This is just a short blog post about the MS Sentinel incident’s workbooks. If you go to the Incidents page in MS Sentinel, there are two workbooks that are linked. The first is the “Security efficiency workbook” in the header bar and the second is the “Incident Overview” workbook that shows up the incident’s detail pane when an incident is selected.
Each of the workbooks provides very valuable information. But did you know that you can modify these workbooks even further?
If you go into the Workbooks page in MS Sentinel and find the templates for these workbooks, you can then save them. After you save them, you can then modify them as needed. For instance, I tend to break the information in the “Security efficiency workbook” into multiple tabs to make it easier to ready.
The links in the Incidents page will take you to the modified version of the workbooks rather than the template, making it much easier to show the information you want to show.
EDIT: It is worth noting that if you update the template, it will overwrite all your changes so be careful with that!!!