clivewatson/KQLpublic clivewatson/KQLpublic

  • Stars
    star
    112
  • Rank 312,240 (Top 7 %)
  • Language Rich Text Format
  • License
    MIT License
  • Created over 4 years ago
  • Updated 3 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
clivewatson/KQLpublic
github

clivewatson

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

My useful KQL and Azure Monitor workbooks (Public)

My store for useful KQL and Azure Monitor Workbooks (public share)

KQL and Azure Monitor Workbooks you may find useful

Workbooks - how to Import and Export:

This is repeated in a file (open the instructions file in RAW mode and download to see the screenshots), see instructions in the workbooks folder:

Installation Instructions:

  1. If the file is in Github, select the [RAW] button, [Copy] the workbook file content (these are JSON files),
  • Open Azure Monitor Workbooks (from portal.azure.com) - open the “empty” Azure Monitor Workbook, in “advanced edit” mode (press the </> icon ). [paste] over any json that exists.

or

  1. To install into Sentinel, create a New Workbook: Add-Workbook --> Edit --> then use Advanced Edit (press the </> icon) then [paste] over any json that exists.
  • Then Press [apply] then [Done Editing]

Export:

Open Azure Monitor Workbooks

  1. In “advanced edit” mode (press the </> icon) - Choose "Gallery Template" for JSON file or ARM, then press the blue arrow (to the left of the [Apply] button) to download the file

More Repositories

1

clivewatson

Config files for my GitHub profile.
1
star