Deep dive into Microsoft Sentinel’s new Overview dashboard

Special thanks to@OriLichtand@edilahavfor the collaborationMicrosoft Sentinel’s Overview dashboard provides operational and health insights from each of the main function domains of Microsoft Sentinel and also gives an idea of SOC efficiency.The new overview experience consist of widgets which surface data on the core components of Microsoft Sentinel like incidents, data connectors, automation, TI, analytics, etc.In this article, we will take a deeper look into the widgets and the KQL queries that are being used (where applicable) by each widget.Widgets data refreshOn top of the overview page, you can find a refresh button that refreshes the data in the entire dashboard. Each widget’s data has been pre-calculated for improved performance and each widget refresh time is shown on top of the widget.For example, the Incidents widget:Also, for the Data widget, the data is recalculated every 60 minutes:Incidents widgetThe incidents widget includes a summary of incidents created during the la...