fixing indents

batamig · batamig · commit f200f500d7cb · 2024-05-19T15:51:41.000+03:00
diff --git a/articles/sentinel/get-visibility.md b/articles/sentinel/get-visibility.md
@@ -9,7 +9,9 @@ ms.author: yelevin
 
 # Visualize collected data
 
-In this article, you will learn how to quickly be able to view and monitor what's happening across your environment using Microsoft Sentinel. After you connected your data sources to Microsoft Sentinel, you get instant visualization and analysis of data so that you can know what's happening across all your connected data sources. Microsoft Sentinel gives you workbooks that provide you with the full power of tools already available in Azure as well as tables and charts that are built in to provide you with analytics for your logs and queries. You can either use workbook templates or create a new workbook easily, from scratch or based on an existing workbook. 
+In this article, you will learn how to quickly be able to view and monitor what's happening across your environment using Microsoft Sentinel. 
+
+After you connected your data sources to Microsoft Sentinel, you get instant visualization and analysis of data so that you can know what's happening across all your connected data sources. Microsoft Sentinel gives you workbooks that provide you with the full power of tools already available in Azure as well as tables and charts that are built in to provide you with analytics for your logs and queries. You can either use workbook templates or create a new workbook easily, from scratch or based on an existing workbook.
 
 ## Get visualization
 
diff --git a/articles/sentinel/powerbi.md b/articles/sentinel/powerbi.md
@@ -29,6 +29,7 @@ In this article, you:
 People you granted access in the Power BI service, and members of the Teams channel, can see the report without needing Microsoft Sentinel permissions.
 
 [!INCLUDE [unified-soc-preview](includes/unified-soc-preview.md)]
+
 ## Prerequisites
 
 To complete the steps in this article, you need:
@@ -44,46 +45,46 @@ Create, run, and export a KQL query from Microsoft Sentinel.
 1. To create a simple query, in Microsoft Sentinel, select **Logs**. If your workspace is onboarded to the unified security operations platform, select **General > Logs**. 
 
 1. In the query editor, under **New Query 1**, enter the following query, or any other Microsoft Sentinel query for your data:
-
-```kusto
-SigninLogs
-|  where TimeGenerated >ago(7d)
-| summarize Attempts = count(), Failed=countif(ResultType !=0), Succeeded = countif(ResultType ==0) by AppDisplayName
-|  top 10 by Failed
-| sort by Failed
-```
-
+   
+   ```kusto
+   SigninLogs
+   |  where TimeGenerated >ago(7d)
+   | summarize Attempts = count(), Failed=countif(ResultType !=0), Succeeded = countif(ResultType ==0) by AppDisplayName
+   |  top 10 by Failed
+   | sort by Failed
+   ```
+      
 1. Select **Run** to run the query and generate results.
-
-:::image type="content" source="media/powerbi/query.png" alt-text="Screenshot showing the KQL query and results.":::
-
+   
+    :::image type="content" source="media/powerbi/query.png" alt-text="Screenshot showing the KQL query and results.":::
+   
 1. To export the query to Power BI M query format, select **Export**, and then select **Export to Power BI (M query)**. The query is exported to a text file called *PowerBIQuery.txt*.
-
-:::image type="content" source="media/powerbi/export.png" alt-text="Screenshot showing query Export to Power BI M format.":::
-
+   
+   :::image type="content" source="media/powerbi/export.png" alt-text="Screenshot showing query Export to Power BI M format.":::
+   
 1. Copy the contents of the exported file.
 
 ## Get the data in Power BI Desktop
 
 Run the exported M query in Power BI Desktop to get data.
 
 1. Open Power BI Desktop, and sign in to your Power BI account that has read access to your Microsoft Sentinel workspace.
-
-:::image type="content" source="media/powerbi/sign-in.png" alt-text="Screenshot showing sign-in to Power BI Desktop.":::
-
+   
+   :::image type="content" source="media/powerbi/sign-in.png" alt-text="Screenshot showing sign-in to Power BI Desktop.":::
+   
 1. In the Power BI ribbon, select **Get data** and then select **Blank query**. The **Power Query Editor** opens.
-
-:::image type="content" source="media/powerbi/blank-query.png" alt-text="Screenshot showing Blank query selected under Get data in Power BI Desktop.":::
-
+   
+   :::image type="content" source="media/powerbi/blank-query.png" alt-text="Screenshot showing Blank query selected under Get data in Power BI Desktop.":::
+   
 1. In the **Power Query Editor**, select **Advanced Editor**.
-
+   
 1. Paste the copied contents of the exported *PowerBIQuery.txt* file into the **Advanced Editor** window, and then select **Done**.
-
-:::image type="content" source="media/powerbi/advanced-editor.png" alt-text="Screenshot showing the M query pasted in to the Power BI Advanced Editor.":::
-
+   
+   :::image type="content" source="media/powerbi/advanced-editor.png" alt-text="Screenshot showing the M query pasted in to the Power BI Advanced Editor.":::
+   
 1. In the **Power Query Editor**, rename the query to *App_signin_stats*, and then select **Close & Apply**.
-
-:::image type="content" source="media/powerbi/close-apply.png" alt-text="Screenshot showing the renamed query and Close & Apply command in the Power Query Editor.":::
+   
+   :::image type="content" source="media/powerbi/close-apply.png" alt-text="Screenshot showing the renamed query and Close & Apply command in the Power Query Editor.":::
 
 ## Create visualizations from the data
 
@@ -94,112 +95,112 @@ Now that your data is in Power BI, you can create visualizations to provide insi
 First, create a table that shows all the results of the query.
 
