The User Map workbook in Microsoft Sentinel is a useful tool to show device and user locations on global map.
As shown in the following image, there’s a spot in this workbook that provides a dropdown list of common locations. Mine is a bit different than yours in that I’ve added Hong Kong to my custom list.
To add your own location to your custom list, do this:
[1] Locate the latitude and longitude of the location you want to add. In my case, Hong Kong’s coordinates are: 22.27832, 114.17469.
[2] Choose the Edit button at the top left of the Workbook.
[3] Once the Editing mode is activated, find another Edit button on the right-hand side down below the Top: ’10’ Malicious IP distances from New York in (‘Miles’) section.
[4] Now, in the 6 Editing group item: group – Malicious section, choose yet another Edit button to modify the custom list.
[5] When the display changes, put a checkmark in the box next to CityList and click the pencil icon (yes, another edit button).
[6] After all that, you’ve now reached the actual custom list to modify. Insert the latitude, longitude and location name in the code.
Once you’ve entered your custom location(s), you can back out and save the Workbook.
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Bi-Weekly Defender for Cloud Newsletter]
[Learn KQL with the Must Learn KQL series and book]
You must log in to post a comment.