This process is for the manual deployment of Azure Workbooks to an Azure Sentinel workspace. This will allow for workbooks to appear in the workbook gallery.
WASOC workbooks are located in wagov/WASOCWorkbooks repository. Locate the workbooks you want in the GitHub Repo. Click the "Raw" button on the page to "sanitize" the code. Sanitizing code ensures there's no hidden characters or bad formatting. We use WASOC - Threat Hunting - Rapid IoC Search.json as example.
Navigate to your Microsoft Sentinel console, select Workbooks in the side blade, and choose the "Add workbook"
Once the sample workbook displays, select Edit mode,
Then choose the Advanced editor (</>) icon.
Copy the Workbook code from the GitHub repository as raw format,
Once the code has been copied, replace ALL the sample code in the Gallery Template space with the code you copied from the GitHub repo, then, click the Apply button.
When you applied the code change, the new Workbook will display. Finialise changes by clicking the Save (diskette) icon, and give the Workbook a unique name.
Note: the Subscription and Resource group must be the same with your Microsoft Sentinel instance location, to be accessible from Workbooks Gallery in Sentinel.
Click the Apply button, the workbook has now been deployed