For example, the SharePoint Online version history for this article tells me that AutoSave created sixteen versions as I edited the document. In the case of the Office 365 audit log, data often reflects the heartbeat of user activity through a trail of individual audit events rather than singular discrete events. It’s important to understand what actions generate the underlying data and what it contains. I like the description given in the read me for Matt Zorich’s GitHub repository of Microsoft Sentinel Queries (ask questions to In addition to Office 365, the repository includes sample queries for other workloads like Azure AD, DNS, and Microsoft Defender for Endpoint. Many articles are available online to educate yourself on the intricacies of Kusto. Editing a workbook requires a certain familiarity with the Kusto Query Language used by Microsoft Sentinel to extract log data from a workspace. You can edit the queries for each of the charts and graphs displayed in the workbook and make whatever changes you like to meet the needs of your organization. It’s best to use the same value as the workspace.įigure 5: Viewing data gathered in the Microsoft Sentinel workbook for Office 365 Customizing Workbooks Sentinel prompts you to select an Azure region.
Select the workbook and Click Save to add the workbook to the workspace. Search for the Office 365 workbook (Figure 2). When the new workspace is available, select Workbooks under the Threat management section. For now, we’ll concentrate on adding the Office 365 workbook to our workspace. You can also create custom workbooks from scratch or customize a workbook created from a template. Many different workbook templates are available to analyze data with Microsoft Sentinel, including a workbook created by Microsoft to analyze Office 365 data imported from the audit log ( other workbook templates are available to build out the analysis of data associated with Office 365 operations). The next step is to configure a workbook within the workspace. Select the workspace and click Add to add Microsoft Sentinel to the workspace. Wait for the deployment of the new workspace to finish. Figure 1: Creating a new log analytics workspace for Microsoft Sentinel
0 kommentar(er)
