![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 21%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDD%3C/text%3E%3C/svg%3E)
Azure Blueprints
An Azure service that provides templates for quick, repeatable creation of fully governed cloud subscriptions.
70 questions
@Dimuthu De Silva
Thank you for your post and I apologize for the delayed response!
I'm not too familiar with including Microsoft Sentinel Workbooks or Notebooks as Artifacts within Azure Blueprints. However, I'll do my best to point you in the right direction, and I've also reached out to our Microsoft Sentinel SMEs to see if they can share any additional inputs.
Microsoft Sentinel Workbooks:
After referencing the Define and assign a blueprint in the portal documentation, Azure Sentinel All In One GitHub Repo, and the Application Insights Workbooks GitHub Repo. If you're deploying your Blueprint via ARM template, from my understanding, you should be able to link or nest templates when deploying Azure resources. You can link a template by adding a deployments resource to your main template. In the templateLink property, specify the URI of the template to include.
Azure Monitor Workbook Templates
Because Microsoft Sentinel adopts the use of Azure Monitor Workbooks to visualize and monitor the data, you should be able to use these ARM Templates to link to your Blueprint. For more info.
Linked template:
Note: The following example links to a template that is in a storage account.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2021-04-01",
"name": "linkedTemplate",
"properties": {
"mode": "Incremental",
"templateLink": {
"uri":"https://mystorageaccount.blob.core.windows.net/AzureTemplates/newStorageAccount.json",
"contentVersion":"1.0.0.0"
}
}
}
],
"outputs": {
}
}
Additional Links:
How to deploy Azure Sentinel ARM template using Azure Blueprints?
Application Insights Workbooks
-----------------------------------
Microsoft Sentinel Notebooks:
Because Microsoft Sentinel Notebooks are run on an Azure Machine Learning (Azure ML) platform, you'll have to Create the Azure ML workspace prior to leveraging Sentinel Notebooks. Similar to Sentinel Workbooks, you should be able to link the Azure Resource Manager template to create a workspace for Azure Machine Learning to your Blueprint deployment as well.
Once your Azure Machine Learning Workspace is created, you should be able to Set a Default ML Workspace within Microsoft Sentinel. If you have Custom Notebooks, since these are .ipynb files, you should be able to upload them to the ML Workspace directly. For more info - How to create and manage files in your workspace.
Additional Links:
Azure Sentinel Notebooks
If any of these features aren't what you're looking for I'd recommend leveraging our Microsoft Sentinel User Voice forum and creating a feature request, so our engineering team can look into implementing this.
I hope this helps!
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.