Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

ADD A NEW METRIC ENTRY

All Metric entries

Showing 882 of 882

Windows Server: Excessive Failed Logon Alerts (Last 2 Weeks)

Metric Name: Windows Server: Windows Server: Excessive Failed Logon Alerts (Last 2 Weeks) Category: Windows Server Description: This metric is designed to identify and report on local account logon failures that exceed one attempt within the past ...
Lamont Largie about 18 hours ago in Windows Server 0

Windows Server: Veeam Backup & Replication Version

Metric Name: Windows Server: Veeam Backup & Replication Version Category: Windows Server Description: This metric tracks and reports the version and installation details of the Veeam Backup & Replication Console on Windows Servers. It prov...
Lamont Largie about 18 hours ago in Windows Server 0

SentinelOne - Resolved/unresolved Threats

Adjust as needed - working on some reporting KPI metrics and wanted to share. Credit to support for the query!
Steve King 10 days ago in SentinelOne 0

Cisco ASA check for CVE-2024-20353 | CVE-2024-20359

To check if the above CVE's are present on your Cisco ASA you will need to preform the below steps. First you will need to use the above metric to return a list of your ASA's software versions If your ASA version returns a value with parentheses (...
Austin Unger 27 days ago in Cisco ASA 0

Windows Server: Servers with ScreenConnect Version 23.9.7 or Lower [CWE-288/CWE-22]

Checks to see if the server is running a ScreenConnect version that is 23.9.7 or lower. This will determine if the software needs to be upgraded to mitigate the recently vulnerability announced by ConnectWise: https://www.connectwise.com/company/t...
Guest 3 months ago in Windows Server 1

Windows Workstation: Windows11 Compatible

This metric will assess whether your workstations are compatible with the upgrade to Windows 11.
De'Shard Brown 2 months ago in Windows Workstation 0

Fortinet CVE-2024-23112 Device check

The metric will return a true / false value depending on if the device is on a patched firmware based on FortiOS.
Austin Unger 2 months ago in Fortinet FortiGate 0

Palo Alto | CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect

This metric will be used to detect affected versions for the below CVE. The metric will return true or false if the system is running an affected version. https://security.paloaltonetworks.com/CVE-2024-3400 This issue is fixed in hotfix releases o...
Austin Unger about 1 month ago in Palo Alto 1

Microsoft 365 : Malicious Application Consent - PerfectData

This application has actively been used during account compromises to create a backup of the accounts mailbox.Create an actionable alert for this and audit all environments.
Devon about 1 year ago in Microsoft 365 1

Windows Workstation: Unknown ScreenConnect Fingerprints

Replace the "xxxxxxxxxxxxxxxx" with your known ScreenConnect fingerprints. You can add additional fingerprints as needed with more "contains" statements separated by "||". These fingerprints can be found via software inventory (Add/Remove Programs...
Noah Tatum 3 months ago in Windows Workstation 1