Chapter 8: Creating and Using Workbooks

Microsoft Sentinel workbooks are a way to create and show customizable and interactive reports that can display graphs, charts, and tables. Information can be presented from Log Analytics workspaces using the same Kusto Query Language (KQL) queries that you already know how to use. These workbooks are based on the workbook technology that has already been used with other Azure resources, including Azure Monitor and Log Analytics workspaces.

Microsoft Sentinel provides several templates that are ready for use. You can use these templates to create your own workbook that can then be modified as needed. Most of the data connectors that are used to ingest data come with their own workbooks, to allow you better ...

Get Microsoft Sentinel in Action - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Sentinel in Action - Second Edition by Richard Diver, Gary Bushey, John Perkins

Chapter 8: Creating and Using Workbooks

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly