Merge branch 'release-ga-sentinel' of https://github.com/MicrosoftDocs/azure-docs-pr into cabailey-azuredocs-bookmarks

Author: cabailey

.openpublishing.redirection.json

@@ -26034,6 +26034,11 @@
       "redirect_url": "/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-autoscale-powershell",
       "redirect_document_id": false
     },
+    {
+      "source_path": "articles/sentinel/tutorial-detect-threats.md",
+      "redirect_url": "/azure/sentinel/tutorial-detect-threats-built-in",
+      "redirect_document_id": false
+    },
     {
       "source_path": "articles/sentinel/user-analytics.md",
       "redirect_url": "/azure/sentinel/overview",

articles/sentinel/TOC.yml

@@ -11,13 +11,10 @@
     href: quickstart-get-visibility.md
 - name: Tutorials
   items:
-  - name: Detect suspicious threats
-    href: tutorial-detect-threats.md
-    items:
-    - name: Use built-in analytics
-      href: tutorial-detect-threats-built-in.md
-    - name: Use custom rules
-      href: tutorial-detect-threats-custom.md  
+  - name: Use built-in analytics to detect threats
+    href: tutorial-detect-threats-built-in.md
+  - name: Create custom rules to detect threats
+    href: tutorial-detect-threats-custom.md  
   - name: Monitor your data
     href: tutorial-monitor-your-data.md
   - name: Investigate incidents

articles/sentinel/connect-aws.md

@@ -12,7 +12,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 09/10/2019
+ms.date: 09/23/2019
 ms.author: rkarlin
 
 ---

articles/sentinel/connect-azure-active-directory.md

@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 09/10/2019
+ms.date: 09/23/2019
 ms.author: rkarlin
 
 ---
@@ -37,9 +37,11 @@ Azure Sentinel enables you to collect data from [Azure Active Directory](../acti
 
 1. In Azure Sentinel, select **Data connectors** and then click the **Azure Active Directory** tile.
 
-2. Next to the logs you want to stream into Azure Sentinel, click **Connect**.
+1. Next to the logs you want to stream into Azure Sentinel, click **Connect**.
 
-6. To use the relevant schema in Log Analytics for the Azure AD alerts, search for **SigninLogs** and **AuditLogs**.
+1. You can select whether you want the alerts from Azure AD to automatically generate incidents in Azure Sentinel automatically. Under **Create incidents** select **Enable** to enable the default analytic rule that creates incidents automatically from alerts generated in the connected security service. You can then edit this rule under **Analytics** and then **Active rules**.
+
+1. To use the relevant schema in Log Analytics for the Azure AD alerts, search for **SigninLogs** and **AuditLogs**.
 
 
 

articles/sentinel/connect-azure-activity.md

@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 09/10/2019
+ms.date: 09/23/2019
 ms.author: rkarlin
 
 ---

articles/sentinel/connect-azure-ad-identity-protection.md

@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 09/10/2019
+ms.date: 09/23/2019
 ms.author: rkarlin
 
 ---

articles/sentinel/connect-azure-atp.md

@@ -13,7 +13,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 09/10/2019
+ms.date: 09/23/2019
 ms.author: rkarlin
 
 ---
@@ -39,9 +39,11 @@ If Azure ATP is deployed and ingesting your data, the suspicious alerts can easi
 
 1. In Azure Sentinel, select **Data connectors** and then click the **Azure ATP** tile.
 
-2. Click **Connect**.
+1. You can select whether you want the alerts from Azure ATP to automatically generate incidents in Azure Sentinel automatically. Under **Create incidents** select **Enable** to enable the default analytic rule that creates incidents automatically from alerts generated in the connected security service. You can then edit this rule under **Analytics** and then **Active rules**.
 
-6. To use the relevant schema in Log Analytics for the Azure ATP alerts, search for **SecurityAlert**.
+1. Click **Connect**.
+
+1. To use the relevant schema in Log Analytics for the Azure ATP alerts, search for **SecurityAlert**.
 
 > [!NOTE]
 > If the alerts are larger than 30 KB, Azure Sentinel stops displaying the Entities field in the alerts.

articles/sentinel/connect-azure-security-center.md

@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 09/10/2019
+ms.date: 09/23/2019
 ms.author: rkarlin
 
 ---
@@ -38,8 +38,11 @@ Azure Sentinel enables you to connect alerts from [Azure Security Center](../sec
 ## Connect to Azure Security Center
 
 1. In Azure Sentinel, select **Data connectors** and then click the **Azure Security Center** tile.
+
 1. In the right, click **Connect** next to each subscription whose alerts you want to stream into Azure Sentinel. Make sure to upgrade each subscription to Azure Security Center Standard tier to stream alerts to Azure Sentinel.
 
+1. You can select whether you want the alerts from Azure Security Center to automatically generate incidents in Azure Sentinel automatically. Under **Create incidents** select **Enable** to enable the default analytic rule that creates incidents automatically from alerts generated in the connected security service. You can then edit this rule under **Analytics** and then **Active rules**.
+
 3. Click **Connect**.
 
 4. To use the relevant schema in Log Analytics for the Azure Security Center alerts, search for **SecurityAlert**.

articles/sentinel/connect-azure-stack.md

@@ -11,7 +11,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 09/10/2019
+ms.date: 09/23/2019
 ms.author: rkarlin
 
 ---

articles/sentinel/connect-barracuda.md

@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 09/10/2019
+ms.date: 09/23/2019
 ms.author: rkarlin
 
 ---