 1. To add a table visualization to the Power BI Desktop canvas, select the **table** icon under **Visualizations**.
-
-:::image type="content" source="media/powerbi/table.png" alt-text="Screenshot showing the table icon under Visualizations in Power BI Desktop.":::
-
+   
+   :::image type="content" source="media/powerbi/table.png" alt-text="Screenshot showing the table icon under Visualizations in Power BI Desktop.":::
+   
 1. Under **Fields**, select all the fields in your query, so they all appear in the table. If the table doesn't show all the data, enlarge the table by dragging its selection handles.
-
-:::image type="content" source="media/powerbi/select-fields.png" alt-text="Screenshot showing all fields selected for the table visualization.":::
-
+   
+   :::image type="content" source="media/powerbi/select-fields.png" alt-text="Screenshot showing all fields selected for the table visualization.":::
+   
 ### Create a pie chart
 
 Next, create a pie chart that shows which applications had the most failed sign-in attempts.
 
 1. Deselect the table visual by clicking or tapping outside of it, and then under **Visualizations**, select the **pie chart** icon.
-
-:::image type="content" source="media/powerbi/pie-chart.png" alt-text="Screenshot showing the pie chart icon under Visualizations in Power BI Desktop.":::
-
+   
+   :::image type="content" source="media/powerbi/pie-chart.png" alt-text="Screenshot showing the pie chart icon under Visualizations in Power BI Desktop.":::
+   
 1. Select **AppDisplayName** in the **Legend** well, or drag it from the **Fields** pane. Select **Failed** in the **Values** well, or drag it from **Fields**. The pie chart now shows the number of failed sign-in attempts per application.
-
-:::image type="content" source="media/powerbi/failed.png" alt-text="Screenshot showing the pie chart with number of failed sign-in attempts per application.":::
-
+   
+   :::image type="content" source="media/powerbi/failed.png" alt-text="Screenshot showing the pie chart with number of failed sign-in attempts per application.":::
+   
 ### Create a new quick measure
 
 You also want to show what percentage of sign-in attempts failed for each application. Since your query doesn't have a percentage column, you can create a new measure to show this information.
 
 1. Under **Visualizations**, select the **stacked column chart** icon to create a stacked column chart.
-
-:::image type="content" source="media/powerbi/column-chart.png" alt-text="Screenshot showing the stacked column chart icon under Visualizations in Power BI Desktop.":::
-
+   
+   :::image type="content" source="media/powerbi/column-chart.png" alt-text="Screenshot showing the stacked column chart icon under Visualizations in Power BI Desktop.":::
+   
 1. With the new visualization selected, select **Quick measure** in the ribbon.
-
+   
 1. In the **Quick measures** window, under **Calculation**, select **Division**. Drag **Failed** from **Fields** into the **Numerator** field, and drag **Attempts** from **Fields** to **Denominator**.
-
-:::image type="content" source="media/powerbi/quick-measures.png" alt-text="Screenshot showing the settings in the Quick measures window.":::
-
+   
+   :::image type="content" source="media/powerbi/quick-measures.png" alt-text="Screenshot showing the settings in the Quick measures window.":::
+   
 1. Select **OK**. The new measure appears in the **Fields** pane.
-
+   
 1. Select the new measure in the **Fields** pane, and under **Formatting** in the ribbon, select **Percentage**.
-
-:::image type="content" source="media/powerbi/percentage.png" alt-text="Screenshot showing the new measure selected in the Fields pane, and Percentage selected under Formatting in the ribbon.":::
-
+   
+   :::image type="content" source="media/powerbi/percentage.png" alt-text="Screenshot showing the new measure selected in the Fields pane, and Percentage selected under Formatting in the ribbon.":::
+   
 1. With the column chart visualization selected on the canvas, select or drag the **AppDisplayName** field into the **Axis** well, and the new **Failed divided by Attempts** measure into the **Values** well. The chart now shows the percentage of failed sign-in attempts for each application.
-
-:::image type="content" source="media/powerbi/failed-percentage.png" alt-text="Screenshot showing the column chart with percentage of failed attempts for each application.":::
-
+   
+   :::image type="content" source="media/powerbi/failed-percentage.png" alt-text="Screenshot showing the column chart with percentage of failed attempts for each application.":::
+   
 ### Refresh the data and save the report
 
 1. Select **Refresh** to get the latest data from Microsoft Sentinel.
-
-:::image type="content" source="media/powerbi/refresh.png" alt-text="Screenshot showing the Refresh button in the ribbon.":::
-
+   
+   :::image type="content" source="media/powerbi/refresh.png" alt-text="Screenshot showing the Refresh button in the ribbon.":::
+   
 1. Select **File** > **Save** and save your Power BI report.
 
