Metrics Library

Partner, Omega "Data Warehouse capability - Wants Liongard data in a local SQL Server database". Ask JJ for specifics.

Partner, Omega "Data Warehouse capability - Wants Liongard data in a local SQL Server database". Ask JJ for specifics.

Title: Identify Enabled Management Methods on SonicWall Interfaces Description: This metric identifies which management methods (e.g., HTTP, HTTPS, SSH, Ping) are enabled on each network interface of a SonicWall firewall running SonicOS version 6. It filters out interfaces with no management methods enabled and breaks down the access methods per interface. Query: Interfaces[?ManagementFormatted != ''].{ Interface: name, ManagementMethods: ManagementFormatted, HTTP_Enabled: contains(ManagementFormatted, 'http'), HTTPS_Enabled: contains(ManagementFormatted, 'https'), SSH_Enabled: contains(ManagementFormatted, 'ssh'), Ping_Enabled: contains(ManagementFormatted, 'ping') } Purpose: To provide visibility into the management surface of each SonicWall interface. This helps MSPs and IT admins assess which interfaces may expose the firewall to potential remote access or management risks and verify that only intended protocols are allowed. How It Works: The metric: Filters the Interfaces object to include only those where at least one management method is enabled. Lists: The interface name (e.g., X0, X1) A combined string of enabled methods Boolean flags for http, https, ssh, and ping, indicating whether each method is individually enabled. Beneficiaries: Security Analysts: Gain insight into firewall management exposure points. Network Engineers: Quickly validate whether interface configurations comply with internal access policies. Compliance Teams: Use this data to audit firewall access protocols. MSPs: Enable proactive reviews of SonicWall configurations across client environments. Notes on Customization & Enhancements: Add More Management Methods: If newer methods (e.g., SNMP, Telnet) are introduced or monitored, add additional flags using contains(ManagementFormatted, 'snmp'). Add Interface Zones or IPs: Include data like interface zone or IP address for additional context by appending fields to the output. Filter Specific Interfaces: Narrow the output to include only WAN-facing interfaces or exclude internal zones using more advanced filters. Track Changes Over Time: Pair with Liongard Change Detection to alert on unauthorized changes to interface management settings. Why These Changes Might Be Valuable: Helps tailor the metric to your organization’s security posture. Supports more detailed audits and compliance reviews. Enables focused reviews on high-risk interfaces (e.g., public-facing). Increases clarity and actionability of the metric output.

Metric Name: interfaces_with_remote_access Category: Network & Infrastructure Query: Network.InterfacesIPv4[?ManagementHttps == true || ManagementHttp == true ].{   Interface: Name,   Zone: IpAssignmentZone,   IP_Address: IpAssignmentModeStaticIp,   HTTP_Enabled: ManagementHttp || false ,   HTTPS_Enabled: ManagementHttps || false ,   SSH_Enabled: ManagementSsh || false } Description: Identifies all network interfaces where remote access is enabled via HTTP, HTTPS, or SSH. This includes both management and user login services that may expose interfaces to remote access. Purpose: Helps surface potential security risks by identifying interfaces that may be unintentionally exposed to the internet or external users. How it Works: This metric queries Network.InterfacesIPv4 and filters interfaces where any of the following are true: ManagementHttps ManagementHttp UserLoginHttps UserLoginHttp For each matching interface, the following details are returned: Interface: Name of the interface Zone: Assigned IP zone IP_Address: Static IP (if set) HTTP_Enabled, HTTPS_Enabled: Whether management access is enabled UserLogin_HTTP, UserLogin_HTTPS: Whether user login is allowed SSH_Enabled: Whether SSH management is enabled Beneficiaries: IT Admins Security Teams MSPs (Managed Service Providers) Compliance Officers Customization & Notes: Filter by Zone or IP Range: Add conditions to limit results to Zone == "DMZ" or specific subnet ranges. Add Device Info: Join data from the root object to include device name, serial number, or location. Track Over Time: Use Inspectors with Timeline to monitor when remote access settings change. Alerting: Combine with a Liongard alert to trigger notifications when insecure access is detected. Ticketing Integration: Auto-create tickets when HTTP or SSH is found on exposed interfaces.

Organization.logs_sources_count

Organization.sat_learner_count

The resulting example in the screenshot drives[? ( quota.total != null)].[{"Drive Name": name, "GB Total": quota.total , "Site Name": siteName_r}]

Microsoft 365 Licensing Metric designed for Power BI consumption. Licensing[].{ProductFriendlyName: ProductFriendlyName, Consumed: consumedUnits, Unconsumed: UnconsumedUnits_r, Suspended: prepaidUnits.suspended}

Returns any Basic public IP SKU's in use. This SKU is being depreciated and will no longer work after 30 September 2025. It returns the SKU name, the name of the resource and the subscription its in. PublicIPAddresses[? sku.name == 'Basic'].[ sku.name , name, subscriptionDisplayName]

Which percent of the physical interfaces are missing a description. Useful for maintaining best practices. percent_of(length(Interfaces[? (Hardware == 'Gigabit Ethernet' || Hardware == 'Ten Gigabit Ethernet') && (Description == null || Description == '') ]),length(Interfaces[? (Hardware == 'Gigabit Ethernet' || Hardware == 'Ten Gigabit Ethernet')]))