Microsoft Sentinel workbooks are the designated feature for creating interactive visual reports and dashboards. They provide a flexible canvas to query data from various sources, including sign-in logs, and visualize that information using charts, graphs, and tables. This allows security analysts to monitor trends and create custom reports, directly addressing the requirement to visualize sign-in information over time.

B. a hunting query: This is used for proactively searching for security threats and anomalies, not for creating persistent, visual reports or dashboards.

C. a notebook: Notebooks are for advanced threat hunting, machine learning, and complex data analysis, which is more powerful than required for a standard visual report.

D. a playbook: This is an automated workflow (built on Azure Logic Apps) used to respond to security alerts and incidents, not for data visualization.

1. Microsoft Learn

"Visualize and monitor your data with workbooks in Microsoft Sentinel": In the "Introduction" section

it states

"Workbooks provide a flexible canvas for data analysis and the creation of rich visual reports within the Azure portal... They allow you to tap into the full power of other Azure services as well

such as Azure Monitor." This directly supports the use of workbooks for visualization.

2. Microsoft Learn

"Threat hunting in Microsoft Sentinel": The "Introduction" section clarifies the purpose of hunting: "Threat hunting is a proactive search for cyber threats that are lurking undetected in a network... In Microsoft Sentinel

hunting queries are built on top of Kusto Query Language (KQL)." This distinguishes hunting from reporting.

3. Microsoft Learn

"Automate threat response with playbooks in Microsoft Sentinel": The "Introduction" section defines playbooks: "A playbook is a collection of procedures that can be run from Microsoft Sentinel in response to an alert or incident... Playbooks are based on workflows built in Azure Logic Apps." This confirms their role in automation

not visualization.

4. Microsoft Learn

"Jupyter notebooks with Microsoft Sentinel hunting capabilities": The "When to use notebooks" section states

"Notebooks are best suited for more advanced users who need more control and flexibility in their threat hunting and investigation." This positions notebooks as a tool for advanced analysis rather than standard reporting.