Merge pull request #278055 from cwatson-cat/6-12-24-wbs-usx

JamesJBarnett · web-flow · commit 519c82f1f314 · 2024-06-13T15:43:06.000-07:00
Convert dashboard to workbook upds
diff --git a/articles/sentinel/migration-convert-dashboards.md b/articles/sentinel/migration-convert-dashboards.md
@@ -1,75 +1,86 @@
 ---
-title: "Convert dashboards to Azure Monitor Workbooks | Microsoft Docs"
-description: Learn how to review, planning and migrate your current workbooks to Azure Workbooks.
-author: limwainstein
-ms.author: lwainstein
+title: Convert dashboards to Azure Workbooks in Microsoft Sentinel
+description: Learn how to review, planning, and migrate your current dashboards to Azure Workbooks.
+author: cwatson-cat
+ms.author: cwatson
 ms.topic: how-to
-ms.date: 05/03/2022
+ms.date: 06/12/2024
+appliesto:
+- Microsoft Sentinel in the Azure portal and the Microsoft Defender portal
+ms.collection: usx-security
 ---
 
 # Convert dashboards to Azure Workbooks 
 
-Dashboards in your existing SIEM will convert to [Azure Monitor Workbooks](monitor-your-data.md), the Microsoft Sentinel adoption of Azure Monitor Workbooks, which provides versatility in creating custom dashboards.
-
-This article describes how to review, plan, and convert your current workbooks to Azure Monitor Workbooks.
+Convert dashboards from your existing security information and event management (SIEM) solution to an Azure workbook for Microsoft Sentinel. Azure Workbooks provide versatility to create custom dashboards for Microsoft Sentinel. This article describes how to review, plan, and convert your current dashboards to Azure Workbooks.
 
 ## Review dashboards in your current SIEM
 
- Review these considerations when designing your migration.
+Consider the following steps when you design your migration.
 
-- **Discover dashboards**. Gather information about your dashboards, including design, parameters, data sources, and other details. Identify the purpose or usage of each dashboard.
-- **Select**. Don’t migrate all dashboards without consideration. Focus on dashboards that are critical and used regularly.
-- **Consider permissions**. Consider who are the target users for workbooks. Microsoft Sentinel uses Azure Workbooks, and [access is controlled](../azure-monitor/visualize/workbooks-overview.md#access-control) using Azure Role Based Access Control (RBAC). To create dashboards outside Azure, for example for business execs without Azure access, using a reporting tool such as Power BI.
+- **Analyze dashboards**. Gather information about your dashboards, including design, parameters, data sources, and other details. Identify the purpose or usage of each dashboard.
+- **Be selective**. Don’t migrate all dashboards without consideration. Focus on dashboards that are critical and used regularly.
+- **Consider permissions**. Consider who are the target users for workbooks. Azure Workbooks use Azure role-based access control (Azure RBAC). For more information, see [Assess control in Azure Workbooks](/azure/azure-monitor/visualize/workbooks-overview#access-control). To create dashboards outside Azure, for example for business executives without Azure access, use a reporting tool such as Power BI.
 
 ## Prepare for the dashboard conversion
 
-After reviewing your dashboards, do the following to prepare for your dashboard migration:
+After reviewing your dashboards, complete the following tasks to prepare for your dashboard migration:
 
 - Review all of the visualizations in each dashboard. The dashboards in your current SIEM might contain several charts or panels. It's crucial to review the content of your short-listed dashboards to eliminate any unwanted visualizations or data.
 - Capture the dashboard design and interactivity.
 - Identify any design elements that are important to your users. For example, the layout of the dashboard, the arrangement of the charts or even the font size or color of the graphs.
-- Capture any interactivity such as drilldown, filtering, and others that you need to carry over to Azure Monitor Workbooks. 
-- Identify required parameters or user inputs. In most cases, you need to define parameters for users to perform search, filtering, or scoping the results (for example, date range, account name and others). Hence, it's crucial to capture the details around parameters. Here are some of the key points to help you with collecting the parameter requirements:
-    - The type of parameter for users to perform selection or input. For example, date range, text, or others.
-    - How the parameters are represented, such as drop-down, text box, or others.
-    - The expected value format, for example, time, string, integer, or others.
-    - Other properties, such as the default value, allow multi-select, conditional visibility, or others.
+- Capture any interactivity such as drilldown, filtering, and others that you need to carry over to Azure Workbooks. 
+- Identify required parameters or user inputs. In most cases, you need to define parameters for users to perform search, filtering, or scoping the results (for example, date range, account name and others). Hence, it's crucial to capture the details around parameters. Here are some of the key parameter requirements to collect:
+
+  - The type of parameter for users to perform selection or input. For example, date range, text, or others.
+  - How the parameters are represented, such as drop-down, text box, or others.
+  - The expected value format, for example, time, string, integer, or others.
+  - Other properties, such as the default value, allow multi-select, conditional visibility, or others.
 
