How to visualize using graph in sentinel's workbook

Ashwin Venkatesha 230 Reputation points
2024-05-10T05:56:10.9866667+00:00

User's image

how to visualize this data using "graph" pls?

i tried the following settings, not understanding how to configure this to display as a graph

basically I want a graph of nodes depicting traffic between src and dst where labels are depicted by dst_port and proto.

Here is a snapshot of settings

User's image

 

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,380 questions
{count} votes

Accepted answer
  1. AnuragSingh-MSFT 21,466 Reputation points
    2024-05-22T09:49:10.82+00:00

    @Ashwin Venkatesha, I am not sure if you were able to achieve this. The following should help you as well as others looking for assistance on a similar topic.

    I have used the query below to merge nodes and links/edges based on the example here - Graph Visualization

    Note, that the query below creates a table variable to store the data available in question:

    let data = datatable(TimeGenerated:datetime, src_ip:string, dst_ip:string, dst_port:string, proto:string)
    [
       datetime(2024-09-05 23:59:59.9), "10.2.88.60", "10.2.255.255", "137", "17",
       datetime(2024-09-05 23:59:59.9), "10.2.1.209", "10.2.255.255", "138", "17",
    ]; //table variable to replicate the table in question
    let links = data
    | summarize connection_cnt = count() by src_ip, dst_ip, dst_port, proto
    | project sourceId = src_ip, targetId = dst_ip, connection_cnt, Kind = strcat(dst_port,";",proto);
    let nodes = data
    | summarize connection_cnt = count() by src_ip
    | project Id = src_ip, Name = src_ip, connection_cnt, Kind = "Source Nodes"
    | union (data
        | summarize connection_cnt = count() by dst_ip
        | project Id = dst_ip, Name = dst_ip, connection_cnt, Kind = "Destination Noes");
    nodes
    | union (links)
    

    The visualization looks as below:

    User's image

    The Graph settings are:

    User's image

    Hope this helps.

    If the answer did not help, please add more context/follow-up question for it. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.