Is it possible to display Sentinel Incidents and Alerts within Azure Dashboards

Cal 1 Reputation point
2020-07-22T01:13:08.123+00:00

Hi, I am wondering if i can query the SecurityAlert logs within Dashboard query?

I find the workbooks and the Sentinel Overview screen to not be ideal as a dashboard screen and want to have it all in dashboards

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,122 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Martin Rublik 316 Reputation points
    2020-07-22T08:16:07.983+00:00

    Hi,

    yes I it is possible, it boils down to create a correct query in SecurityAlerts/SecurityIncidents table, visualizing the results and pinning to a dashboard.

    Of course user needs access to this dashboard and data stored in respective tables. A short overview can be found in:
    https://www.cloudsecuritea.com/2019/09/building-a-log-analytics-workspace-dashboard/
    and
    https://video2.skills-academy.com/en-us/azure/azure-portal/azure-portal-dashboards
    https://video2.skills-academy.com/en-us/azure/azure-portal/azure-portal-dashboard-share-access

    HTH

    Martin

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.