Skip to Main Content
Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and
follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

ADD A NEW METRIC ENTRY

All Metric entries

Showing 911 of 911

Windows Server: AV/EDR - Sophos, Huntress, Defender Installed

Windows Server: Software Compliance - Sophos, Huntress, Defender Installed Category: Software Compliance Description: This metric pulls a list of all installed software from endpoints, specifically filtering for security-related software such as S...
Lamont Largie about 1 month ago in Windows Server 0

SonicWall: Config - WAN HTTPS Management Restricted Check

Checks whether the WAN -> WAN rule for HTTPS Management is restricted to a source other than "any"; true or false.
Josh Archibald 2 months ago in SonicWall 0

Hyper-V: Host and VMs List

Lists the host's name along with the names and current status of each virtual machine.
Josh Archibald 2 months ago in Hyper-V 0

Azure: Snapshots - Older than 7 days Check

Checks whether there are snapshots older than 7 days (1 week); true or false.
Josh Archibald 2 months ago in Azure 0

SentinelOne - Resolved/unresolved Threats

Adjust as needed - working on some reporting KPI metrics and wanted to share. Credit to support for the query!
Steve King 5 months ago in SentinelOne 0

Microsoft 365 : Malicious Application Consent - PerfectData

This application has actively been used during account compromises to create a backup of the accounts mailbox.Create an actionable alert for this and audit all environments.
Devon over 1 year ago in Microsoft 365 1

JumpCloud: Users - MFA Status List

Lists all users and their MFA status including: Name Account Enabled or Disabled Account Locked (only shows if locked) MFA Configured or Off MFA Excluded (only shows if excluded)
Josh Archibald about 2 months ago in JumpCloud 0

Microsoft 365: SSO Certificate Expiring in 30 days

This will find any SSO certificates that are going to expire in 30 days or less.
Guest 3 months ago in Azure 0

Microsoft 365: Shared Mailboxes with Assigned Licenses

Use for trying to find Shared Mailboxes that still have a license assigned.
Kevin Fuller 3 months ago in Microsoft 365 0

M365: AAD App Secrets Expiring within 30 days

Looks for applications with expiring/expired secrets (within 30 days), then outputs the Application name, and the secrets associated that are expiring/expired.
Leland Shane over 1 year ago in Microsoft 365 0