Merge pull request Azure#12776 from secpfe/master

Adds Windows Audit Checker workbook

Author: v-atulyadav

Workbooks/Images/Preview/WindowsAuditCheckerBlack.png

@@ -9494,5 +9494,40 @@
 		"source": {
 			"kind": "Community"
 		}
+	},
+	{
+		"workbookKey": "WindowsAuditChecker",
+		"logoFileName": "",
+		"description": "Assess Windows Security auditing coverage in your Microsoft Sentinel workspace. The workbook highlights two core gaps: (1) important events not being collected due to disabled or insufficient audit subcategories, and (2) noisy over-collection where outcomes/subcategories aren't required or filtering is missing. It also detects duplicate Event ID collection introduced by overlapping Data Collection Rules (DCRs), helping you eliminate redundant ingestion.",
+		"previewImagesFileNames": [
+			"WindowsAuditCheckerWhite.png",
+			"WindowsAuditCheckerBlack.png"
+		],
+		"version": "1.0.0",
+		"title": "Windows Audit Checker",
+		"templateRelativePath": "WindowsAuditChecker.json",
+		"dataTypesDependencies": [
+			"SecurityEvent"
+		],
+		"dataConnectorsDependencies": [
+			"SecurityEvents",
+			"WindowsSecurityEvents"
+		],
+		"subtitle": "Find missing audit events and reduce noise from over-collection",
+		"provider": "Microsoft Sentinel community",
+		"support": {
+			"tier": "Community"
+		},
+		"author": {
+			"name": "Nikolay Salnikov"
+		},
+		"source": {
+			"kind": "Community"
+		},
+		"categories": {
+			"domains": [
+				"Security - Cloud Security"
+			]
+		}
 	}
 ]