There’s a new Workbook available in the Microsoft Sentinel console that I’m pretty sure you’ll overlook because it’s been released without much fanfare. However, for those taking advantage of Microsoft Defender for Endpoint and the connection to Microsoft Sentinel, this Workbook contains valuable information.
To locate it, in Workbook – Templates, to a quick filter on ‘Defender.’ Save it to enable it for your environment.
The Workbook displays information for things like tables, data flow, the devices being managed by Defender for Endpoint, and much more.
While you can find the Workbook in the Microsoft Sentinel console, the source for the Workbook is here: https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/MicrosoftDefenderForEndPoint.json
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]