Documenting an existing Sentinel configuration

%3CLINGO-SUB%20id%3D%22lingo-sub-2299230%22%20slang%3D%22en-US%22%3EDocumenting%20an%20existing%20Sentinel%20configuration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2299230%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20anyone%20have%20any%20suggestions%20about%20good%20approaches%20for%20documenting%20an%20existing%20Sentinel%20configuration%2C%20e.g.%2C%20creating%20a%20report%20that%20lists%20all%20of%20the%20connectors%2C%20active%20rules%2C%20watchlists%2C%20automation%20rules%2C%20workbooks%2C%20notebooks%20etc.%3F%3C%2FP%3E%3CP%3EThe%20follow%20up%20question%20is%2C%20does%20anyone%20have%20any%20good%20suggestions%20for%20documenting%20changes%20to%20the%20configuration%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2301808%22%20slang%3D%22en-US%22%3ERE%3A%20Documenting%20an%20existing%20Sentinel%20configuration%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2301808%22%20slang%3D%22en-US%22%3EYou%20can%20open%20the%20%22Workspace%20Usage%22%20workbook%20from%20within%20the%20Azure%20Sentinel%20UI%2C%20it%20has%20the%20majority%2C%20there%20is%20also%20a%20%22Data%20connectors%22%20workbook%20as%20well.%3C%2FLINGO-BODY%3E
Respected Contributor

Does anyone have any suggestions about good approaches for documenting an existing Sentinel configuration, e.g., creating a report that lists all of the connectors, active rules, watchlists, automation rules, workbooks, notebooks etc.?

The follow up question is, does anyone have any good suggestions for documenting changes to the configuration?

1 Reply
You can open the "Workspace Usage" workbook from within the Azure Sentinel UI, it has the majority, there is also a "Data connectors" workbook as well.