Forum Discussion
Solved
Scheduled reports
I am looking into the ability of scheduling daily reports that can be emailed (as PDF or embedded HTML) to security analysts for review. As it is, I don't see any way of doing this within Sentinel. What options do we have for this?
Right now, I'm thinking that it may have to be done through some external entity (script or analytical platform) that can query the data and create the reports but that would be a big gap in Sentinel's functionality.
Sentinel uses Logic Apps (Playbooks) so you could use of one those, started from Logic Apps. Here is a screen shot of one I use:
Essential its a three step workflow.
1. The Recurrence defines the schedule trigger.
2. I run a Log Analytics query to get the data
3. This outputs into the email (as HTML) or a chart
4 Replies
This is possible through PowerBI
Exporting data sheets into PDF format – https://docs.microsoft.com/en-us/power-bi/service-report-subscribe
How to export data queries : https://docs.microsoft.com/en-us/azure/azure-monitor/platform/powerbi
As for the reporting, PowerBI can automatically email reports for you after they’ve been configured.
Let me know if you have any addtional questions.
Sentinel uses Logic Apps (Playbooks) so you could use of one those, started from Logic Apps. Here is a screen shot of one I use:
Essential its a three step workflow.
1. The Recurrence defines the schedule trigger.
2. I run a Log Analytics query to get the data
3. This outputs into the email (as HTML) or a chart
