Updated workbook metadata

Azure · Sep 30, 2024 · 0a5410c · 0a5410c
1 parent cf7f889
commit 0a5410c
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 4 deletions.
diff --git a/Solutions/Corelight/Workbooks/Corelight.json b/Solutions/Corelight/Workbooks/Corelight.json
@@ -1765,7 +1765,7 @@
                                     "type": 3,
                                     "content": {
                                       "version": "KqlItem/1.0",
-                                      "query": "union corelight_http,\r\ncorelight_conn,\r\ncorelight_dns,\r\ncorelight_ssl,\r\ncorelight_files\r\n| where ('*' in ({Sensor}) or sensor_name in ({Sensor}))\r\n| where id_resp_p == 23\r\n| summarize Count = count()\r\n",
+                                      "query": "union isfuzzy=true\r\ncorelight_http,\r\ncorelight_conn,\r\ncorelight_dns,\r\ncorelight_ssl,\r\ncorelight_files\r\n| where ('*' in ({Sensor}) or sensor_name in ({Sensor}))\r\n| where id_resp_p == 23\r\n| summarize Count = count()\r\n",
                                       "size": 3,
                                       "showAnalytics": true,
                                       "title": "Telnet Sessions",
@@ -1862,7 +1862,7 @@
                               "type": 3,
                               "content": {
                                 "version": "KqlItem/1.0",
-                                "query": "let interval_in_hrs= datetime_diff('hour', {GlobalTimeRestriction:end}, {GlobalTimeRestriction:start});\r\nlet interval_in_days= datetime_diff('day', {GlobalTimeRestriction:end}, {GlobalTimeRestriction:start});\r\nlet bin_duration=case(interval_in_hrs<=24, 1h, interval_in_days<=30, 1d, interval_in_days>=31 and interval_in_days<=90, 7d, 31d);\r\nunion corelight_http,\r\ncorelight_conn,\r\ncorelight_dns,\r\ncorelight_ssl,\r\ncorelight_files\r\n| where ('*' in ({Sensor}) or sensor_name in ({Sensor}))\r\n| where isnotempty(service) and service !in ('ssl', 'tls', 'dns', \"ssl,http\", \"http,ssl\")\r\n| make-series [\"Unencrypted Traffic Volume\"]=count() default = 0 on TimeGenerated from {GlobalTimeRestriction:start} to {GlobalTimeRestriction:end} step bin_duration by service",
+                                "query": "let interval_in_hrs= datetime_diff('hour', {GlobalTimeRestriction:end}, {GlobalTimeRestriction:start});\r\nlet interval_in_days= datetime_diff('day', {GlobalTimeRestriction:end}, {GlobalTimeRestriction:start});\r\nlet bin_duration=case(interval_in_hrs<=24, 1h, interval_in_days<=30, 1d, interval_in_days>=31 and interval_in_days<=90, 7d, 31d);\r\nunion isfuzzy=true\r\ncorelight_http,\r\ncorelight_conn,\r\ncorelight_dns,\r\ncorelight_ssl,\r\ncorelight_files\r\n| where ('*' in ({Sensor}) or sensor_name in ({Sensor}))\r\n| where isnotempty(service) and service !in ('ssl', 'tls', 'dns', \"ssl,http\", \"http,ssl\")\r\n| make-series [\"Unencrypted Traffic Volume\"]=count() default = 0 on TimeGenerated from {GlobalTimeRestriction:start} to {GlobalTimeRestriction:end} step bin_duration by service",
                                 "size": 2,
                                 "showAnalytics": true,
                                 "title": "Top Unencrypted Protocols Used",
@@ -1987,7 +1987,7 @@
                               "type": 3,
                               "content": {
                                 "version": "KqlItem/1.0",
-                                "query": "union corelight_http,\r\ncorelight_conn,\r\ncorelight_dns,\r\ncorelight_ssl,\r\ncorelight_files\r\n| where ('*' in ({Sensor}) or sensor_name in ({Sensor}))\r\n| where service == '{service}'\r\n",
+                                "query": "union isfuzzy=true\r\ncorelight_http,\r\ncorelight_conn,\r\ncorelight_dns,\r\ncorelight_ssl,\r\ncorelight_files\r\n| where ('*' in ({Sensor}) or sensor_name in ({Sensor}))\r\n| where service == '{service}'\r\n",
                                 "size": 0,
                                 "showAnalytics": true,
                                 "title": "Details of Top Unencrypted Protocols Used",

diff --git a/Workbooks/Images/Preview/CorelightWhite1.png b/Workbooks/Images/Preview/CorelightWhite1.png
diff --git a/Workbooks/Images/Preview/CorelightWhite3.png b/Workbooks/Images/Preview/CorelightWhite3.png
diff --git a/Workbooks/Images/Preview/CorelightWhite4.png b/Workbooks/Images/Preview/CorelightWhite4.png
diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json
@@ -3932,7 +3932,23 @@
 			"CorelightMainBlack1.png",
 			"CorelightMainWhite1.png",
 			"CorelightSoftwareBlack1.png",
-			"CorelightSoftwareWhite1.png"
+			"CorelightSoftwareWhite1.png",
+			"CorelightWhite1.png",
+			"CorelightWhite2.png",
+			"CorelightWhite3.png",
+			"CorelightWhite4.png",
+			"CorelightWhite5.png",
+			"CorelightWhite6.png",
+			"CorelightWhite7.png",
+			"CorelightWhite8.png",
+			"CorelightBlack1.png",
+			"CorelightBlack2.png",
+			"CorelightBlack3.png",
+			"CorelightBlack4.png",
+			"CorelightBlack5.png",
+			"CorelightBlack6.png",
+			"CorelightBlack7.png",
+			"CorelightBlack8.png"
 		],
 		"version": "1.0.0",
 		"title": "Corelight",