c7d7adfbb0 | ||
---|---|---|
.. | ||
Images | ||
AWS_network_activities.json | ||
AWS_user_activities.json | ||
Attivo.json | ||
AzureNetworkWatcher.json | ||
Azure_AD_Audit_Logs.json | ||
Azure_AD_Signins.json | ||
Azure_Active_Directory.json | ||
Azure_Activity.json | ||
Azure_Firewall.json | ||
Azure_Information_Protection_Usage.json | ||
Check_Point_Software_Technologies.json | ||
Cisco.json | ||
CyberArk_Dashboard.json | ||
Cylance.json | ||
DNS.json | ||
DashboardsMetadata.json | ||
Exchange_Online.json | ||
F5NetworksDashboard.json | ||
FortiGate.json | ||
Identity_and_Access.json | ||
Insecure_Protocols.json | ||
Juniper.json | ||
Linux_machines.json | ||
Microsoft_WAF.json | ||
Office_365.json | ||
Palo_Alto.json | ||
Palo_Alto_Networks_Threat_Dashboard.json | ||
README.md | ||
SharePoint_and_OneDrive.json | ||
Symantec_Security_Overview_Dashboard.json | ||
Symantec_URL_threats_overview_dashboard.json | ||
Symantec_file_threats_overview_dashboard.json | ||
Symantec_threats_overview_dashboard.json | ||
Threat_Intelligence_Dashboard.json | ||
VM_Insights.json |
README.md
About
-
This repo contains the Azure Sentinel dashboard gallery.
-
This page describe how to add a new dashboard to the public Azure Sentinel dashboards gallery.
Step 1 - Create Azure Sentinel dashboard:
Follow these instructions to create a new dashboard using a Log Analytics query
Azure Log Analytics Query Language Reference
-
Make sure that you save a 1x1 square for the Azure Sentinel button in the top left corner (this button navigates back to the Azure Sentinel dashboard gallery).
-
Use the Markdown tile for the dashboard standalone titles and the logos.
-
Do not define any time filters on your charts.
Step 2 - Export the dashboard into a JSON file:
-
From the dashboard view, click "Download" - this will download a JSON file to your computer.
-
Edit the JSON file to hide your personal details:
-
Replace the following fields:
Change your subscription ID to "{Subscription_ID}"
Change your resource group to "{Resource_Group}"
Change your name (your workspace ID) to "{Workspace_Name}"
Step 3 - Share the Dashboard JSON with the Azure Sentinel community
In this step you will upload the dashboard JSON, logo, screenshots, and description.
To do this create a single pull request containing the following:
-
Upload the dashboard JSON file to Azure-Sentinel/Dashboards/ repo (make sure the file name is in the format: Text_Text.json).
-
Upload the logo to Azure-Sentinel/Dashboards/Images/Logos/ repo, the logo must be in SVG format (make sure the file name is in the format: text_text.svg).
-
(Optional) Capture two or more screenshots of the dashboard, where at least one is in the white theme and another in the dark theme. Upload the screenshots to Azure-Sentinel/Dashboards/Images/Preview/ repo (make sure the name of the files is in the format: text_text_white1.png, text_text_black1.png )
-
Add a short paragraph that describes the purpose of your dashboard in the pull request comment.