Table of Contents
In the process of security operations, it is essential to identify and track incidents and threats, and to have a clear understanding of what has been done in the investigation process. This is where bookmarks come in handy. Bookmarks are an essential tool in Azure Sentinel that help you track, organize, and share important events, and findings during an investigation. In this blog post, we will discuss what bookmarks are, how to create them, and how to use them to track query results in Azure Sentinel.
Bookmarks are used in Azure Sentinel to help you track, organize, and share important events and findings during an investigation. They allow you to mark specific events and add notes or comments to them, making it easier to reference them later.
To create a bookmark in Azure Sentinel, follow these steps:
Run a query in Azure Sentinel
Click on the ‘Add Bookmark’ button in the query results pane
Give the bookmark a name and add any notes or comments you would like
Click ‘Save’
How do you view bookmarks in Azure Sentinel?
To view bookmarks in Azure Sentinel, follow these steps:
Click on the ‘Bookmarks’ tab in the Azure Sentinel portal
Select the bookmark you want to view
Bookmarks can help in an investigation by allowing you to track and reference important events and findings. By using bookmarks, you can easily go back to a specific event or finding, add notes or comments, and share it with others involved in the investigation.
Some best practices for using bookmarks in Azure Sentinel include:
Use descriptive names for bookmarks
Add detailed notes or comments to each bookmark
Share bookmarks with others involved in the investigation
Delete bookmarks that are no longer needed to keep the bookmark list clean and relevant
How can bookmarks be used in combination with other Azure Sentinel features?
Bookmarks can be used in combination with other Azure Sentinel features such as queries, workbooks, and automation rules. By using bookmarks, you can easily reference and share specific events and findings with others involved in the investigation.
Can bookmarks be exported or imported in Azure Sentinel?
Yes, bookmarks can be exported or imported in Azure Sentinel. To export bookmarks, go to the ‘Bookmarks’ tab, click on the ‘Export’ button, and then save the file. To import bookmarks, go to the ‘Bookmarks’ tab, click on the ‘Import’ button, and then select the file you want to import.
Bookmarks are an essential tool in Azure Sentinel that help you track, organize, and share important events and findings during an investigation. By using bookmarks, you can easily reference specific events and findings, add notes or comments, and share them with others involved in the investigation. Additionally, bookmarks can be used in combination with other Azure Sentinel features such as
Bookmarks are saved records of important data, such as search queries or results, that can be accessed and viewed later.
To create a bookmark, run a query or investigation, and then click the “Add to bookmarks” button located in the command bar at the top of the page.
Yes, when creating a bookmark, you can customize the name and add a description.
To view saved bookmarks, click on the “Bookmarks” option in the navigation menu on the left-hand side of the page.
Bookmarks can be used to save frequently used queries or investigations for quick access and review later, and also to share insights with others.
Yes, to delete a bookmark, hover over the bookmark you want to delete and click on the “Delete” icon that appears.
To share a bookmark, select the bookmark you want to share, and then click the “Share” button. This will generate a link that can be shared with others.
Some best practices for using bookmarks in Microsoft Sentinel include naming bookmarks in a way that is easily recognizable, using tags to categorize bookmarks, and periodically reviewing bookmarks to ensure they are still relevant.
Yes, you can export bookmark data to a CSV file, which can then be imported into other tools or used for data analysis.
Bookmarks can be used to populate data in workbooks, allowing for more efficient and streamlined data analysis and reporting.
If this material is helpful, please leave a comment and support us to continue.