Azure · v-dvedak · Jan 14, 2026 · Jan 8, 2026 · Jan 8, 2026 · Jan 8, 2026
@@ -30,7 +30,6 @@
   ],
   "Workbooks": [
     "Workbooks/AutomationHealth.json",
-    "Workbooks/IncidentOverview.json",
     "Workbooks/SecurityOperationsEfficiency.json",
     "Workbooks/IncidentTasksWorkbook.json"
   ],

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SentinelSOARessentials/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Microsoft Sentinel SOAR Essentials solution for Microsoft Sentinel contains Playbooks that can help you get started with basic notification and orchestration scenarios for common use cases. These include Playbooks for sending notifications over email and/or collaboration platforms such as MS Teams, Slack, etc.\n\n**Workbooks:** 4, **Playbooks:** 23\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SentinelSOARessentials/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe Microsoft Sentinel SOAR Essentials solution for Microsoft Sentinel contains Playbooks that can help you get started with basic notification and orchestration scenarios for common use cases. These include Playbooks for sending notifications over email and/or collaboration platforms such as MS Teams, Slack, etc.\n\n**Workbooks:** 3, **Playbooks:** 23\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -94,24 +94,10 @@
           {
             "name": "workbook2",
             "type": "Microsoft.Common.Section",
-            "label": "Incident overview",
-            "elements": [
-              {
-                "name": "workbook2-text",
-                "type": "Microsoft.Common.TextBlock",
-                "options": {
-                  "text": "The Incident Overview workbook is designed to assist in triaging and investigation by providing in-depth information about the incident, including:\r\n* General information\r\n* Entity data\r\n* Triage time (time between incident creation and first response)\r\n* Mitigation time (time between incident creation and closing)\r\n* Comments\r\n\r\nCustomize this workbook by saving and editing it. \r\nYou can reach this workbook template from the incidents panel as well. Once you have customized it, the link from the incident panel will open the customized workbook instead of the template.\r\n"
-                }
-              }
-            ]
-          },
-          {
-            "name": "workbook3",
-            "type": "Microsoft.Common.Section",
             "label": "Security Operations Efficiency",
             "elements": [
               {
-                "name": "workbook3-text",
+                "name": "workbook2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
                   "text": "Security operations center managers can view overall efficiency metrics and measures regarding the performance of their team. They can find operations by multiple indicators over time including severity, MITRE tactics, mean time to triage, mean time to resolve and more. The SOC manager can develop a picture of the performance in both general and specific areas over time and use it to improve efficiency."
@@ -120,12 +106,12 @@
             ]
           },
           {
-            "name": "workbook4",
+            "name": "workbook3",
             "type": "Microsoft.Common.Section",
             "label": "Incident Tasks Workbook",
             "elements": [
               {
-                "name": "workbook4-text",
+                "name": "workbook3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
                   "text": "Use this workbook to review and modify existing incidents with tasks. This workbook provides views that higlight incident tasks that are open, closed, or deleted, as well as incidents with tasks that are either owned or unassigned. The workbook also provides SOC metrics around incident task performance, such as percentage of incidents without tasks, average time to close tasks, and more."