How to Import Azure Monitor, Sentinel Workbooks

A common request I get is how to import one of my Azure Monitor Workbooks into Azure. In this post I’ll show you several ways to import them.

Here are some of my Workbooks you can import.

Import via the Azure Portal

Azure Monitor

Once you’ve got a workbook you want to import, copy the Gallery Template JSON code. For every workbook I release I put out both the Gallery Template and the ARM Template version. The ARM Template version cannot be imported via the portal. Select the RAW from the Gallery Template and copy the entire thing.

Once you have it, go to the Azure Portal -> Azure Monitor -> Workbooks -> Empty Workbook

Import Azure Monitor Workbooks

Small note, I have had a number of people ask where my Workbook went, in the top right make sure you’re in the right subscription. Like everything else in Azure, Workbooks are a resource. So they have to live under a Subscription and a Resource Group.

Then select the </> and it will load the JSON code for you.

 

Import Azure Monitor Workbooks

Paste in the entire Gallery Template JSON and hit Apply.

Import Azure Monitor Workbooks

It will take a few seconds to load, especially for larger Workbooks.

 

Once imported, don’t forget to save.

Azure Sentinel

Azure Monitor Workbooks and Azure Sentinel Workbooks are the exact same thing, however they are imported separately and viewed separately. For instance you cannot see Workbooks imported into Azure Monitor from Azure Sentinel, and vice versa.

To import into Azure Sentintel, go to Azure Sentinel -> Select Workspace -> Workbooks -> Add Workbooks -> Edit

Again find the </> and paste in the Gallery Template JSON, and select Apply and save.

The PowerShell Way

Of course you can always deploy via PowerShell. Since I’m all for not recreating code, credit to James Dumont for this code, he’s added along with some NSG flow log information to the Azure Inventory Dashboard. He’s got a full Networking workbook you can check out here.

To do this via PowerShell you’ll need to select the ARM Template raw from github.

# Variables
$AzureRmSubscriptionName = "Your-Subscription-Name"
$RgName = "Workbook-Rg-Name"
$workbookDisplayName = "Azure Inventory"
$workbookSourceId = "Azure Monitor"
$workbookType = "workbook"
$templateUri = "https://raw.githubusercontent.com/scautomation/Azure-Inventory-Workbook/master/armTemplate/template.json"
$workbookSerializedData = Invoke-RestMethod -Uri "https://raw.githubusercontent.com/scautomation/Azure-Inventory-Workbook/master/galleryTemplate/template.json"

## Connectivity
# Login first with Connect-AzAccount if not using Cloud Shell
$AzureRmContext = Get-AzSubscription -SubscriptionName $AzureRmSubscriptionName | Set-AzContext -ErrorAction Stop
Select-AzSubscription -Name $AzureRmSubscriptionName -Context $AzureRmContext -Force -ErrorAction Stop

## Action
Write-Host "Deploying : $workbookType-$workbookDisplayName in the resource group : $RgName" -ForegroundColor Cyan
New-AzResourceGroupDeployment -Name $(("$workbookType-$workbookDisplayName").replace(' ', '')) -ResourceGroupName $RgName `
-TemplateUri $TemplateUri `
-workbookDisplayName $workbookDisplayName `
-workbookType $workbookType `
-workbookSourceId $workbookSourceId `
-workbookSerializedData ($workbookSerializedData | ConvertTo-Json -Depth 20) `
-Confirm -ErrorAction Stop

Happy importing!

Leave a Comment