Liongard
Create
Log in
Sign up
Roadmap
Feedback
Metrics Library
992
Boards
Feature Requests
Metrics Library
Powered by Canny
Metrics Library
This is a community-led space where Liongard users can come to teach and learn from one another. Share custom Metrics, get inspired and see what’s trending in the Pride.
Details
Category
Veeam Service Provider Console
Windows Server
Microsoft 365
Cisco Meraki
Amazon Web Services
SonicWall
Internet Domain/DNS
Dark Web Monitoring
Google Workspace
N-able RMM
Hyper-V
Sophos XG
VMware ESXi
Azure Active Directory
SentinelOne
Huntress
Fortinet FortiGate
Azure
Duo Security
Roar
Windows Workstation
Active Directory
N-able Backup
Auvik
Datto RMM
WatchGuard
Ubiquiti UniFi
macOS
ConnectWise Manage
Continuum RMM
TLS/SSL Certificates
ESET Licensing
JumpCloud
Sophos Central
GoDaddy
IT Glue
KnowBe4
ConnectWise Automate
Cisco Small Business Solution (SBS)
Network Discovery
OneLogin
SQL Server
Kaseya BMS
NinjaRMM
Cisco Umbrella
Acronis Cyber Cloud
Cisco ASA
Palo Alto
N-able N-central
Autotask
Bitdefender
Managed Printer
Microsoft OneDrive
Microsoft Teams
VMware vCenter
Linux
Webroot Secure Anywhere GSM
Syncro
3CX
StorageCraft SPX
Cisco IOS
BCDR data
Cloudflare
Veeam Availability Console
Kaseya VSA
Domotz
Adigy
Datto Networking
Uncategorized
Showing
Trending
Sort
Trending
Top
New
Filter
Under Review
Planned
In Progress
Blocked
Submitted
Reviewed
Complete
posts in
All Categories
All Categories
Veeam Service Provider Console (3)
Windows Server (80)
Microsoft 365 (130)
Cisco Meraki (18)
Amazon Web Services (7)
SonicWall (34)
Internet Domain/DNS (26)
Dark Web Monitoring (1)
Google Workspace (8)
N-able RMM (5)
Hyper-V (8)
Sophos XG (4)
VMware ESXi (3)
Azure Active Directory (29)
SentinelOne (10)
Huntress (12)
Fortinet FortiGate (20)
Azure (12)
Duo Security (23)
Roar (185)
Windows Workstation (51)
Active Directory (106)
N-able Backup (9)
Auvik (10)
Datto RMM (11)
WatchGuard (3)
Ubiquiti UniFi (10)
macOS (2)
ConnectWise Manage (3)
Continuum RMM (10)
TLS/SSL Certificates (8)
ESET Licensing (3)
JumpCloud (2)
Sophos Central (9)
GoDaddy (3)
IT Glue (10)
KnowBe4 (6)
ConnectWise Automate (5)
Cisco Small Business Solution (SBS) (4)
Network Discovery (9)
OneLogin (3)
SQL Server (4)
Kaseya BMS (1)
NinjaRMM (1)
Cisco Umbrella (8)
Acronis Cyber Cloud (2)
Cisco ASA (8)
Palo Alto (1)
N-able N-central (7)
Autotask (2)
Bitdefender (1)
Managed Printer (6)
Microsoft OneDrive (2)
Microsoft Teams (3)
VMware vCenter (2)
Linux (2)
Webroot Secure Anywhere GSM (11)
Syncro (1)
3CX (1)
StorageCraft SPX (1)
Cisco IOS (7)
BCDR data (15)
Cloudflare (1)
Veeam Availability Console (2)
Kaseya VSA (3)
Domotz (1)
Adigy (1)
Datto Networking (2)
Azure Active Directory: Days Since Last AADC Sync
Counts the number of days since the last Azure Active Directory Connect (AADC) sync. Useful for determining if there is an issue as it should always be <1. SystemInfo.DirectorySync[?DaysSinceLastSync_r > 0 ] | length(@)
6
·
submitted
22
M365: AAD App Secrets Expiring within 30 days
Looks for applications with expiring/expired secrets (within 30 days), then outputs the Application name, and the secrets associated that are expiring/expired. Applications[?passwordCredentials[?time_until(endDateTime, days ) < 30 ].endDateTime].['Application Name: 'displayName, 'Secret Name: 'passwordCredentials[?time_until(endDateTime, days ) < 30 ].displayName]
2
·
submitted
14
Microsoft 365 : Malicious Application Consent - PerfectData
This application has actively been used during account compromises to create a backup of the accounts mailbox.Create an actionable alert for this and audit all environments. ServicePrincipals[?appId== ff8d92dc-3d82-41d6-bcbd-b9174d163620 ].join( , [join( , [ , to_string(appDisplayName)]), join( , [ : , to_string(createdDateTime)])])
1
·
submitted
13
Microsoft 365: Users w/ Associated Licenses
This Metric is great for Reports (QBRs and Licensing Audits) and gaining and sharing granular visibility into user's licensing status. Users[? accountEnabled == true && Assigned_Products != ` ].join( , [join( , [ , to_string(displayName)]), join( , [ : `, to_string(Assigned_Products)])]) | sort(@)
0
·
submitted
11
AAD:Active Users Without MFA (Not Disabled)
Allow you to easily identify users with MFA enabled that are not disabled accounts. Users[?accountEnabled == true && isMfaRegistered_r== Disabled ].userPrincipalName
1
·
submitted
11
Active Directory: Last Login with Timestamp
This will return us the last logon for the AD user. Users[].join( , [join( , [ AD LOGIN: , to_string(UserName)]), join( , [ . Name of User: , to_string(Name)]),join( , [ : , to_string(LastLogonDate)])])
1
·
submitted
11
Active Directory: DHCP Percent In Use over 80
Name of DHCP in over 80% to be used for alerting DHCP.Serverv4Scopes[?Statistics.PercentageInUse >= to_number('80')].Name
1
·
submitted
9
Microsoft 365: Privileged User w/ License
Best Practices are for admin accounts to not contain a license unless required. This metric outputs Privileged users and what products they are assigned Users[?Privileged== Yes && Assigned_Products != ` ].join( , [join( , [ , to_string(displayName)]), join( , [ : `, to_string(Assigned_Products)])]) | sort(@)
1
·
submitted
9
Fortigate: Show DeviceVersion, Current Firmware and Available Firmware
Patching devices is a critical component to CyberSecurity. Ensuring products are patched and updated, this metric shows you the current version and the available update with Fortigate version 7.x [DeviceVersion 'Current Version |' Firmware.current.version 'Available | 'Firmware.available[0].version]
0
·
submitted
8
Active Directory: Password Never Expires = TRUE
This is helpful to someone who's trying to obtain/maintain visibility into a part of the breakdown of an AD password policy at an organization. This is a good Metric for QBRs, recurring site reviews, and an onboarding report. This Metric can also be used to create a pointed Actionable Alert that prompts the proper maintanence of a secure AD passpord policy. Users[? PasswordNeverExpires == true ].Name
0
·
submitted
7
Load More
→
Powered by Canny
