@Thijs Lecomte 

Hi there and thanks for the reply.
Yes I have looked through the templates and I made some reasonable progress over the weekend, but also hit a lot of challenges on the way!
Not the least of which is that the preview release won't allow alert schedules of more than one day so I'm still trying to figure out how to do the once a week and once a month reports.
e.g. 
 

Other challenges include the need to set up Logic Apps and create a playbook just to send a response email and in doing that, having to resolve automation issues composing and sending the email.  

I've yet to work through the integration of threat feeds so I can use the TI_rules to do the IoC matching requirements although I have found the page describing that process.
https://docs.microsoft.com/en-us/azure/sentinel/connect-threat-intelligence

@Thijs Lecomte

Thank you for your input.
As I get more of an understanding of how the ecosystem fits together I am understanding more of what tables I need to query and what entities within those tables are/are-not populated from their sources.

We were asked to replicate what one SIEM (splunk) was being used for, in another SIEM (Sentinel) but now understanding that Logic Apps is actually the preferred (and in some case perhaps the only practical) way to achieve the email reporting function we were required to provide from Log Analytics, helped me clarify the definition of Sentinel as a SIEM (+SOAR)  vs just being a glorified report generator which it is not really designed for! 

It all starts to make more sense now :)  

My new challenge is getting the LA Playbook query output parsed up and presented in a neat email format, but I seem to be winning with that too now :)

@Thijs Lecomte Thanks for that! Its that sort of example stuff that's helpful to see how or better ways to do things when you are new to the language.

Cheers