You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/summary-rules.md
+17-9Lines changed: 17 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,6 +24,8 @@ Use [summary rules](/azure/azure-monitor/logs/summary-rules) in Microsoft Sentin
24
24
25
25
Microsoft Sentinel stores summary rule results in custom tables with the **Analytics** data plan. For more information on data plans and storage costs, see [Log table plans](/azure/azure-monitor/logs/basic-logs-configure).
26
26
27
+
This article explains how to deploy pre-built summary rule templates or describes how to create summary rules in Microsoft Sentinel, and provides examples of common scenarios for using summary rules.
28
+
27
29
> [!IMPORTANT]
28
30
> Summary rules are currently in PREVIEW. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
29
31
>
@@ -42,28 +44,34 @@ To create summary rules in Microsoft Sentinel:
42
44
43
45
We recommend that you [experiment with your summary rule query](hunts.md) in the **Logs** page before creating your rule. Verify that the query doesn't reach or near the [query limit](/azure/azure-monitor/logs/summary-rules#restrictions-and-limitations), and check that the query produces the intended schema and expected results. If the query is close to the query limits, consider using a smaller `binSize` to process less data per bin. You can also modify the query to return fewer records or remove fields with higher volume.
44
46
45
-
## Deploy and customize summary rule templates
47
+
## Deploy pre-built summary rule templates
48
+
49
+
Summary rule templates are pre-built summary rules that you can install and customize to your needs.
50
+
51
+
To install a summary rule template:
52
+
53
+
1. Open the Content Hub page and filter **Content type** by **Summary rules** to view the available summary rule templates.
46
54
47
-
1. To view the available summary rule templates, open the Content Hub page and filter **Content type** by **Summary rules**.
55
+
:::image type="content" source="media/summary-rule-templatesmd/image3.png" alt-text="A screenshot of a computer Description automatically generated":::
48
56
49
-
<imgsrc="media/summary-rule-templatesmd/image3.png"alt="A screenshot of a computer Description automatically generated" />
57
+
1. Select a summary rule template.
50
58
51
-
1. Select a summary rule template. A detailed panel with information about the summary rule template opens.
59
+
A detailed panel with information about the summary rule template opens.
52
60
53
-
1. Select **Install** to install the summary rule template.
61
+
1. Select **Install** to install the template.
54
62
55
-
<imgsrc="media/summary-rule-templatesmd/image4.png"alt="A screenshot of a computer Description automatically generated" />
63
+
:::image type="content" source="media/summary-rule-templatesmd/image4.png" alt-text="A screenshot of a computer Description automatically generated":::
56
64
57
-
1. Select **Templates** tab on the **Summary rules** page to view and manage all the installed summary rules templates.
65
+
1. Select the **Templates** tab on the **Summary rules** page, which lets you view and manage all of the installed summary rules templates.
58
66
59
-
<imgsrc="media/summary-rule-templatesmd/image5.png"alt="A screenshot of a computer Description automatically generated" />
67
+
:::image type="content" source="media/summary-rule-templatesmd/image5.png" alt-text="A screenshot of a computer Description automatically generated":::
60
68
61
69
1. Select a summary rule template. This opens the details panel with all of the summary rule information.
62
70
63
71
1. Select **Create** to customize the summary rule template or install it as-is if it suits your requirements. Follow the [summary rules
64
72
documentation](https://learn.microsoft.com/en-us/azure/sentinel/summary-rules) to create the rule.
65
73
66
-
<imgsrc="media/summary-rule-templatesmd/image6.png"alt="A screenshot of a computer Description automatically generated" />
74
+
:::image type="content" source="media/summary-rule-templatesmd/image6.png" alt-text="A screenshot of a computer Description automatically generated":::
0 commit comments