp":"timeframe","leftAxisValues":["count(default:0)"]}},"singleValue":{"showLabel":true,"label":"client.app.name","prefixIcon":"","recordField":"client.app.name","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","sparklineSettings":{"record":"count(default:0)"}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["count(default:0)"],"value":"sparkline","id":1738323473914}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["client.app.name"],"dataMappings":{"value":"client.app.name"},"colorMode":"color-palette","colorPalette":"categorical"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"interval","rangeAxis":""}],"variant":"single","displayedFields":["City","Country"]},"valueBoundaries":{"min":"auto","max":"auto"},"label":{"showLabel":false,"label":"interval"},"icon":{"showIcon":false,"icon":""},"autoSelectVisualization":false,"dataMapping":{"dimension":"interval","displayedFields":[],"value":"interval","longitude":"interval"},"tooltip":{"showCustomFields":false}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-7d","to":"now()"},"tileTimeframeEnabled":false}},"73":{"title":"Failed sign-in attempts by client application over time","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter audit.result!=\"Succeeded\"\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| makeTimeseries count(default:0), by:{`Client application`=client.app.name}, time:audit.time","visualization":"areaChart","visualizationSettings":{"thresholds":[{"id":1,"field":"","title":"","isEnabled":true,"rules":[{"id":0,"color":{"Default":"var(--dt-colors-charts-status-ideal-default, #2f6863)"},"comparator":"≥","label":""},{"id":1,"color":{"Default":"var(--dt-colors-charts-status-warning-default, #eca440)"},"comparator":"≥","label":""},{"id":2,"color":{"Default":"var(--dt-colors-charts-status-critical-default, #c4233b)"},"comparator":"≥","label":""}]}],"chartSettings":{"xAxisScaling":"auto","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"smooth","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"Client application","valueAxisLabel":"interval","tooltipVariant":"single"},"colorPalette":"purple-rain","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":["interval"],"seriesOverrides":[],"xAxisLabel":"timeframe","xAxisIsLabelVisible":false,"leftYAxisSettings":{},"fieldMapping":{"timestamp":"timeframe","leftAxisValues":["count(default:0)"]}},"singleValue":{"showLabel":true,"label":"client.app.name","prefixIcon":"","recordField":"client.app.name","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","sparklineSettings":{"record":"count(default:0)"}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["count(default:0)"],"value":"sparkline","id":1738323473914}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["client.app.name"],"dataMappings":{"value":"client.app.name"},"colorMode":"color-palette","colorPalette":"categorical"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"interval","rangeAxis":""}],"variant":"single","displayedFields":["Client application"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"interval"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"interval","displayedFields":[],"value":"interval","longitude":"interval"},"tooltip":{"showCustomFields":false}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-7d","to":"now()"},"tileTimeframeEnabled":false}},"74":{"title":"Top 10 devices by failed sign-in attempts","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter audit.result!=\"Succeeded\"\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize {Failures = count(), `Client applications` = collectDistinct(client.app.name), `IPs` = collectDistinct(client.ip)}, by:{Browser=browser.name, OS=device.os.name}\n| sort Failures desc\n| limit 10","visualization":"table","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"Browser,OS,Client applications,IPs","valueAxisLabel":"Failures","tooltipVariant":"single"},"colorPalette":"blue-steel","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":[]},"singleValue":{"showLabel":true,"label":"client.app.name","prefixIcon":"","recordField":"client.app.name","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[],"sortBy":{"columnId":"[\"Client applications\"]","direction":"ascending"}},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["audit.identity"],"dataMappings":{"value":"failureCount"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"Failures","rangeAxis":""}],"variant":"single","displayedFields":["Browser","OS"]},"valueBoundaries":{"min":"auto","max":"auto"},"label":{"showLabel":false,"label":"failureCount"},"icon":{"showIcon":false,"icon":""},"autoSelectVisualization":false,"dataMapping":{"dimension":"audit.identity","displayedFields":["audit.identity","failureCount"],"value":"failureCount","longitude":"failureCount"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-7d","to":"now()"},"tileTimeframeEnabled":false}},"75":{"title":"Top 10 users performing single-factor authentication","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter authentication.is_multifactor == false\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize {count=count()}, by:{User=audit.identity}\n| sort count desc\n| limit 