Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

ADD A NEW METRIC ENTRY

All Metric entries

Showing 878 of 878

Windows Server: Unknown ScreenConnect Fingerprints

Replace the "xxxxxxxxxxxxxxxx" with your known ScreenConnect fingerprints. You can add additional fingerprints as needed with more "contains" statements separated by "||". These fingerprints can be found via software inventory (Add/Remove Programs...
Noah Tatum about 2 months ago in Windows Server 2

Microsoft 365 : Malicious Application Consent - Padlet

This application has actively been used during account compromises to create a backup of the accounts mailbox.Create an actionable alert for this and audit all environments.
Jordan Docter 2 months ago in Microsoft 365 0

Internet Domain/DNS: DMARC present but set to "None

This metric will reveal if a domain has DMARC available but the action is set to None . Below are the possible outputs of the metric. No DMARC Found (self-explanatory) True = DMARC is present but the action is set to “none” False = The domain is n...
De'Shard Brown about 1 month ago in Internet Domain/DNS 0

Microsoft 365 : Malicious Application Consent - PerfectData

This application has actively been used during account compromises to create a backup of the accounts mailbox.Create an actionable alert for this and audit all environments.
Devon about 1 year ago in Microsoft 365 1

Windows Server: Free Space / Available Space in GB

This returns drive free space and total space, the others I saw did not work.
Dan Baker about 1 month ago in Windows Server 0

SonicWall: Active Licenses Expiring in 90 days

This metric works for Gen 7 firewalls and returns a list of all active licenses that are going to expire in the next 90 days.
Justin Penchina 4 months ago in SonicWall 0

Office 365: Stale Mailboxes

Lists active stale users that are licensed with a mailbox and haven't been active in 30 days.
Dominic Peterson 3 months ago in Microsoft 365 0

Google Workspace: Stale User List with Exclusions

This metric supports the RoarExclude group filter. The RoarExclude group filter will prevent alerts from triggering for users who are part of the RoarExclude group. To utilize this feature, you will need to create a Group named “RoarExclude” in th...
Michael Thompson 3 months ago in Google Workspace 0

Azure Active Directory: Days Since Last AADC Sync

Counts the number of days since the last Azure Active Directory Connect (AADC) sync. Useful for determining if there is an issue as it should always be <1.
Robbie Kibler over 2 years ago in Azure Active Directory 6

M365: PerfectData App Check

Malicious actors are utilizing a vulnerability with the "PerfectData Software" Entra(AKA Azure) enterprise application. This metric can query each M365 inspector and display whether or not the app is present in the tenant. This can be used with ou...
David Chapman about 2 months ago in Microsoft 365 1