Merge pull request #4786 from batamig/workbooks-edit

batamig · web-flow · commit ca608656f9e2 · 2025-08-25T10:13:54.000+03:00
adding workbooks edit - USX
diff --git a/unified-secops-platform/microsoft-sentinel-onboard.md b/unified-secops-platform/microsoft-sentinel-onboard.md
@@ -119,30 +119,12 @@ After you connect your workspace to the Defender portal, **Microsoft Sentinel**
 
 Many of the existing Microsoft Sentinel features are integrated into the Defender portal. For these features, notice that the experience between Microsoft Sentinel in the Azure portal and Defender portal are similar. Use the following articles to help you start working with Microsoft Sentinel in the Defender portal. When using these articles, keep in mind that your starting point in this context is the [Defender portal](https://security.microsoft.com/) instead of the Azure portal.
 
-- Search
-  - [Search across long time spans in large datasets](/azure/sentinel/search-jobs?tabs=defender-portal)
-  - [Restore archived logs from search](/azure/sentinel/restore)
-- Threat management
-  - [Visualize and monitor your data by using workbooks](/azure/sentinel/monitor-your-data?tabs=defender-portal)
-  - [Conduct end-to-end threat hunting with Hunts](/azure/sentinel/hunts)
-  - [Use hunting bookmarks for data investigations](/azure/sentinel/bookmarks)
-  - [Use hunting Livestream in Microsoft Sentinel to detect threat](/azure/sentinel/livestream)
-  - [Hunt for security threats with Jupyter notebooks](/azure/sentinel/notebooks-hunt)
-  - [Add indicators in bulk to Microsoft Sentinel threat intelligence from a CSV or JSON file](/azure/sentinel/indicators-bulk-file-import?tabs=defender-portal)
-  - [Work with threat indicators in Microsoft Sentinel](/azure/sentinel/work-with-threat-indicators?tabs=defender-portal)
-  - [Understand security coverage by the MITRE ATT&CK framework](/azure/sentinel/mitre-coverage)
-- Content management
-  - [Discover and manage Microsoft Sentinel out-of-the-box content](/azure/sentinel/sentinel-solutions-deploy?tabs=defender-portal)
-  - [Microsoft Sentinel content hub catalog](/azure/sentinel/sentinel-solutions-catalog)
-  - [Deploy custom content from your repository](/azure/sentinel/ci-cd)
-- Configuration
-  - [Find your Microsoft Sentinel data connector](/azure/sentinel/data-connectors-reference)
-  - [Create custom analytics rules to detect threats](/azure/sentinel/create-analytics-rules?tabs=defender-portal)
-  - [Work with near-real-time (NRT) detection analytics rules in Microsoft Sentinel](/azure/sentinel/create-nrt-rules?tabs=defender-portal)
-  - [Create watchlists](/azure/sentinel/watchlists-create?tabs=defender-portal)
-  - [Manage watchlists in Microsoft Sentinel](/azure/sentinel/watchlists-manage)
-  - [Create automation rules](/azure/sentinel/create-manage-use-automation-rules)
-  - [Create and customize Microsoft Sentinel playbooks from content templates](/azure/sentinel/use-playbook-templates)
+| Feature category   | Links |
+|--------------------|----------|
+| **Search**         | - [Search across long time spans in large datasets](/azure/sentinel/search-jobs?tabs=defender-portal)<br>- [Restore archived logs from search](/azure/sentinel/restore) |
+| **Threat management** | - [Visualize and monitor your data by using workbooks](/azure/sentinel/monitor-your-data?tabs=defender-portal)<br>- [Conduct end-to-end threat hunting with Hunts](/azure/sentinel/hunts)<br>- [Use hunting bookmarks for data investigations](/azure/sentinel/bookmarks)<br>- [Use hunting Livestream in Microsoft Sentinel to detect threat](/azure/sentinel/livestream)<br>- [Hunt for security threats with Jupyter notebooks](/azure/sentinel/notebooks-hunt)<br>- [Add indicators in bulk to Microsoft Sentinel threat intelligence from a CSV or JSON file](/azure/sentinel/indicators-bulk-file-import?tabs=defender-portal)<br>- [Work with threat indicators in Microsoft Sentinel](/azure/sentinel/work-with-threat-indicators?tabs=defender-portal)<br>- [Understand security coverage by the MITRE ATT&CK framework](/azure/sentinel/mitre-coverage) |
+| **Content management** | - [Discover and manage Microsoft Sentinel out-of-the-box content](/azure/sentinel/sentinel-solutions-deploy?tabs=defender-portal)<br>- [Microsoft Sentinel content hub catalog](/azure/sentinel/sentinel-solutions-catalog)<br>- [Deploy custom content from your repository](/azure/sentinel/ci-cd) |
+| **Configuration**  | - [Find your Microsoft Sentinel data connector](/azure/sentinel/data-connectors-reference)<br>- [Create custom analytics rules to detect threats](/azure/sentinel/create-analytics-rules?tabs=defender-portal)<br>- [Work with near-real-time (NRT) detection analytics rules in Microsoft Sentinel](/azure/sentinel/create-nrt-rules?tabs=defender-portal)<br>- [Create watchlists](/azure/sentinel/watchlists-create?tabs=defender-portal)<br>- [Manage watchlists in Microsoft Sentinel](/azure/sentinel/watchlists-manage)<br>- [Create automation rules](/azure/sentinel/create-manage-use-automation-rules)<br>- [Create and customize Microsoft Sentinel playbooks from content templates](/azure/sentinel/use-playbook-templates) |
 
 Find Microsoft Sentinel settings in the Defender portal under **System** > **Settings** > **Microsoft Sentinel**.
 
diff --git a/unified-secops-platform/whats-new.md b/unified-secops-platform/whats-new.md
@@ -7,7 +7,7 @@ ms.subservice: unified-security-operations
 ms.author: bagol
 author: batamig
 ms.localizationpriority: medium
-ms.date: 07/31/2025
+ms.date: 08/20/2025
 manager: orspodek
 audience: ITPro
 ms.collection:
@@ -23,10 +23,19 @@ This article lists recent features added for unified security operations in the
 
 ## August 2025
 
+
 - [Viewing unified RBAC in multitenant management to GA](#viewing-unified-rbac-in-multitenant-management-to-ga)
 - [Tenant groups in multitenant management renamed to distribution profiles](#tenant-groups-in-multitenant-management-renamed-to-distribution-profiles)
 - [Distribute Microsoft Defender for Endpoint security policies with multitenant management](#distribute-microsoft-defender-for-endpoint-security-policies-with-multitenant-management)
 
+### Edit workbooks directly in the Microsoft Defender portal
+
+Now you can create and edit Microsoft Sentinel workbooks directly in the Microsoft Defender portal. This enhancement streamlines your workflow and allows you to manage your workbooks more efficiently and brings the workbook experience more closely aligned with the experience in the Azure portal.
+
+Microsoft Sentinel workbooks are based on Azure Monitor workbooks, and help you visualize and monitor the data ingested to Microsoft Sentinel. Workbooks add tables and charts with analytics for your logs and queries to the tools already available.
+
+Workbooks are available in the Defender portal under **Microsoft Sentinel > Threat management > Workbooks**. For more information, see [Visualize and monitor your data by using workbooks in Microsoft Sentinel](/azure/sentinel/monitor-your-data).
+
 ### Viewing unified RBAC in multitenant management to GA
 
 Viewing unified role-based access control (RBAC) in the Microsoft Defender multitenant management portal is now generally available. This feature allows you to view a comprehensive view of permissions and access for your tenants.
