Sentinel PowerBI Dashboards

%3CLINGO-SUB%20id%3D%22lingo-sub-2159278%22%20slang%3D%22en-US%22%3ESentinel%20PowerBI%20Dashboards%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2159278%22%20slang%3D%22en-US%22%3E%3CP%3EHas%20anyone%20created%20real%20time%20(or%20as%20close%20as%20possible%20to%20real%20time)%20dashboards%20for%20Sentinel%20in%20PowerBI%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20seems%20like%20something%20that%20should%20be%20quite%20simple%20and%20in%20high%20demand%2C%20however%20I%20am%20not%20able%20to%20find%20much%20information.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Has anyone created real time (or as close as possible to real time) dashboards for Sentinel in PowerBI?

 

It seems like something that should be quite simple and in high demand, however I am not able to find much information.

1 Reply

@Ben Curran You can extract your KQL query from the Logs section of Azure Sentinel into a text file that explains how to import the data into PowerBI.  From there you can create whatever dashboard you want and schedule it to automatically update (or manually update) as needed.

 

I seem to recall a while ago that some people were having trouble getting the data to update once the PowerBI was published however I have not tried that so I am not sure what the issue was.