Liongard
Create
Home
Metrics Library
1003
Powered by Canny

Metrics Library

This is a community-led space where Liongard users can come to teach and learn from one another. Share custom Metrics, get inspired and see what’s trending in the Pride.
Azure Active Directory: Days Since Last AADC Sync
Counts the number of days since the last Azure Active Directory Connect (AADC) sync. Useful for determining if there is an issue as it should always be <1. SystemInfo.DirectorySync[?DaysSinceLastSync_r > 0 ] | length(@)
6
·
Azure Active Directory
·
submitted
M365: AAD App Secrets Expiring within 30 days
Looks for applications with expiring/expired secrets (within 30 days), then outputs the Application name, and the secrets associated that are expiring/expired. Applications[?passwordCredentials[?time_until(endDateTime, days ) < 30 ].endDateTime].['Application Name: 'displayName, 'Secret Name: 'passwordCredentials[?time_until(endDateTime, days ) < 30 ].displayName]
2
·
Microsoft 365
·
submitted
Microsoft 365 : Malicious Application Consent - PerfectData
This application has actively been used during account compromises to create a backup of the accounts mailbox.Create an actionable alert for this and audit all environments. ServicePrincipals[?appId== ff8d92dc-3d82-41d6-bcbd-b9174d163620 ].join( , [join( , [ , to_string(appDisplayName)]), join( , [ : , to_string(createdDateTime)])])
1
·
Microsoft 365
·
submitted
Microsoft 365: Users w/ Associated Licenses
This Metric is great for Reports (QBRs and Licensing Audits) and gaining and sharing granular visibility into user's licensing status. Users[? accountEnabled == true && Assigned_Products != ` ].join( , [join( , [ , to_string(displayName)]), join( , [ : `, to_string(Assigned_Products)])]) | sort(@)
0
·
Microsoft 365
·
submitted
AAD:Active Users Without MFA (Not Disabled)
Allow you to easily identify users with MFA enabled that are not disabled accounts. Users[?accountEnabled == true && isMfaRegistered_r== Disabled ].userPrincipalName
1
·
Azure Active Directory
·
submitted
Active Directory: Last Login with Timestamp
This will return us the last logon for the AD user. Users[].join( , [join( , [ AD LOGIN: , to_string(UserName)]), join( , [ . Name of User: , to_string(Name)]),join( , [ : , to_string(LastLogonDate)])])
1
·
Active Directory
·
submitted
Microsoft 365: Privileged User w/ License
Best Practices are for admin accounts to not contain a license unless required. This metric outputs Privileged users and what products they are assigned Users[?Privileged== Yes && Assigned_Products != ` ].join( , [join( , [ , to_string(displayName)]), join( , [ : `, to_string(Assigned_Products)])]) | sort(@)
1
·
Microsoft 365
·
submitted
Active Directory: DHCP Percent In Use over 80
Name of DHCP in over 80% to be used for alerting DHCP.Serverv4Scopes[?Statistics.PercentageInUse >= to_number('80')].Name
1
·
Active Directory
·
submitted
Fortigate: Show DeviceVersion, Current Firmware and Available Firmware
Patching devices is a critical component to CyberSecurity. Ensuring products are patched and updated, this metric shows you the current version and the available update with Fortigate version 7.x [DeviceVersion 'Current Version |' Firmware.current.version 'Available | 'Firmware.available[0].version]
0
·
Fortinet FortiGate
·
submitted
[Microsoft 365: Non-Admin, Non-Guest, License Assigned, MFA disabled]
This query looks for non-admin users who have an active license within your organization that do not have MFA enabled (ignoring guest users). Users[? Privileged == No && userType != Guest && Assigned_Products!= "" && isMfaRegistered_r == Disabled ].displayName
5
·
Microsoft 365
·
submitted
Load More
Powered by Canny