Workbook Logos and Descriptions

Copper Contributor

We are wanting to push branding, descriptions and possibly screenshot examples with our custom workbooks but are at a loss at where/how this would be accomplished.  Is this feature supported?  I have looked into Azure Sentinel Solutions as it appears this could be a contender, but as we are leveraging a CSP relationship; private solutions are not applicable.

 

Thank you very much!

8 Replies
All of that would be included in the JSON file. See the bottom of the following page for the JSON format: https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks

You can add a logo, etc. If you want logos and images directly in the Workbook, use the HTML <img> tag.
Perfect! Thank you very much for this. Other than a pr, how would this get pushed into Azure Sentinel? Could this be pushed via API into the workspace?

@CliveWatson My apologies, I do believe it was too vague in my initial request. I am looking to push a logo/description with the workbook to be displayed within "My Workbooks" The logo would be presented in the area marked with the default logo and description would replace "Customer Defined Workbook"  I am familiar with pushing workbooks via the deployment methods suggested but am unsuccessful when it comes to finding the parameter within the template that defines the logo or the presented description.

workbook2.PNG

Logos are outside your template, they are referenced in https://github.com/Azure/Azure-Sentinel/blob/master/Workbooks/WorkbooksMetadata.json and stored in https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks/Images/Logos

Please see https://github.com/Azure/Azure-Sentinel/tree/master/Workbooks#step-2---create-a-pull-request-to-this...

Take a look in WorkbooksMetadata.json for examples like:
{
"workbookKey": "AIVectraDetectWorkbook",
"logoFileName": "AIVectraDetect.svg",
"description": "Start investigating network attacks surfaced by Vectra Detect directly from Sentinel. View critical hosts, accounts, campaigns and detections. Also monitor Vectra system health and audit logs.",
"dataTypesDependencies": ["CommonSecurityLog"],
"dataConnectorsDependencies": ["AIVectraDetect"],
"previewImagesFileNames": ["AIVectraDetectWhite1.png", "AIVectraDetectBlack1.png"],
"version": "1.1",
"title": "AI Vectra Detect",
"templateRelativePath": "AIVectraDetectWorkbook.json",
"subtitle": "",
"provider": "Vectra AI"
},
Understood, is there a mechanism to push the workbook with the associated metadata (logo, description ..) other than creating a PR? I would like to push these workbooks out individually and not via PR if possible.

@bsfergu not that I'm aware of, custom workbooks get the default Icon.  e.g. the bottom 4 in this list are all the same workbook, only the one from the github/PR has the icon.  

 

Screenshot 2021-07-21 181701.png

Hello, did you manage to accomplish that ?

I am trying to update Description field (logo would be nice too but not really necessary)