How to Monitor and Visualize your Data in Azure Sentinel?
Exam AZ-303 is retired. AZ-305 replacement is available.
This tutorial will help you in visualize your data in Azure Sentinel. You will learn how to Use built-in workbooks and Create new workbooks. Azure Sentinel allows you to create custom workbooks across your data, and also comes with built-in workbook templates to allow you to quickly gain insights across your data as soon as you connect a data source. Let us get underway in learning visualization of data.
Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Prerequisites
You will need to have at least Workbook reader or Workbook contributor permissions on the resource group of the Azure Sentinel workspace.
How to Use built-in workbooks?
Firstly, Go to Workbooks and then select Templates to see the full list of Azure Sentinel built-in workbooks. To see which are relevant to the data types you have connected, the Required data types field in each workbook will list the data type next to a green check mark if you already stream relevant data to Azure Sentinel.
Click View workbook to see the template populated with your data.
Now, To edit the workbook, select Save, and then select the location where you want to save the json file for the template.
Note – This creates an Azure resource based on the relevant template and saves the template Json file itself and not the data.
Select View workbook. Then, click the Edit button at the top. You can now edit the workbook and customize it according to your needs. For more information on how to customize the workbook, see how to Create interactive reports with Azure Monitor Workbooks.
After you make your changes, you can save the workbook.
You can also clone the workbook: Select Edit and then Save as, making sure to save it with another name, under the same subscription and resource group. These workbooks are displayed under the My workbooks tab.
How to Create a new workbook Azure Sentinel?
Go to Workbooks and then select Add workbook to create a new workbook from scratch.
To edit the workbook, select Edit, and then add text, queries, and parameters as necessary. .
While building a query, set the Data source is set to Logs, the Resource type is set to Log Analytics and then choose the relevant workspace(s).
After you create your workbook, save the workbook making sure you save it under the subscription and resource group of your Azure Sentinel workspace.
If you want to let others in your organization use the workbook, under Save to select Shared reports. If you want this workbook to be available only to you, select My reports.
To switch between workbooks in your workspace, you can select Open 
in the top pane of any workbook. On the window that opens to the right, switch between workbooks.
How to delete workbooks Azure Sentinel ?
You can delete Workbooks that were created from an Azure Sentinel template.
To delete a customized workbook, in the Workbooks page, select the saved workbook that you want to delete and select Delete. This will remove the saved workbook.
Note – This removes the resource as well as any changes you made to the template. The original template will remain available.
Reference Documentation: Monitor your Data