Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

ADD A NEW METRIC ENTRY

All Metric entries

Showing 918 of 918

Fortinet FortiGate: WifiAP IPv4 Address

Shows APs and their IPv4 addresses.
Austin B [QuoStar] about 3 years ago in Fortinet FortiGate 0

Fortinet FortiGate: WifiAP Serial number

Simple query to pull AP's and their Serial number for asset tracking
Austin B [QuoStar] about 3 years ago in Fortinet FortiGate 0

M365: Admin Users with MFA Enabled List

This is helpful to someone who's trying to obtain/maintain visibility into the non-admin users in an organization's M365 instance. This is a good Metric for QBRs, recurring site reviews, and an onboarding report. Also, this Metric could be used to...
De'Shard Brown about 3 years ago in Microsoft 365 0

Roar: Envrionment Active Inspector List

Brings back the name of all environments and their active inspectors
Stephen Rankich about 3 years ago in Roar 0

Network Discovery: Hikvision System IP

This list the IP for devices with Hikvision in the vendor name. This company is owned directly by the PRC and is vulnerable to RCE CVE-2021-36260 use with Network Discovery: Hikvision System Count to build an actionable alert
Devon about 3 years ago in Network Discovery 0

Network Discovery: Hikvision System Count

This counts for devices with Hikvision in the vendor name. This company is owned directly by the PRC and is vulnerable to RCE CVE-2021-36260
Devon about 3 years ago in Network Discovery 0

Active Directory: KRBTGT Account Password Needs Reset

krbtgt user account password should be changed at a minimum every 180 days. https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-resetting-the-krbtgt-password
matt longenecker over 3 years ago in Active Directory 0

Active Directory: User Accounts With Brute Force Attempts Count 5+ Count

Current Brute force metric alerts after 4 failed attempts even on disabled accounts from multiple years ago. This provides a custom option to be closer to the lockout policy with the option of monitoring only enabled accounts. This provides a coun...
Devon over 3 years ago in Active Directory 1

Sonicwall: NAT contains RDS services

This one is a little trickier to catch but looks for the translated service containing RDP, RDS, Terminal, or 3389 with source being any. This is an indicator of wide open RDP however if the service does not contain these names it is missed.
Devon over 3 years ago in SonicWall 0

Azure Active Directory: InTune registered devices with Encryption disabled

Detects corporate intune registered devices not encrypted. Outputs into CSV friendly format
Austin B [QuoStar] over 3 years ago in Azure Active Directory 0