Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

ADD A NEW METRIC ENTRY

All Metric entries

Showing 885 of 885

Fortinet Fortigate: DMZ Default Config

If the defaults are in place it will report back with [dmz]. if disabled or changed from defaults it will report back with [].
Bill Krauss (Applied Tech) 5 months ago in Fortinet FortiGate 0

Fortinet FortiGate: Firewall Policy with All-to-All Source and Destination Addresses

This metric will display the names of all Firewall Policies that have the source and destination addresses set to all.
Michael Thompson 5 months ago in Fortinet FortiGate 0

Windows Workstation: Unknown ScreenConnect Fingerprints

Replace the "xxxxxxxxxxxxxxxx" with your known ScreenConnect fingerprints. You can add additional fingerprints as needed with more "contains" statements separated by "||". These fingerprints can be found via software inventory (Add/Remove Programs...
Noah Tatum 5 months ago in Windows Workstation 1

Windows Server: Unknown ScreenConnect Fingerprints

Replace the "xxxxxxxxxxxxxxxx" with your known ScreenConnect fingerprints. You can add additional fingerprints as needed with more "contains" statements separated by "||". These fingerprints can be found via software inventory (Add/Remove Programs...
Noah Tatum 5 months ago in Windows Server 2

Fortinet FortiGate: HTTP and/or SSH Enabled on an Interface

This metric checks to see if the HTTP or SSH protocols are being used on any interfaces and then lists the interface name if either HTTP or SSH is enabled.
Michael Thompson 5 months ago in Fortinet FortiGate 0

Microsoft 365: New users created 7 days ago with MFA disabled

This metric will allow you to find M365 users created 7 days ago and MFA is Disabled. We are using this metric along with an actionable alert to create tickets when one of these users are found. This can be adjusted to find users created in a rang...
Guest 5 months ago in Microsoft 365 0

Windows Server: Servers with ScreenConnect Version 23.9.7 or Lower [CWE-288/CWE-22]

Checks to see if the server is running a ScreenConnect version that is 23.9.7 or lower. This will determine if the software needs to be upgraded to mitigate the recently vulnerability announced by ConnectWise: https://www.connectwise.com/company/t...
Guest 5 months ago in Windows Server 1

Fortinet FortiGate: FortiManager Enabled on an Interface

This metric checks to see if the FortiGate to FortiManager (FGFM) protocol is being used on any interfaces and then lists the interface name if it is.
Michael Thompson 5 months ago in Fortinet FortiGate 0

Microsoft 365 : Malicious Application Consent - Padlet

This application has actively been used during account compromises to create a backup of the accounts mailbox.Create an actionable alert for this and audit all environments.
Jordan Docter 6 months ago in Microsoft 365 0

Active Directory: Never Used User Accounts Summary (With Exclusions)

This metric will list all accounts created over 30 days ago that have not been logged into. The metric also supports the RoarExclude group filter. The RoarExclude group filter will prevent alerts from triggering for users who are part of the RoarE...
Michael Thompson 6 months ago in Active Directory 0