Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

ADD A NEW METRIC ENTRY

All Metric entries

Showing 885 of 885

Office 365: Stale Mailboxes

Lists active stale users that are licensed with a mailbox and haven't been active in 30 days.
Dominic Peterson 7 months ago in Microsoft 365 0

Fortinet CVE-2024-23112 Device check

The metric will return a true / false value depending on if the device is on a patched firmware based on FortiOS.
Austin Unger 5 months ago in Fortinet FortiGate 0

macOS: Huntress Installed

This will return a true or false value for the installation of Huntress
De'Shard Brown 8 months ago in macOS 0

SonicWall: Active Licenses Expiring in 90 days

This metric works for Gen 7 firewalls and returns a list of all active licenses that are going to expire in the next 90 days.
Justin Penchina 8 months ago in SonicWall 0

Windows Workstation: Unknown ScreenConnect Fingerprints

Replace the "xxxxxxxxxxxxxxxx" with your known ScreenConnect fingerprints. You can add additional fingerprints as needed with more "contains" statements separated by "||". These fingerprints can be found via software inventory (Add/Remove Programs...
Noah Tatum 5 months ago in Windows Workstation 1

Windows Server: Unknown ScreenConnect Fingerprints

Replace the "xxxxxxxxxxxxxxxx" with your known ScreenConnect fingerprints. You can add additional fingerprints as needed with more "contains" statements separated by "||". These fingerprints can be found via software inventory (Add/Remove Programs...
Noah Tatum 5 months ago in Windows Server 2

Microsoft 365: New users created 7 days ago with MFA disabled

This metric will allow you to find M365 users created 7 days ago and MFA is Disabled. We are using this metric along with an actionable alert to create tickets when one of these users are found. This can be adjusted to find users created in a rang...
Guest 5 months ago in Microsoft 365 0

Microsoft 365 : Malicious Application Consent - Padlet

This application has actively been used during account compromises to create a backup of the accounts mailbox.Create an actionable alert for this and audit all environments.
Jordan Docter 6 months ago in Microsoft 365 0

Cisco ASA check for CVE-2024-20353 | CVE-2024-20359

To check if the above CVE's are present on your Cisco ASA you will need to preform the below steps. First you will need to use the above metric to return a list of your ASA's software versions If your ASA version returns a value with parentheses (...
Austin Unger 3 months ago in Cisco ASA 0

M365: AAD App Secrets Expiring within 30 days

Looks for applications with expiring/expired secrets (within 30 days), then outputs the Application name, and the secrets associated that are expiring/expired.
Leland Shane over 1 year ago in Microsoft 365 0