10","visualization":"categoricalBarChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"single-color","categoryAxisLabel":"User","valueAxisLabel":"count","tooltipVariant":"single","categoryAxis":["User"],"valueAxis":["count"],"isCategoryLabelVisible":true,"isValueLabelVisible":true},"colorPalette":"log-status","valueRepresentation":"absolute","truncationMode":"end","legend":{"hidden":true,"position":"right"},"xAxisLabel":"timestamp","xAxisIsLabelVisible":false,"hiddenLegendFields":["actor.geo.city","actor.geo.country","browser","client.app","device","device.os","object","actor.geo.location.lat","actor.geo.location.lon","dt.active_gate.debug.event.id"],"leftYAxisSettings":{}},"singleValue":{"showLabel":false,"label":"count()","prefixIcon":"BandChartIcon","recordField":"count()","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["content"],"id":1740391229074,"value":"log-content"}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["browser.name","device.os.name"],"dataMappings":{"value":"count"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"count","rangeAxis":""}],"variant":"single","displayedFields":["User"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"count"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"browser.name","displayedFields":["browser.name","device.os.name","count"],"value":"count","longitude":"count"},"tooltip":{},"unitsOverrides":[]},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}}},"76":{"title":"Single-factor authentication attempts by user over time","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter authentication.is_multifactor == false\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| makeTimeseries count(default:0), by:{User=audit.identity}, time:audit.time","visualization":"areaChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"auto","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"smooth","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"User","valueAxisLabel":"interval","tooltipVariant":"single"},"colorPalette":"purple-rain","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":[],"fieldMapping":{"timestamp":"timeframe","leftAxisValues":["count(default:0)"]},"xAxisLabel":"timeframe","xAxisIsLabelVisible":false,"leftYAxisSettings":{},"seriesOverrides":[],"legend":{"position":"right","hidden":false}},"singleValue":{"showLabel":true,"label":"client.app.name","prefixIcon":"","recordField":"client.app.name","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":true,"lineWrapIds":[["users"]],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["count(default:0)"],"value":"sparkline","id":1740757506835}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["client.ip"],"dataMappings":{"value":"failureCount"},"colorMode":"color-palette","colorPalette":"blue","min":null,"max":null},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"interval","rangeAxis":""}],"variant":"single","displayedFields":["User"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"failureCount"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"client.ip","displayedFields":["client.ip","failureCount"],"value":"failureCount","longitude":"failureCount"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-7d","to":"now()"},"tileTimeframeEnabled":false}},"78":{"title":"Single-factor authentication attempts by target service over time","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter authentication.is_multifactor == false\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| makeTimeseries count(default:0), by:{`Target Service`=object.name}, time:audit.time","visualization":"areaChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"auto","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"smooth","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxisLabel":"Target Service","valueAxisLabel":"interval","tooltipVariant":"single"},"colorPalette":"purple-rain","valueRepresentation":"absolute","truncationMode":"middle","hiddenLegendFields":[],"fieldMapping":{"timestamp":"timeframe","leftAxisValues":["count(default:0)"]},"xAxisLabel":"timeframe","xAxisIsLabelVisible":false,"leftYAxisSettings":{},"seriesOverrides":[],"legend":{"position":"right","hidden":false}},"singleValue":{"showLabel":true,"label":"client.app.name","prefixIcon":"","recordField":"client.app.name","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":true,"lineWrapIds":[["users"]],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["count(default:0)"],"value":"sparkline","id":1740757513007}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["client.ip"],"dataMappings":{"value":"Target Service"},"colorMode":"color-palette","colorPalette":"categorical","min":null,"max":null},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"interval","rangeAxis":""}],"variant":"single","displayedFields":["Target Service"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"failureCount"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"client.ip","displayedFields":["client.ip","failureCount"],"value":"failureCount","longitude":"failureCount"},"tooltip":{}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-7d","to":"now()"},"tileTimeframeEnabled":false}},"79":{"title":"Top 10 target services with single-factor authentication","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter authentication.is_multifactor == false\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| summarize {count=count()}, by:{`Target Service`=object.name}\n| sort count desc\n| limit 10","visualization":"categoricalBarChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative"},"categoryOverrides":{},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"single-color","categoryAxisLabel":"Target Service","valueAxisLabel":"count","tooltipVariant":"single","categoryAxis":["Target