Update ci-cd-custom-content.md

guywi-ms · guywi-ms · commit cac93cc05e54 · 2025-12-03T12:38:53.000+02:00
diff --git a/articles/sentinel/ci-cd-custom-content.md b/articles/sentinel/ci-cd-custom-content.md
@@ -76,15 +76,15 @@ We've provided a sample repository with templates for each of the content types
 Although you can build templates from scratch, it's often easier to start from either the Sentinel Public GitHub repository YAML files or from out-of-the-box Microsoft Sentinel content. This table outlines how to convert an ARM template for use with Microsoft Sentinel Repositories. 
 
 
-| Content Type      | Convert from YAML | Export from Sentinel | Template Reference | Sample Templates |
-|-------------------|-------------------|-----------------------|---------------------|------------------|
-| Analytic rules    | [PowerShell script](https://github.com/Azure/Azure-Sentinel/blob/master/Tools/ConvertYamlToJson/ConvertSentinelRuleFrom-Yaml.ps1) | [Export feature](https://learn.microsoft.com/en-us/azure/sentinel/import-export-analytics-rules) | [Reference](https://learn.microsoft.com/en-us/azure/templates/microsoft.securityinsights/2025-03-01/alertrules) | [ARM Templates](https://github.com/Azure/Azure-Sentinel/tree/master/Tools/ARM-Templates/AnalyticsRules) |
-| Automation rules  | N/A              | [Export feature](https://learn.microsoft.com/en-us/azure/sentinel/import-export-automation-rules) | [Reference](https://learn.microsoft.com/en-us/azure/templates/microsoft.securityinsights/2025-03-01/automationrules) | [Scripts](https://github.com/garybushey/MicrosoftSentinelAutomation/tree/main) |
-| Hunting queries   | [PowerShell script](https://github.com/SentinelCICD/RepositoriesSampleContent/blob/main/Hunting/ConvertHuntingQueryFromYamlToArm.ps1) | [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/monitor/log-analytics/workspace/saved-search?view=azure-cli-latest) | [Reference](https://learn.microsoft.com/en-us/azure/templates/microsoft.operationalinsights/2020-08-01/workspaces/savedsearches) | [Samples](https://github.com/SentinelCICD/RepositoriesSampleContent) |
-| Parsers           | [ASIM script](https://github.com/Azure/Azure-Sentinel/tree/master/ASIM/dev/ASimYaml2ARM) | [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/monitor/log-analytics/workspace/saved-search?view=azure-cli-latest) | [Reference](https://learn| Parsers           | [ASIM script](https://github.com/Azure/Azure-Sentinel/tree/master/ASIM/dev/ASimYaml2ARM) | [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/monitor/log-analytics/workspace/saved-search?view=azure-cli-latest) | [Reference](https://learn.microsoft.com/en-us/azure/templates/microsoft.operationalinsights/2020-08-01/workspaces/savedsearches) | [Templates](https://github.com/Azure/Azure-Sentinel/tree/master/Tools/ARM-Templates/ParserQuery) |
-| Playbooks         | N/A              | [PowerShell utility](https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator) | [Reference](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-azure-resource-manager-templates-overview) | - |
-
-Even if your original content is an ARM template, consider converting to Bicep to make the review and update processes less complex. Bicep is closely related to ARM because during a deployment, each Bicep file is converted to an ARM template. For more information on converting ARM templates, see [Decompiling ARM template JSON to Bicep](../azure-resource-manager/bicep/decompile.md).
+| Content Type      | Convert from Sentinel Public YAML                                                                                     | Export from Sentinel                                                                                                   | Template Reference                                                                                      | Sample Templates                                                                                       |
+|-------------------|-----------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------|
+| **Analytic rules**| [PowerShell script](https://github.com/Azure/Azure-Sentinel/blob/master/Tools/ConvertYamlToJson/ConvertSentinelRuleFrom-Yaml.ps1) | [Export feature](/azure/sentinel/import-export-analytics-rules#export-rules) or [PowerShell script](https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Az.SecurityInsights-Samples/Alert%20Rules/Export%20Analytics%20Rules) | [Reference](/azure/templates/microsoft.securityinsights/2025-03-01/alertrules) | [ARM Templates](https://github.com/Azure/Azure-Sentinel/tree/master/Tools/ARM-Templates/AnalyticsRules) |
+| **Automation rules**| N/A                                                                                                                | [Export feature](/azure/sentinel/import-export-automation-rules#export-rules) or [PowerShell scripts](https://github.com/garybushey/MicrosoftSentinelAutomation/tree/main) | [Reference](/azure/templates/microsoft.securityinsights/2025-03-01/automationrules) | N/A                                                                                                    |
+| **Hunting queries**| [PowerShell script](https://github.com/SentinelCICD/RepositoriesSampleContent/blob/main/Hunting/ConvertHuntingQueryFromYamlToArm.ps1) | [Azure CLI commands](/cli/azure/monitor/log-analytics/workspace/saved-search?view=azure-cli-latest) | [Reference](/azure/templates/microsoft.operationalinsights/2020-08-01/workspaces/savedsearches) | [Sample Content](https://github.com/SentinelCICD/RepositoriesSampleContent)                           |
+| **Parsers**       | [ASIM PowerShell script](https://github.com/Azure/Azure-Sentinel/tree/master/ASIM/dev/ASimYaml2ARM)                 | [Azure CLI commands](/cli/azure/monitor/log-analytics/workspace/saved-search?view=azure-cli-latest) | [Reference](/azure/templates/microsoft.operationalinsights/2020-08-01/workspaces/savedsearches) | [Templates](https://github.com/Azure/Azure-Sentinel/tree/master/Tools/ARM-Templates/ParserQuery)      |
+| **Playbooks**     | N/A                                                                                                                 | [PowerShell utility](https://github.com/Azure/Azure-Sentinel/tree/master/Tools/Playbook-ARM-Template-Generator)       | [Reference](azure/logic-apps/logic-apps-azure-resource-manager-templates-overview) | N/A                                                                                                    |
+| **Workbooks**     | N/A                                                                                                                 | [Exporting workbooks as ARM templates](/azure/azure-monitor/visualize/workbooks-automate#arm-template-for-deploying-a-workbook-template) | [Reference](/azure/azure-monitor/visualize/workbooks-automate#arm-template-for-deploying-a-workbook-template) | N/A                    |                                                                                
+
 
 > [!IMPORTANT]
 > Bicep considerations:
