In Azure Sentinel, You can add a new Workbook or use the predefined or inbuilt workbooks templates. Let’s deep dive into a complete tutorial on Azure Sentinel Workbooks.
Table of Contents
Sentinel Workbooks
Azure Sentinel Workbooks help you visualize and monitor your data. Not only that, it can also help you to build interactive reports.
You can visualize and monitor your data using the built-in workbooks template or even the option to create new workbooks.
How to access Azure Sentinel Workbooks
You can find the Sentinel Workbook in Azure using the below quick instructions.
- Navigate to the respective Azure Sentinel page.
- Click on the Workbooks link from the left side, as shown below.
How to use the built-in workbooks
- On the Microsoft Senitel page –> click on the Workbooks link from the left side –> Then click on the Templates tab.
- Click on the View Template button to see the template.
- Click on the Save button to edit the template –> Select the location and click the ok button on the next pop-up.
- Now, click on the View Saved Workbooks button.
- Then click on the Edit button to edit the Workbook template.
Read: How to create Azure dashboards (Step-by-step guide)
How to create workbooks in Sentinel
- To create or add a new Azure Sentinel Workbook, click on the + Add workbook as shown below.
2. If you want to edit the workbook, click on the Edit button.
3. Once you are done with the editing of your workbook, click on the save button.
- Title: Provide a title for your new workbook.
- Subscription: Choose your Azure subscription.
- Resource Group: Select the resource group.
- Location: Choose the location.
Finally, click on the Save button to save the changes.
4. If you want to open another workbook in the same workspace, click the Open button below.
Then click on the one workbook you want to open from the list.
How to refresh your Azure Sentinel Workbooks data.
There are two options available for this purpose. You can refresh your Azure Sentinel Workbooks data manually or set the autorefresh option with a specific time interval so that your Azure Sentinel Workbooks data gets refreshed automatically with the specified timeline.
- To refresh your Azure Sentinel data manually, click the Refresh button next to the Save button.
- To set the auto-refresh option, Click on the Auto-refresh: Off option. Choose the Refresh interval (5 minutes, 10 minutes, etc.) –> Then click the Apply button to save the changes.
How to delete the Sentinel Workbook
Now, if you don’t want the workbook anymore and want to remove the workbook, you can click on the Delete button.
Then, click on the Yes button to confirm the deletion process on the next pop-up.
FAQs
Which Microsoft sentinel security role can create workbooks?
Answer: Microsoft Sentinel Contributor role
You may also like following the articles below
Wrapping Up
In this article, we have discussed a complete tutorial on Azure Sentinel Workbooks. Thanks for reading this article, and I hope this helps !!!
I am Rajkishore, and I am a Microsoft Certified IT Consultant. I have over 14 years of experience in Microsoft Azure and AWS, with good experience in Azure Functions, Storage, Virtual Machines, Logic Apps, PowerShell Commands, CLI Commands, Machine Learning, AI, Azure Cognitive Services, DevOps, etc. Not only that, I do have good real-time experience in designing and developing cloud-native data integrations on Azure or AWS, etc. I hope you will learn from these practical Azure tutorials. Read more.
