Merge pull request #180181 from batamig/service-rename

fixing filenames and updating xrefs

Author: v-ccolin

.openpublishing.redirection.json

@@ -46326,6 +46326,26 @@
       "redirect_url": "/azure/sentinel/monitor-your-data",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/sentinel/connect-azure-security-center.md",
+      "redirect_url": "/azure/sentinel/connect-defender-for-cloud",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sentinel/entities-in-azure-sentinel.md",
+      "redirect_url": "/azure/sentinel/entities",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sentinel/azure-sentinel-billing.md",
+      "redirect_url": "/azure/sentinel/billing",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "articles/sentinel/automation-in-azure-sentinel.md",
+      "redirect_url": "/azure/sentinel/automation",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/virtual-desktop/connect-android.md",
       "redirect_url": "/azure/virtual-desktop/user-documentation/connect-android",

articles/sentinel/TOC.yml

@@ -42,7 +42,7 @@
     - name: Roles and permissions
       href: roles.md
     - name: Costs and billing
-      href: azure-sentinel-billing.md
+      href: billing.md
     - name: Extend Microsoft Sentinel across workspaces and tenants
       href: extend-sentinel-across-workspaces-tenants.md
     - name: Security baseline
@@ -68,7 +68,7 @@
       - name: ASIM content
         href: normalization-content.md
     - name: Classifying data with entities
-      href: entities-in-azure-sentinel.md
+      href: entities.md
   - name: Threat intelligence
     items:
     - name: Understand threat intelligence in Microsoft Sentinel
@@ -92,7 +92,7 @@
   - name: SOAR
     items:
     - name: Orchestration, automation, and response
-      href: automation-in-azure-sentinel.md
+      href: automation.md
     - name: Automation rules
       href: automate-incident-handling-with-automation-rules.md
     - name: Playbooks
@@ -110,7 +110,7 @@
     - name: Sample workspace designs
       href: sample-workspace-designs.md
     - name: Plan and manage costs
-      href: azure-sentinel-billing.md
+      href: billing.md
     - name: Manage workspace access
       href: resource-context-rbac.md
   - name: Migrate to Microsoft Sentinel
@@ -133,7 +133,7 @@
       - name: Azure Active Directory
         href: connect-azure-active-directory.md
       - name: Microsoft Defender for Cloud
-        href: connect-azure-security-center.md
+        href: connect-defender-for-cloud.md
       - name: Microsoft 365 Defender
         href: connect-microsoft-365-defender.md
       - name: Windows security events

articles/sentinel/automation-in-azure-sentinel.md renamed to articles/sentinel/automation.md

@@ -17,7 +17,7 @@ This section reviews best practices for collecting data using Microsoft Sentinel
 
 ## Prioritize your data connectors
 
-If it's unclear to you which data connectors will best serve your environment, start by enabling all [free data connectors](azure-sentinel-billing.md#free-data-sources).
+If it's unclear to you which data connectors will best serve your environment, start by enabling all [free data connectors](billing.md#free-data-sources).
 
 The free data connectors will start showing value from Microsoft Sentinel as soon as possible, while you continue to plan other data connectors and budgets.
 
@@ -40,7 +40,7 @@ Filter your logs using one of the following methods:
 - **Logstash**. Supports filtering message content, including making changes to the log messages. For more information, see [Connect with Logstash](create-custom-connector.md#connect-with-logstash).
 
 > [!IMPORTANT]
-> Using Logstash to filter your message content will cause your logs to be ingested as custom logs, causing any [free-tier logs](azure-sentinel-billing.md#free-data-sources) to become paid-tier logs.
+> Using Logstash to filter your message content will cause your logs to be ingested as custom logs, causing any [free-tier logs](billing.md#free-data-sources) to become paid-tier logs.
 >
 > Custom logs also need to be worked into [analytics rules](automate-incident-handling-with-automation-rules.md), [threat hunting](hunting.md), and [workbooks](get-visibility.md), as they aren't automatically added. Custom logs are also not currently supported for [Machine Learning](bring-your-own-ml.md) capabilities.
 >

articles/sentinel/best-practices-data.md

@@ -32,7 +32,7 @@ While fewer workspaces are simpler to manage, you may have specific needs for mu
 When determining how many tenants and workspaces to use, consider that most Microsoft Sentinel features operate by using a single workspace or Microsoft Sentinel instance, and Microsoft Sentinel ingests all logs housed within the workspace.
 
