You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/bookmarks.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,9 +25,9 @@ Threat hunting typically requires reviewing mountains of log data looking for ev
25
25
26
26
Hunting bookmarks in Azure Sentinel help you do this, by preserving the queries you ran in Log Analytics, along with the query results that you deem relevant. You can also record your contextual observations and reference your findings by adding notes and tags. Bookmarked data is visible to you and your teammates for easy collaboration.
27
27
28
-
You can revisit your bookmarked data at any time on the **Bookmark** tab of the **Hunting**page. You can use filtering and search options to quickly find specific data for your current investigation. Alternatively, you can view your bookmarked data directly in the **HuntingBookmark** table in Log Analytics. This enables you to filter, summarize, and join bookmarked data with other data sources, making it easy to look for corroborating evidence.
28
+
You can revisit your bookmarked data at any time on the **Bookmark** tab of the **Hunting**blade. You can use filtering and search options to quickly find specific data for your current investigation. Alternatively, you can view your bookmarked data directly in the **HuntingBookmark** table in Azure Monitor. This enables you to filter, summarize, and join bookmarked data with other data sources, making it easy to look for corroborating evidence.
29
29
30
-
Currently in preview, if you find something that urgently needs to be addressed while hunting in Log Analytics, in a couple of clicks, you can create a bookmark and promote it to an incident, or add the bookmark to an existing incident. For more information about incidents, see [Tutorial: Investigate incidents with Azure Sentinel](tutorial-investigate-cases.md).
30
+
Currently in preview, if you find something that urgently needs to be addressed while hunting in your logs, in a couple of clicks, you can create a bookmark and promote it to an incident, or add the bookmark to an existing incident. For more information about incidents, see [Tutorial: Investigate incidents with Azure Sentinel](tutorial-investigate-cases.md).
31
31
32
32
Also in preview, you can visualize your bookmarked data, by clicking **Investigate** from the bookmark details. This launches the investigation experience in which you can view, investigate, and visually communicate your findings using an interactive entity-graph diagram and timeline.
33
33
@@ -72,7 +72,7 @@ Also in preview, you can visualize your bookmarked data, by clicking **Investiga
72
72
73
73
3. To help you find a specific bookmark, use the search box or filter options.
74
74
75
-
4. Select individual bookmarks and view the bookmark details in the right-hand details pane.
75
+
4. Select individual bookmarks and view the bookmark details in the right-hand details blade.
76
76
77
77
5. Make your changes in the editable text boxes.
78
78
@@ -114,7 +114,7 @@ To view the bookmark within the incident: Navigate to **Sentinel** > **Threat ma
114
114
115
115
## View bookmarked data in logs
116
116
117
-
To view bookmarked queries, results, or their history, select the bookmark from the **Hunting** > **Bookmarks** tab, and use the links provided in the details pane. Options include:
117
+
To view bookmarked queries, results, or their history, select the bookmark from the **Hunting** > **Bookmarks** tab, and use the links provided in the details blade:
118
118
119
119
-**View source query** to view the source query in the **Logs** blade.
120
120
@@ -125,7 +125,7 @@ You can also view the raw bookmark data for all bookmarks by selecting **Bookmar
This view shows all your bookmarks with associated metadata. You can use KQL queries to filter down to the latest version of the specific bookmark you are looking for.
128
+
This view shows all your bookmarks with associated metadata. You can use [Keyword Query Language](https://docs.microsoft.com/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference) (KQL) queries to filter down to the latest version of the specific bookmark you are looking for.
129
129
130
130
> [!NOTE]
131
131
> There can be a significant delay (measured in minutes) between the time you create a bookmark and when it is displayed in the **Bookmarks** tab. Because of this delay, we recommend you create your bookmarks first, then analyze them after the data is ingested.
0 commit comments