Introduction

  • 5 minutes

Microsoft Sentinel Workbooks provide interactive reports that help you visualize important signals by combining text, table, charts, and tiles.

Contoso, Ltd. is a midsize financial services company in London with a New York branch office. Contoso uses several Microsoft products and services to implement data security and threat protection for its resources. These products are:

  • Microsoft 365
  • Microsoft Entra ID
  • Microsoft Entra ID Protection
  • Defender for Cloud Apps
  • Microsoft Defender for Identity
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Office 365
  • System Center Endpoint Protection
  • Microsoft Azure Information Protection

Contoso provides threat protection for its Azure-based and on-premises resources by using the paid version of Microsoft Defender for Cloud. The company also monitors and protects other non-Microsoft assets.

A recent incident with compromised identities led to exposed customer data. The Contoso Security Operations (SecOps) team wants to ensure that proper monitoring and reporting methods are in place. As Contoso's security administrator, you need to demonstrate the Microsoft Sentinel reporting and monitoring capabilities and how they can alert your organization to potential security incidents.

In this module, you learn how to create and use Microsoft Sentinel Workbooks. You can visualize security data, use queries to generate reports, and explore the functionalities of a workbook.

By the end of this module, you can create Microsoft Sentinel Workbooks to take advantage of the reporting and monitoring features in Microsoft Sentinel.

Learning objectives

  • Visualize security data using Microsoft Sentinel Workbooks.
  • Understand how queries work.
  • Explore workbook capabilities.
  • Create a Microsoft Sentinel Workbook.

Prerequisites

To get the best learning experience from this module, you should have:

  • Familiarity with security operations in an organization
  • Basic experience with Azure services
  • Basic knowledge of operational concepts such as monitoring, logging, and alerting
  • Microsoft Sentinel instance in your Azure subscription

Note

If you choose to perform the exercise in this module, be aware that you could incur costs in your Azure Subscription. To estimate the cost refer to Microsoft Sentinel Pricing.