 > [!IMPORTANT]
-> Costs are one of the main considerations when determining Microsoft Sentinel architecture. For more information, see [Microsoft Sentinel costs and billing](azure-sentinel-billing.md).
+> Costs are one of the main considerations when determining Microsoft Sentinel architecture. For more information, see [Microsoft Sentinel costs and billing](billing.md).
 >
 ### Working with multiple tenants
 

articles/sentinel/best-practices-workspace-architecture.md

@@ -31,7 +31,7 @@ The Microsoft Sentinel documentation has best practice guidance scattered throug
     - [Design your Microsoft Sentinel workspace architecture](design-your-workspace-architecture.md)
     - [Microsoft Sentinel sample workspace designs](sample-workspace-designs.md)
     - [Data collection best practices](best-practices-data.md)
-    - [Microsoft Sentinel costs and billing](azure-sentinel-billing.md)
+    - [Microsoft Sentinel costs and billing](billing.md)
     - [Permissions in Microsoft Sentinel](roles.md)
     - [Protecting MSSP intellectual property in Microsoft Sentinel](mssp-protect-intellectual-property.md)
     - [Threat intelligence integration in Microsoft Sentinel](threat-intelligence-integration.md)

articles/sentinel/best-practices.md

@@ -129,7 +129,7 @@ Try Microsoft Sentinel free for the first 31 days. Microsoft Sentinel can be ena
 
    Only the Microsoft Sentinel charges are waived during the 31-day trial period.
 
-Usage beyond these limits will be charged per the pricing listed on the [Microsoft Sentinel pricing](https://azure.microsoft.com/pricing/details/azure-sentinel) page. Charges related to extra capabilities for [automation](automation-in-azure-sentinel.md) and [bring your own machine learning](bring-your-own-ml.md) are still applicable during the free trial.
+Usage beyond these limits will be charged per the pricing listed on the [Microsoft Sentinel pricing](https://azure.microsoft.com/pricing/details/azure-sentinel) page. Charges related to extra capabilities for [automation](automation.md) and [bring your own machine learning](bring-your-own-ml.md) are still applicable during the free trial.
 
 > [!TIP]
 > During your free trial, find resources for cost management, training, and more on the **News & guides > Free trial** tab in Microsoft Sentinel.

articles/sentinel/azure-sentinel-billing.md renamed to articles/sentinel/billing.md

@@ -26,7 +26,7 @@ Now you can identify and address gaps in MITRE ATT&CK technique coverage, across
 >
 > The mapping of MITRE ATT&CK techniques to bookmarks is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 
-You can also investigate more types of entities while hunting with bookmarks, by mapping the full set of entity types and identifiers supported by Microsoft Sentinel Analytics in your custom queries. This enables you to use bookmarks to explore the entities returned in hunting query results using [entity pages](entities-in-azure-sentinel.md#entity-pages), [incidents](investigate-cases.md) and the [investigation graph](investigate-cases.md#use-the-investigation-graph-to-deep-dive). If a bookmark captures results from a hunting query, it automatically inherits the query's MITRE ATT&CK technique and entity mappings.
+You can also investigate more types of entities while hunting with bookmarks, by mapping the full set of entity types and identifiers supported by Microsoft Sentinel Analytics in your custom queries. This enables you to use bookmarks to explore the entities returned in hunting query results using [entity pages](entities.md#entity-pages), [incidents](investigate-cases.md) and the [investigation graph](investigate-cases.md#use-the-investigation-graph-to-deep-dive). If a bookmark captures results from a hunting query, it automatically inherits the query's MITRE ATT&CK technique and entity mappings.
 
 > [!IMPORTANT]
 >

articles/sentinel/bookmarks.md

@@ -28,7 +28,7 @@ This article presents information that is common to groups of connectors. See th
 The following integrations are both more unique and more popular, and are treated individually, with their own articles:
 
 - [Microsoft 365 Defender](connect-microsoft-365-defender.md)
-- [Microsoft Defender for Cloud](connect-azure-security-center.md)
+- [Microsoft Defender for Cloud](connect-defender-for-cloud.md)
 - [Azure Active Directory](connect-azure-active-directory.md)
 - [Windows Security Events](connect-windows-security-events.md)
 - [Amazon Web Services (AWS) CloudTrail](connect-aws.md)

articles/sentinel/connect-azure-windows-microsoft-services.md

@@ -64,7 +64,7 @@ As Defender for Cloud itself is enabled per subscription, the Defender for Cloud
 
 1. In the **Microsoft Defender plans** column of the list, you can see if Microsoft Defender plans are enabled on your subscription (a prerequisite for enabling the connector). The value for each subscription in this column will either be blank (meaning no Defender plans are enabled), "All enabled," or "Some enabled." Those that say "Some enabled" will also have an **Enable all** link you can select, that will take you to your Microsoft Defender for Cloud configuration dashboard for that subscription, where you can choose Defender plans to enable. The **Enable Microsoft Defender for all subscriptions** link button on the bar above the list will take you to your Microsoft Defender for Cloud Getting Started page, where you can choose on which subscriptions to enable Microsoft Defender for Cloud altogether.
 
-    :::image type="content" source="./media/connect-azure-security-center/azure-defender-config.png" alt-text="Screenshot of Microsoft Defender for Cloud connector configuration":::
+    :::image type="content" source="./media/connect-defender-for-cloud/azure-defender-config.png" alt-text="Screenshot of Microsoft Defender for Cloud connector configuration":::
 
 1. You can select whether you want the alerts from Microsoft Defender for Cloud to automatically generate incidents in Microsoft Sentinel. Under **Create incidents**, select **Enabled** to turn on the default analytics rule that automatically [creates incidents from alerts](create-incidents-from-alerts.md). You can then edit this rule under **Analytics**, in the  **Active rules** tab.