search

clivewatson / KQLpublic

My useful KQL and Azure Monitor workbooks (Public)
MIT License
112 stars 50 forks source link

readme

My store for useful KQL and Azure Monitor Workbooks (public share)

KQL and Azure Monitor Workbooks you may find useful

Workbooks - how to Import and Export:

This is repeated in a file (open the instructions file in RAW mode and download to see the screenshots), see instructions in the workbooks folder:

Installation Instructions:

  1. If the file is in Github, select the [RAW] button, [Copy] the workbook file content (these are JSON files),

    • Open Azure Monitor Workbooks (from portal.azure.com) - open the “empty” Azure Monitor Workbook, in “advanced edit” mode (press the </> icon ). [paste] over any json that exists.

    or

  2. To install into Sentinel, create a New Workbook: Add-Workbook --> Edit --> then use Advanced Edit (press the </> icon) then [paste] over any json that exists.

    • Then Press [apply] then [Done Editing]

Export:

Open Azure Monitor Workbooks

  1. In “advanced edit” mode (press the </> icon) - Choose "Gallery Template" for JSON file or ARM, then press the blue arrow (to the left of the [Apply] button) to download the file