Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

ADD A NEW METRIC ENTRY

All Metric entries

Showing 878 of 878

Microsoft 365: Shared Mailbox Listing

This metric displays a list of the names of the shared mailboxes.
Michael Thompson about 2 months ago in Microsoft 365 0

Microsoft 365: Shared Mailbox Count

This metric displays a count of shared mailboxes.
Michael Thompson about 2 months ago in Microsoft 365 0

Fortinet Fortigate: DMZ Default Config

If the defaults are in place it will report back with [dmz]. if disabled or changed from defaults it will report back with [].
Guest about 2 months ago in Fortinet FortiGate 0

Active Directory: Never Used User Accounts Created Over 30 Days Ago Summary

This metric will list all accounts created over 30 days ago that have not been logged into.
Michael Thompson 4 months ago in Active Directory 0

Fortinet FortiGate: HTTP and/or SSH Enabled on an Interface

This metric checks to see if the HTTP or SSH protocols are being used on any interfaces and then lists the interface name if either HTTP or SSH is enabled.
Michael Thompson about 2 months ago in Fortinet FortiGate 0

Microsoft 365: New users created 7 days ago with MFA disabled

This metric will allow you to find M365 users created 7 days ago and MFA is Disabled. We are using this metric along with an actionable alert to create tickets when one of these users are found. This can be adjusted to find users created in a rang...
Guest about 2 months ago in Microsoft 365 0

Internet Domain/DNS: Multiple SPF Records

This is actually a built in metric, but it can be used to detect when multiple SPF records are defined by the following alert rule: Metric: Internet Domain/DNS: SPF Records (SPFRecord metric)Operator: containsThreshold: ,v=spf1
Darren White 4 months ago in Internet Domain/DNS 0

Fortinet FortiGate: FortiManager Enabled on an Interface

This metric checks to see if the FortiGate to FortiManager (FGFM) protocol is being used on any interfaces and then lists the interface name if it is.
Michael Thompson about 2 months ago in Fortinet FortiGate 0

macOS: Huntress Installed

This will return a true or false value for the installation of Huntress
De'Shard Brown 4 months ago in macOS 0

Azure Active Directory: Conditional Access Policies with Excluded Users Summary

I based this off another metric created by David Chapman, so thanks to him for the original idea! I added the ability to also bring in users from excluded groups for a full picture of what users are excluded from CA policies. There might be a more...
Noah Tatum 4 months ago in Azure Active Directory 0