![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 33%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
989 questions
I have a partial answer - you can create a Watchlist template in JSON - see examples from other Solutions: https://github.com/Azure/Azure-Sentinel/tree/c6dce9c3aa4d4b4d02423ac4eb5a6b677a39e432/Solutions/SOC-Process-Framework/Watchlists
The Folder structure doesn't list Watchlist, but you can create it just like you do for Workbooks or Parsers (or any other resource) https://github.com/Azure/Azure-Sentinel/tree/master/Solutions#guide-to-building-microsoft-sentinel-solutions
The Solution Package Tool, shows entries for Watchlists, so you can use this as a guide: https://github.com/Azure/Azure-Sentinel/blob/master/Tools/Create-Azure-Sentinel-Solution/V2/README.md
I hope this helps, please "accept" the answer if it does?