SOC Handbook solution for Microsoft Sentinel
Solution: SOC Handbook
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Community |
| Support Tier | Community |
| Support Link | https://github.com/Azure/Azure-Sentinel/issues |
| Categories | domains |
| Version | 3.0.5 |
| Author | Community |
| First Published | 2022-11-30 |
| Last Updated | 2026-01-15 |
| Solution Folder | SOC Handbook |
| Marketplace | Azure Marketplace · Rating: ★★★★★ 5.0/5 (1 ratings) · Popularity: 🟢 High (86%) |
The SOC Handbook solution for Microsoft Sentinel provides a collection of resources that enable and empower SOC Analysts to get better visibility and understanding of point-in-time security posture of organizational resources.
All content packaged in this solution is built and supported by the Microsoft Sentinel community. For any support, please create an issue on the Microsoft Sentinel GitHub repository.
Contents
Data Connectors
This solution does not include data connectors.
This solution may contain other components such as analytics rules, workbooks, hunting queries, or playbooks.
Tables Used
This solution queries 26 table(s) from its content items:
| Table | Used By Content |
|---|---|
AWSCloudTrail |
Workbooks |
AuditLogs |
Workbooks |
AzureActivity |
Workbooks |
AzureDiagnostics |
Workbooks |
CommonSecurityLog |
Workbooks |
DeviceEvents |
Workbooks |
DeviceLogonEvents |
Workbooks |
DnsEvents |
Workbooks |
HuntingBookmark |
Workbooks |
OfficeActivity |
Workbooks |
Operation |
Workbooks |
Perf |
Workbooks |
ProtectionStatus |
Workbooks |
SecurityBaseline |
Workbooks |
SecurityBaselineSummary |
Workbooks |
SecurityEvent |
Workbooks |
SigninLogs |
Workbooks |
Syslog |
Workbooks |
ThreatIntelligenceIndicator |
Workbooks |
Update |
Workbooks |
UpdateSummary |
Workbooks |
Usage |
Workbooks |
VMConnection |
Workbooks |
W3CIISLog |
Workbooks |
WindowsFirewall |
Workbooks |
WireData |
Workbooks |
Internal Tables
The following 5 table(s) are used internally by this solution's content items:
| Table | Used By Content |
|---|---|
Anomalies |
Workbooks |
BehaviorAnalytics |
Workbooks |
IdentityInfo |
Workbooks |
SecurityAlert |
Workbooks |
SecurityIncident |
Workbooks |
Content Items
This solution includes 13 content item(s):
| Content Type | Count |
|---|---|
| Workbooks | 13 |
Workbooks
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.6 | 13-01-2026 | Updated IncidentOverview Workbook to correct the incident render issue by using ProviderIncidentId with IncidentNumber |
| 3.0.5 | 24-09-2025 | Updated SecurityOperationsEfficiency to fix Mean time to triage |
| 3.0.4 | 22-04-2025 | Updated Azure to Sentinel Cost - Workbook. |
| 3.0.3 | 28-11-2023 | Changes for rebranding from Azure Active Directory to Microsoft Entra ID. |
| 3.0.2 | 21-11-2023 | Updated SecurityOperationsEfficiency Workbook to run the query on "set in query". |
| 3.0.1 | 14-07-2023 | Updated Workbook to correctly get the drop down for Subscription and Workspace. |
| 3.0.0 | 07-07-2023 | Initial Solution Release. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