graphistry
diff --git a/‎demos/demos_databases_apis/microsoft/sentinel/sentinel_graph_examples.ipynb‎
Lines changed: 25 additions & 18 deletions b/‎demos/demos_databases_apis/microsoft/sentinel/sentinel_graph_examples.ipynb‎
Lines changed: 25 additions & 18 deletions
@@ -59,11 +59,14 @@
   {
    "cell_type": "markdown",
    "metadata": {},
-   "source": [
-    "## Configure Sentinel Graph API\n",
-    "\n",
-    "Set up authentication to Microsoft Security Platform. This will open a browser window for interactive login."
-   ]
+   "source": "## Discover Available Graph Instances\n\nUse `sentinel_graph_list()` to see what graph instances are available in your tenant. You only need a placeholder `graph_instance` for this call — the value is not used by the list endpoint."
+  },
+  {
+   "cell_type": "code",
+   "source": "g = graphistry.configure_sentinel_graph(\n    graph_instance=graph_instance_name,\n    credential=credential,\n    response_formats=[\"Graph\"]  # default; use [\"Table\", \"Graph\"] to also get raw tabular data\n)\n\nprint(f\"✓ Sentinel Graph configured for instance: {graph_instance_name}\")",
+   "metadata": {},
+   "execution_count": null,
+   "outputs": []
   },
   {
    "cell_type": "code",
@@ -84,13 +87,9 @@
    ]
   },
   {
-   "cell_type": "markdown",
+   "cell_type": "code",
    "metadata": {},
-   "source": [
-    "## Example 1: Basic Graph Query\n",
-    "\n",
-    "Query nodes and edges from your graph instance."
-   ]
+   "source": "query = \"\"\"\nMATCH (n)-[e]->(m)\nRETURN *\nLIMIT 50\n\"\"\"\n\nviz = g.sentinel_graph(query)\nprint(f\"Query returned {len(viz._nodes)} nodes and {len(viz._edges)} edges\")\n\nviz.plot()"
   },
   {
    "cell_type": "code",
@@ -112,13 +111,9 @@
    ]
   },
   {
-   "cell_type": "markdown",
+   "cell_type": "code",
    "metadata": {},
-   "source": [
-    "## Example 2: Inspect the Data\n",
-    "\n",
-    "Examine the structure of nodes and edges returned."
-   ]
+   "source": "print(\"=\" * 80)\nprint(\"NODES\")\nprint(\"=\" * 80)\nprint(f\"Shape: {viz._nodes.shape}\")\nprint(f\"Columns: {list(viz._nodes.columns)}\")\nprint(\"\\nSample nodes:\")\ndisplay(viz._nodes.head(3))\n\nprint(\"\\n\" + \"=\" * 80)\nprint(\"EDGES\")\nprint(\"=\" * 80)\nprint(f\"Shape: {viz._edges.shape}\")\nprint(f\"Columns: {list(viz._edges.columns)}\")\nprint(\"\\nSample edges:\")\ndisplay(viz._edges.head(3))"
   },
   {
    "cell_type": "code",
@@ -233,6 +228,18 @@
     "Demonstrate robust error handling."
    ]
   },
+  {
+   "cell_type": "code",
+   "source": "# Request both Table and Graph formats in a single call\n# Graphistry automatically parses the Graph section for visualization\nboth_formats_viz = g.sentinel_graph(\n    \"MATCH (n)-[e]->(m) RETURN * LIMIT 20\",\n    response_formats=[\"Table\", \"Graph\"]\n)\n\nprint(f\"Nodes: {len(both_formats_viz._nodes)}, Edges: {len(both_formats_viz._edges)}\")\nboth_formats_viz.plot()",
+   "metadata": {},
+   "execution_count": null,
+   "outputs": []
+  },
+  {
+   "cell_type": "markdown",
+   "source": "## Requesting Both Graph and Table Formats\n\nPass `response_formats=[\"Table\", \"Graph\"]` to get both structured graph data and the raw tabular rows in a single API call. Graphistry will parse the `Graph` section; the `Table` section is available for additional inspection if needed.",
+   "metadata": {}
+  },
   {
    "cell_type": "code",
    "execution_count": null,
@@ -319,4 +326,4 @@
  },
  "nbformat": 4,
  "nbformat_minor": 4
-}
+}