 ## Convert dashboards
 
-Perform the following tasks in Azure Workbook and Microsoft Sentinel to convert your dashboard.
+To convert your dashboard, complete the following tasks in Azure Workbooks and Microsoft Sentinel.
+
+### 1. Identify data sources
+
+Azure Workbooks are compatible with a large number of data sources. For more information, see [Azure Workbooks data sources](../azure-monitor/visualize/workbooks-data-sources.md). In most cases, use the Azure Monitor logs data source and Kusto Query Language (KQL) queries to visualize the underlying logs in your Microsoft Sentinel workspace.
 
-#### 1. Identify data sources
+### 2. Construct or review KQL queries
 
-Azure Monitor workbooks are [compatible with a large number of data sources](../azure-monitor/visualize/workbooks-data-sources.md). In most cases, use the Azure Monitor Logs data source and use Kusto Query Language (KQL) queries to visualize the underlying logs in your Microsoft Sentinel workspace.
+In this step, you mainly work with KQL to visualize your data. You can construct and test your queries in Microsoft Sentinel before converting them to Azure Workbooks. To test the queries from Microsoft Sentinel in the Azure portal, go to **Logs**. From Microsoft Sentinel in the Defender portal, go to **Investigation & response** > **Hunting** > **Advanced hunting**. 
 
-#### 2. Construct or review KQL queries
+Before finalizing your KQL queries, always review and tune the queries to improve query performance. Optimized queries:
 
-In this step, you mainly work with KQL to visualize your data. You can construct and test your queries in the Microsoft Sentinel Logs page before converting them to Azure Monitor workbooks. Before finalizing your KQL queries, always review and tune the queries to improve query performance. Optimized queries:
 - Run faster, reduce the overall duration of the query execution.
 - Have a smaller chance of being throttled or rejected.
 
-Learn how to optimize KQL queries:
+For more information, see the following resources:
+
 - [KQL query best practices](/azure/data-explorer/kusto/query/best-practices)
 - [Optimize queries in Azure Monitor Logs](../azure-monitor/logs/query-optimization.md)
-- [Optimizing KQL performance (webinar)](https://youtu.be/jN1Cz0JcLYU) 
+- [Optimizing KQL performance (webinar)](https://youtu.be/jN1Cz0JcLYU)
 
-#### 3. Create or update the workbook
+### 3. Create or update the workbook
 
-[Create](tutorial-monitor-your-data.md#create-new-workbook) a workbook, update the workbook, or clone an existing workbook so that you don’t have to start from scratch. Also, specify how the data or visualizations will be represented, arranged and [grouped](../azure-monitor/visualize/workbooks-groups.md). There are two common designs:
+Create a workbook, update the workbook, or clone an existing workbook so that you don’t have to start from scratch. Also, specify how the data or visualizations is represented, arranged, and grouped. There are two common designs:
 
 - Vertical workbook
 - Tabbed workbook
 
-#### 4. Create or update workbook parameters or user inputs
+For more information, see the following articles:
+
+- [Visualize and monitor your data by using workbooks in Microsoft Sentinel](monitor-your-data.md)
+- [Add groups in Azure Workbooks](../azure-monitor/visualize/workbooks-create-workbook.md#add-groups)
+
+### 4. Create or update workbook parameters or user inputs
 
-By the time you arrive at this stage, you should have [identified the required parameters](#prepare-for-the-dashboard-conversion). With parameters, you can collect input from the consumers and reference the input in other parts of the workbook. This input is typically used to scope the result set, to set the correct visualization, and allows you to build interactive reports and experiences.
+By the time you arrive at this stage, you identified the required parameters for your workbook. With parameters, you can collect input from the consumers and reference the input in other parts of the workbook. This input is typically used to scope the result set, to set the correct visualization, and allows you to build interactive reports and experiences.
 
 Workbooks allow you to control how your parameter controls are presented to consumers. For example, you select whether the controls are presented as a text box vs. drop down, or single- vs. multi-select. You can also select which values to use, from text, JSON, KQL, or Azure Resource Graph, and more.
 
 Review the [supported workbook parameters](../azure-monitor/visualize/workbooks-parameters.md). You can reference these parameter values in other parts of workbooks either via bindings or value expansions.
 
-#### 5.	Create or update visualizations
+### 5. Create or update visualizations
 
 Workbooks provide a rich set of capabilities for visualizing your data. Review these detailed examples of each visualization type.
 
@@ -83,9 +94,9 @@ Workbooks provide a rich set of capabilities for visualizing your data. Review t
 - [Honey comb](../azure-monitor/visualize/workbooks-honey-comb.md)
 - [Composite bar](../azure-monitor/visualize/workbooks-composite-bar.md)
 
-#### 6.	Preview and save the workbook
+### 6. Preview and save the workbook
 
-Once you've saved your workbook, specify the parameters, if any exist, and validate the results. You can also try the [auto refresh](tutorial-monitor-your-data.md#refresh-your-workbook-data) or the print feature to [save as a PDF](monitor-your-data.md#print-a-workbook-or-save-as-pdf).
+After you save your workbook, specify the parameters, and validate the results. You can also try the [auto refresh](tutorial-monitor-your-data.md#refresh-your-workbook-data) or the print feature to [save as a PDF](monitor-your-data.md#print-a-workbook-or-save-as-pdf).
 
 ## Next steps
 
