Azure-Sentinel/Dashboards/README.md

3.9 KiB

About

  • This repo contains the Azure Sentinel dashboard gallery.

  • This page describe how to add a new dashboard to the public Azure Sentinel dashboards gallery.

Step 1 - Create Azure Sentinel dashboard:

Follow these instructions to create a new dashboard using a Log Analytics query

Azure Log Analytics Query Language Reference

  • Make sure that you save a 1x1 square for the Azure Sentinel button in the top left corner (this button navigates back to the Azure Sentinel dashboard gallery).

  • Use the Markdown tile for the dashboard standalone titles and the logos.

  • Do not define any time filters on your charts.

Step 2 - Export the dashboard into a JSON file:

  • From the dashboard view, click "Download" - this will download a JSON file to your computer.

  • Edit the JSON file to hide your personal details:

  • Replace the following fields:

Change your subscription ID to "{Subscription_ID}"

Change your resource group to "{Resource_Group}"

Change your name (your workspace ID) to "{Workspace_Name}"

Step 3 - Share the Dashboard JSON with the Azure Sentinel community

In this step you will upload the dashboard JSON, logo, screenshots, and description.

To do this create a single pull request containing the following:

  1. Upload the dashboard JSON file to Azure-Sentinel/Dashboards/ repo (make sure the file name is in the format: Text_Text.json).

  2. Upload the logo to Azure-Sentinel/Dashboards/Images/Logos/ repo, the logo must be in SVG format (make sure the file name is in the format: text_text.svg).

  3. (Optional) Capture two or more screenshots of the dashboard, where at least one is in the white theme and another in the dark theme. Upload the screenshots to Azure-Sentinel/Dashboards/Images/Preview/ repo (make sure the name of the files is in the format: text_text_white1.png, text_text_black1.png )

  4. Add a short paragraph that describes the purpose of your dashboard in the pull request comment.