How to Deploy a Workbook to Azure Sentinel from the GitHub Repository

Deploying collateral from our GitHub repository to your Azure Sentinel instance is very similar in that it is a copy/paste operation. This guidance is specific to an Workbook. How to do it Azure Sentinel Workbooks are located in the Workbooks folder of the GitHub repo. Locate an Analytics Rule you want in the GitHub Repo. Click the … Continue reading How to Deploy a Workbook to Azure Sentinel from the GitHub Repository

Beginning in 2021 Shared Reports is Your Only Save Option for Azure Sentinel Workbooks

Saw this today when I was adding a new Workbook to my Azure Sentinel environment for a customer demo and thought it worthy to pass along. The ability to save workbooks as Private Workbooks is going away by early 2021. You will still be able to access your private workbooks but any edit or save … Continue reading Beginning in 2021 Shared Reports is Your Only Save Option for Azure Sentinel Workbooks

How to Link to Related Workbooks within the Current Azure Sentinel Workbook

Here's a quick one. I had a customer request where they wanted to replicate the capability of another product. In this other product links are generated to related resources within the system. While I can't currently offer that these links can be auto-generated, we do have the ability within Workbooks to create custom links to … Continue reading How to Link to Related Workbooks within the Current Azure Sentinel Workbook

How to Make Your Azure Sentinel Workbooks Even More Interactive with Drilldowns and Downloads

Azure Sentinel Workbooks are designed to be dynamic reporting tools. Based on KQL, the numerous Workbooks included with the product and provided across the web (including our own GitHub repo - aka.ms/ASGitHub) give security teams and security managers a way to create personalized, quick-glance views into the security stance of the organization. I've worked with … Continue reading How to Make Your Azure Sentinel Workbooks Even More Interactive with Drilldowns and Downloads

Sharing Workbook Data Outside Azure Sentinel with Non-analysts

Customers ask quite often how they can share their Workbooks with others outside of Azure Sentinel, i.e., give access to the valuable visualizations/reports to those that don't need full Azure Sentinel access. The solution is actually much easier than it might seem and involves a very simple method of using the pinning features of Workbooks … Continue reading Sharing Workbook Data Outside Azure Sentinel with Non-analysts

Pinning Entire Azure Sentinel Workbooks to Azure Dashboards

For those that do more in the Azure portal everyday than just Azure Sentinel analyst work, it may be helpful to pin some of the more valuable data representations in Sentinel Workbooks to the general Azure portal dashboard. Azure dashboards give immediate access to a host of valuable data, and by "pinning" Azure Sentinel Workbooks, … Continue reading Pinning Entire Azure Sentinel Workbooks to Azure Dashboards