 ## Create a Power BI online workspace
 
 To create a Power BI workspace for sharing the report:
 
 1. Sign in to [powerbi.com](https://powerbi.com) with the same account you used for Power BI Desktop and Microsoft Sentinel read access.
-
+   
 1. Under **Workspaces**, select **Create a workspace**. Name the workspace *Management Reports*, and select **Save**.
-
-:::image type="content" source="media/powerbi/create-workspace.png" alt-text="Screenshot showing Create a workspace in the Power BI service.":::
-
+   
+   :::image type="content" source="media/powerbi/create-workspace.png" alt-text="Screenshot showing Create a workspace in the Power BI service.":::
+   
 1. To grant people and groups access to the workspace, select the **More options** dots next to the new workspace name, and then select **Workspace access**.
-
-:::image type="content" source="media/powerbi/workspace-access.png" alt-text="Screenshot showing Workspace access in the workspace More options menu.":::
-
+   
+   :::image type="content" source="media/powerbi/workspace-access.png" alt-text="Screenshot showing Workspace access in the workspace More options menu.":::
+   
 1. In the **Workspace access** side pane, you can add users' email addresses and assign each user a role. The roles are Admin, Member, Contributor, and Viewer.
 
 ## Publish the Power BI report
 
 Now you can use Power BI Desktop to publish your Power BI report so other people can see it.
 
 1. In your new report in Power BI Desktop, select **Publish**.
-
-:::image type="content" source="media/powerbi/publish.png" alt-text="Screenshot showing Publish in the Power BI Desktop ribbon.":::
-
+   
+   :::image type="content" source="media/powerbi/publish.png" alt-text="Screenshot showing Publish in the Power BI Desktop ribbon.":::
+   
 1. Select the **Management Reports** workspace to publish to, and select **Select**.
-
-:::image type="content" source="media/powerbi/select-workspace.png" alt-text="Screenshot that shows selecting the Power BI Management Reports workspace to publish to.":::
-
+   
+   :::image type="content" source="media/powerbi/select-workspace.png" alt-text="Screenshot that shows selecting the Power BI Management Reports workspace to publish to.":::
+   
 ## Import the report to a Microsoft Teams channel
 
 You also want members of the Management Teams channel to be able to see the report. To add the report to a Teams channel:
 
 1. In the Management Teams channel, select **+** to add a tab, and in the **Add a tab** window, search for and select **Power BI**.
 
-:::image type="content" source="media/powerbi/add-tab.png" alt-text="Screenshot that shows selecting Power BI in the Add a tab window in Teams.":::
-
+   :::image type="content" source="media/powerbi/add-tab.png" alt-text="Screenshot that shows selecting Power BI in the Add a tab window in Teams.":::
+   
 1. Select your new report from the list of Power BI reports, and select **Save**. The report appears in a new tab in the Teams channel.
-
-:::image type="content" source="media/powerbi/teams.png" alt-text="Screenshot showing the Power BI report in a tab in the Teams channel.":::
+   
+   :::image type="content" source="media/powerbi/teams.png" alt-text="Screenshot showing the Power BI report in a tab in the Teams channel.":::
 
 ## Schedule report refresh
 
 Refresh your Power BI report on a schedule, so updated data always appears in the report.
 
 1. In the Power BI service, select the workspace you published your report to.
-
+   
 1. Next to the report's dataset, select **More options** > **Settings**.
-
-:::image type="content" source="media/powerbi/settings.png" alt-text="Screenshot showing Settings under More options in the Power BI report dataset.":::
-
-1. Select **Edit credentials** to provide the credentials for an account that has read access to the Microsoft Sentinel workspace.
-
+   
+   :::image type="content" source="media/powerbi/settings.png" alt-text="Screenshot showing Settings under More options in the Power BI report dataset.":::
+   
+1. Select **Edit credentials** to provide the credentials for an account that has read access to the Log Analytics workspace.
+   
 1. Under **Scheduled refresh**, set the slider to **On**, and set up a refresh schedule for the report.
-
-:::image type="content" source="media/powerbi/schedule.png" alt-text="Screenshot showing Scheduled refresh settings for the Power BI report dataset.":::
+   
+   :::image type="content" source="media/powerbi/schedule.png" alt-text="Screenshot showing Scheduled refresh settings for the Power BI report dataset.":::
 
 ## Related content
 