Service"],"valueAxis":["count"],"isCategoryLabelVisible":true,"isValueLabelVisible":true},"colorPalette":"log-status","valueRepresentation":"absolute","truncationMode":"end","legend":{"hidden":true,"position":"right"},"xAxisLabel":"timestamp","xAxisIsLabelVisible":false,"hiddenLegendFields":["actor.geo.city","actor.geo.country","browser","client.app","device","device.os","object","actor.geo.location.lat","actor.geo.location.lon","dt.active_gate.debug.event.id"],"leftYAxisSettings":{}},"singleValue":{"showLabel":false,"label":"count()","prefixIcon":"BandChartIcon","recordField":"count()","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[{"fields":["content"],"id":1740391229074,"value":"log-content"}]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":["browser.name","device.os.name"],"dataMappings":{"value":"count"},"colorMode":"color-palette","colorPalette":"blue"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"count","rangeAxis":""}],"variant":"single","displayedFields":["Target Service"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"count"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"browser.name","displayedFields":["browser.name","device.os.name","count"],"value":"count","longitude":"count"},"tooltip":{},"unitsOverrides":[]},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}}},"81":{"title":"Total sign-in actions","type":"data","query":"fetch logs\n| filter isNotNull(audit.action) and isNotNull(authentication.is_multifactor)\n| filter in(cloud.provider, array($Product)) and in(audit.result, array($Status)) and in(toString(result.code), array($Result_Code)) and in(actor.geo.country.name, array($Country)) and in(actor.geo.city.name, array($City)) and in(device.os.name, array($Device_OS)) and in(browser.name, array($Browser)) and in(client.app.name, array($Client_Application)) and in(audit.identity, array($User)) and in(client.ip, array($User_Ip_Address)) and in(object.name, array($Target_Service))\n| fieldsAdd status= if(audit.result==\"Succeeded\", \"Success\", else: \"Failure\")\n| summarize count(), by:{status}","visualization":"donutChart","visualizationSettings":{"thresholds":[],"chartSettings":{"xAxisScaling":"analyzedTimeframe","gapPolicy":"gap","circleChartSettings":{"groupingThresholdType":"relative","groupingThresholdValue":0,"valueType":"relative","showTotalValue":true},"categoryOverrides":{"Failure":{"color":{"Default":"var(--dt-colors-charts-loglevel-emergency-default, #ae132d)"},"added":3454184.6999999997},"Success":{"color":{"Default":"var(--dt-colors-charts-categorical-color-09-default, #649438)"},"added":3457208.1}},"curve":"linear","pointsDisplay":"auto","categoricalBarChartSettings":{"layout":"horizontal","categoryAxisTickLayout":"horizontal","scale":"absolute","groupMode":"stacked","colorPaletteMode":"multi-color","categoryAxis":["status"],"categoryAxisLabel":"status","valueAxis":["count()"],"valueAxisLabel":"count()","tooltipVariant":"single"},"colorPalette":"log-status","valueRepresentation":"absolute","truncationMode":"middle","legend":{}},"singleValue":{"showLabel":false,"label":"tot","prefixIcon":"BandChartIcon","recordField":"tot","autoscale":true,"alignment":"center","trend":{"trendType":"auto","isVisible":true},"colorThresholdTarget":"value","isIconVisible":true,"sparklineSettings":{}},"table":{"rowDensity":"condensed","enableSparklines":false,"hiddenColumns":[],"linewrapEnabled":false,"lineWrapIds":[],"monospacedFontEnabled":false,"monospacedFontColumns":[],"columnWidths":{},"columnTypeOverrides":[]},"honeycomb":{"shape":"hexagon","legend":{"hidden":false,"position":"auto"},"displayedFields":[],"dataMappings":{},"colorMode":"color-palette","colorPalette":"categorical"},"histogram":{"legend":"auto","yAxis":{"label":"Frequency","scale":"linear"},"colorPalette":"categorical","dataMappings":[{"valueAxis":"count()","rangeAxis":""}],"variant":"single","displayedFields":["status"]},"valueBoundaries":{"min":"auto","max":"auto"},"autoSelectVisualization":false,"label":{"showLabel":false,"label":"tot"},"icon":{"showIcon":false,"icon":""},"dataMapping":{"dimension":"tot","displayedFields":["tot"],"value":"tot","longitude":"tot"},"tooltip":{"showCustomFields":false},"legend":{"showLegend":false,"position":"auto","ratio":65}},"querySettings":{"maxResultRecords":1000,"defaultScanLimitGbytes":500,"maxResultMegaBytes":1,"defaultSamplingRatio":10,"enableSampling":false},"davis":{"enabled":false,"davisVisualization":{"isAvailable":true}},"timeframe":{"tileTimeframe":{"from":"now()-30d","to":"now()"},"tileTimeframeEnabled":false}}},"layouts":{"0":{"x":0,"y":15,"w":24,"h":8},"3":{"x":0,"y":2,"w":24,"h":4},"17":{"x":5,"y":6,"w":4,"h":3},"18":{"x":5,"y":9,"w":4,"h":3},"22":{"x":0,"y":39,"w":8,"h":7},"25":{"x":0,"y":23,"w":24,"h":2},"36":{"x":8,"y":53,"w":16,"h":7},"45":{"x":8,"y":60,"w":16,"h":7},"50":{"x":5,"y":12,"w":4,"h":3},"52":{"x":0,"y":81,"w":24,"h":12},"54":{"x":0,"y":0,"w":24,"h":2},"61":{"x":9,"y":6,"w":15,"h":9},"63":{"x":0,"y":46,"w":8,"h":7},"67":{"x":0,"y":32,"w":8,"h":7},"68":{"x":0,"y":25,"w":8,"h":7},"69":{"x":0,"y":53,"w":8,"h":7},"70":{"x":8,"y":25,"w":16,"h":7},"71":{"x":0,"y":60,"w":8,"h":7},"72":{"x":8,"y":32,"w":16,"h":7},"73":{"x":8,"y":39,"w":16,"h":7},"74":{"x":8,"y":46,"w":16,"h":7},"75":{"x":0,"y":67,"w":8,"h":7},"76":{"x":8,"y":67,"w":16,"h":7},"78":{"x":8,"y":74,"w":16,"h":7},"79":{"x":0,"y":74,"w":8,"h":7},"81":{"x":0,"y":6,"w":5,"h":9}},"importedWithCode":false,"settings":{"defaultTimeframe":{"value":{"from":"now()-2h","to":"now()"},"enabled":false}}}