resources.md

title	description	author	ms.topic	ms.date	ms.author	ms.custom
Useful resources when working with Microsoft Sentinel	This document provides you with a list of useful resources when working with Microsoft Sentinel.	yelevin	conceptual	11/09/2021	yelevin	ignite-fall-2021

Useful resources for working with Microsoft Sentinel

[!INCLUDE Banner for top of topics]

This article lists resources that can help you get more information about working with Microsoft Sentinel.

Learn more about creating queries

Microsoft Sentinel uses Azure Monitor Log Analytics's Kusto Query Language (KQL) to build queries. For more information, see:

• Kusto Query Language in Microsoft Sentinel
• Useful resources for working with Kusto Query Language in Microsoft Sentinel

Microsoft Sentinel templates for data to monitor

The Azure Active Directory Security Operations Guide includes specific guidance and knowledge about data that's important to monitor for security purposes, for several operational areas.

In each article, check for sections named Things to monitor for lists of events that we recommend alerting on and investigating, as well as analytics rule templates to deploy directly to Microsoft Sentinel.

Learn more about creating automation

Create automation in Microsoft Sentinel using Azure Logic Apps, with a growing gallery of built-in playbooks.

For more information, see Azure Logic Apps connectors.

Compare playbooks, workbooks, and notebooks

The following table describes the differences between playbooks, workbooks, and notebooks in Microsoft Sentinel:

Category	Playbooks	Workbooks	Notebooks
Personas	SOC engineers Analysts of all tiers	SOC engineers Analysts of all tiers	Threat hunters and Tier-2/Tier-3 analysts Incident investigators Data scientists Security researchers
Uses	Automation of simple, repeatable tasks: Ingesting external data Data enrichment with TI, GeoIP lookups, and more Investigation Remediation	Visualization	Querying Microsoft Sentinel data and external data Data enrichment with TI, GeoIP lookups, and WhoIs lookups, and more Investigation Visualization Hunting Machine learning and big data analytics
Advantages	Best for single, repeatable tasks No coding knowledge required	Best for a high-level view of Microsoft Sentinel data No coding knowledge required	Best for complex chains of repeatable tasks Ad-hoc, more procedural control Easier to pivot with interactive functionality Rich Python libraries for data manipulation and visualization Machine learning and custom analysis Easy to document and share analysis evidence
Challenges	Not suitable for ad-hoc and complex chains of tasks Not ideal for documenting and sharing evidence	Cannot integrate with external data	High learning curve and requires coding knowledge
More information	Automate threat response with playbooks in Microsoft Sentinel	Visualize collected data	Use Jupyter notebooks to hunt for security threats

Comment on our blogs and forums

We love hearing from our users.

In the TechCommunity space for Microsoft Sentinel:

• View and comment on recent blog posts
• Post your own questions about Microsoft Sentinel

You can also send suggestions for improvements via our User Voice program.

Join the Microsoft Sentinel GitHub community

The Microsoft Sentinel GitHub repository is a powerful resource for threat detection and automation.

Our Microsoft security analysts constantly create and add new workbooks, playbooks, hunting queries, and more, posting them to the community for you to use in your environment.

Download sample content from the private community GitHub repository to create custom workbooks, hunting queries, notebooks, and playbooks for Microsoft Sentinel.

Next steps

[!div class="nextstepaction"] Get certified!

[!div class="nextstepaction"] Read customer use case stories