Last week the Azure Monitor team announced a new Community for Workbooks, queries and alerts for Azure Monitor. Hopefully it becomes to Azure Operations as what the Azure Sentinel Community has become. Despite being around a lot less time than Azure Monitor, there are many workbooks, queries, Jupyter Notebooks for use in the Azure Sentinel Community github repo.
Repo
Right now the repo is broken down into three main categories. Azure Services, Scenarios and Solutions.
For Azure Services and Scenarios, each folder breaks up into Alerts, Queries and Workbooks. So for instance if you are looking for a query or an Alert for Key Vaults, that would be under Azure Services/Key Vaults.
As you might imagine the repo is kind of barren right now. That’s why we need more contributors.
Contribute
Do you have some useful Kusto queries? or a nice workbook you think the community can benefit from? Fork the Repo add your queries, workbooks etc to the repo and then submit a pull request.
I also blogged about doing Git for Ops earlier this year if you are really unfamiliar with git.
I have submitted all my existing workbooks via a pull request. It hasn’t been approved yet, but I intend to keep publishing my Workbooks to both my github and the Azure Monitor Community.
Even my newly released Azure SQL Workbook has been submitted. For now here is a listing of all my workbooks you can use.
- LogicApps/Azure Sentinel Playbooks
- Azure Automation Update Management
- Azure File Sync
- Syslog
- Windows Event Log
- QuickStart Templates
- Azure Automation Change Tracking Workbook
- Azure SQL Insights Workbook