Rod’s Blog

Share this post

Rod’s Blog
Rod’s Blog
Building a Better What's New Page for Microsoft Sentinel
Copy link
Facebook
Email
Notes
More

Building a Better What's New Page for Microsoft Sentinel

Better is always better

Rod Trent
Feb 22, 2023
3

Share this post

Rod’s Blog
Rod’s Blog
Building a Better What's New Page for Microsoft Sentinel
Copy link
Facebook
Email
Notes
More
4
Share

For the longest time, I’ve been asked almost once a week why the What’s New blade in the Microsoft Sentinel console is at best, 3-6 months behind. There’s so much development activity in Sentinel that customers assume it would be logical for something title “What’s New” would show the latest content. I mean…a “What’s New” page has one job, right? A What’s New page with old data is like a clothes hanger laying on the floor.

There’s been many, many discussions about this internally, and while it gets better for a bit, it always goes back to a stale display. In fact, this is one of the reasons why the Microsoft Sentinel weekly newsletter does so fantastically - customers really do care and want to know about the new features and enhancements they can take advantage of. And because the pace of new features and enhancements is so rapid, keeping up can be severely difficult. Even for me, the curator of the weekly newsletter, I have to work hard to keep on top of all the changes.

A few of us have talked for a while of how best to solve this. There are many different ways to find new features and enhancements:

  1. There’s the Microsoft Sentinel blog which generally captures the big announcements.

  2. My blog here that attempts to capture all the small, nuanced, but important features and enhancements.

  3. There’s a litany of great community blogs across the internet I try to capture weekly in the newsletter.

  4. Then there’s the What’s New page in our Docs which is really designed to be our source of truth.

And all of these are more up to date than the same-titled blade in the Microsoft Sentinel console. Together, they generally represent the full list of newness.

So, this brings me to what I’ve been working on for a few days now. The following PowerShell script is designed to convert the What’s New Docs page into Markdown so it can be used in a Microsoft Sentinel Workbook.

WhatsNewtoMarkdown.ps1 - This PowerShell script retrieves the What's New page from Docs, puts it in a C:\Scripts folder as an HTML file and then converts it to a Markdown file (WhatsNew.md) so it can be imported into a Microsoft Sentinel Workbook.

It would be much simpler if Markdown supported iframe, but it doesn’t.

This is a work in progress, and I’ll update this blog post as I hit new milestones, but here’s what this looks like right now…

I’m still working on the method to get the Markdown file imported directly into and update the Workbook module, but I thought I’d release this script now to you all in hopes that you, too, can get energized enough to work on it and come up with your own solution.

But, once complete, the thought is that it will run on a schedule (a couple times a week) to verify whether or not the Docs page has been updated (by date) and if it has, it will perform the conversion (from blob storage) and update the Workbook.

Stay tuned.

And, if you come up with something yourself, let me know. I’m always happy to collaborate to give something back to the Sentinel community quicker.

UPDATE Feb 23, 2023

Steve Pye has taken my PowerShell script to convert HTML to Markdown and created an entire solution that pushes the Markdown to both a Watchlist and a Workbook. Find that here: Sentinel What’s New Workbook, Updating the What's New workbook with Logic Apps

[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Weekly Microsoft Defender Newsletter]

[Learn KQL with the Must Learn KQL series and book]

Rod’s Blog is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

3

Share this post

Rod’s Blog
Rod’s Blog
Building a Better What's New Page for Microsoft Sentinel
Copy link
Facebook
Email
Notes
More
4
Share

Discussion about this post

Dean Gross
Feb 22, 2023

Thanks, this will be helpful, but what would be awesome would be somethings that make it easier to determine if a new feature is something that is going to impact our managed service offering, by adding work or removing work, or if is something that we should really make sure that all of our customers get ASAP because it will decrease their risk.

Not all new features are the same. Thinking out loud - vulnerabilities have CVE numbers, I wonder if we could have some type of value ranking system for security system changes

Expand full comment
Reply
Share
1 reply by Rod Trent
Ste
Feb 23, 2023

I've taken the idea above and made a Logic App automated version which updates the workbook every X amount of time (Depending on what you set your playbook recurrence to be)

Wrote up a quick version of how I achieved it here:

https://medium.com/@tanukisec/sentinel-whats-new-workbook-31201696c4f5

Thanks for the inspiration Rod

Expand full comment
Reply
Share
2 more comments...

No posts

Ready for more?

© 2025 Rod Trent
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More