Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

ADD A NEW METRIC ENTRY

All Metric entries

Showing 885 of 885

Google Workspace: Stale User List with Exclusions

This metric supports the RoarExclude group filter. The RoarExclude group filter will prevent alerts from triggering for users who are part of the RoarExclude group. To utilize this feature, you will need to create a Group named “RoarExclude” in th...
Michael Thompson 7 months ago in Google Workspace 0

Palo Alto | CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect

This metric will be used to detect affected versions for the below CVE. The metric will return true or false if the system is running an affected version. https://security.paloaltonetworks.com/CVE-2024-3400 This issue is fixed in hotfix releases o...
Austin Unger 3 months ago in Palo Alto 1

Microsoft 365: Exchange Licensed user w/ 95% full mailbox

Outputs percentage of Storage used against full mailbox size in addition to the email address and mailbox size. Microsoft's built in warning to the user is at 98%, Prohibits sending at 99%, and Prohibits receiving at 100%. This can be customized b...
Devon over 1 year ago in Microsoft 365 2

Active Directory: Never Used User Accounts Created Over 30 Days Ago Summary

This metric will list all accounts created over 30 days ago that have not been logged into.
Michael Thompson 7 months ago in Active Directory 0

Internet Domain/DNS: Multiple SPF Records

This is actually a built in metric, but it can be used to detect when multiple SPF records are defined by the following alert rule: Metric: Internet Domain/DNS: SPF Records (SPFRecord metric)Operator: containsThreshold: ,v=spf1
Darren White 7 months ago in Internet Domain/DNS 0

Azure AD: Complete List of Conditional Access Policies and Excluded Users

This metric will return a complete list of Azure AD Conditional Access policies and a list of excluded users for each policy. This is difficult because the policies only contain a list of user's ID, not their display names.
David Chapman about 1 year ago in Azure Active Directory 1

AAD:Active Users Without MFA (Not Disabled)

Allow you to easily identify users with MFA enabled that are not disabled accounts.
Jai Dametto almost 3 years ago in Azure Active Directory 1

Auvik: List of Actual Billable Devices

Auvik only bills you for core billable devices (Firewalls, Routers, Switches, and Cisco Wireless Cloud Controllers). The problem is, you can also unmanage a device (if it's not a important device). This metric will account for any core device t...
Jason Bandy 4 months ago in Auvik 0

Auvik: Count of Actual Billable Devices

Auvik only bills you for core billable devices (Firewalls, Routers, Switches, and Cisco Wireless Cloud Controllers). The problem is, you can also unmanage a device (if it's not a important device). This metric will account for any core device then...
Jason Bandy 4 months ago in Auvik 0

Active Directory: Last Login with Timestamp

This will return us the last logon for the AD user.
_ _ over 2 years ago in Active Directory 1