Move screenshots into correct folders and fix all art links

Author: ecfan

articles/sentinel/automation/create-playbooks.md

@@ -56,10 +56,10 @@ Follow these steps to create a new playbook in Microsoft Sentinel:
    - In the [Defender portal](https://security.microsoft.com/), go to your Microsoft Sentinel workspace. Select **Microsoft Sentinel** > **Configuration** > **Automation**.
 
    #### [Azure portal](#tab/azure-portal)
-   :::image type="content" source="../media/tutorial-respond-threats-playbook/add-new-playbook.png" alt-text="Screenshot of the menu selection for adding a new playbook in the Automation screen." lightbox="../media/tutorial-respond-threats-playbook/add-new-playbook.png":::
+   :::image type="content" source="../media/create-playbooks/add-new-playbook.png" alt-text="Screenshot shows Azure portal and Microsoft Sentinel Automation page with Create selected." lightbox="../media/create-playbooks/add-new-playbook.png":::
 
    #### [Defender portal](#tab/defender-portal)
-   :::image type="content" source="../media/tutorial-respond-threats-playbook/add-new-playbook-defender.png" alt-text="Screenshot of the menu selection for adding a new playbook in the Automation screen." lightbox="../media/tutorial-respond-threats-playbook/add-new-playbook-defender.png":::
+   :::image type="content" source="../media/create-playbooks/add-new-playbook-defender.png" alt-text="Screenshot shows Defender portal and Microsoft Sentinel Automation page with Create selected." lightbox="../media/create-playbooks/add-new-playbook-defender.png":::
 
    ---
 
@@ -130,7 +130,7 @@ Follow these steps to create your playbook:
 
    Azure takes a few minutes to create and deploy your playbook. After deployment completes, your playbook opens in the Consumption workflow designer for [Azure Logic Apps](/azure/logic-apps/logic-apps-overview). The trigger that you selected earlier automatically appears as the first step in your workflow, so now you can continue building the workflow from here.
 
-   :::image type="content" source="../media/create-playbooks/logic-app-blank.png" alt-text="Screenshot shows Consumption workflow designer with selected trigger." lightbox="../media/tutorial-respond-threats-playbook/logic-app-blank.png":::
+   :::image type="content" source="../media/create-playbooks/logic-app-blank.png" alt-text="Screenshot shows Consumption workflow designer with selected trigger." lightbox="../media/create-playbooks/designer-consumption.png":::
 
 1. If you previously chose **Playbook with entity trigger**, select the type of entity you want this playbook to receive as an input.
 

articles/sentinel/automation/playbook-recommendations.md

@@ -144,41 +144,41 @@ This section provides sample screenshots of how you might use a playbook to upda
 
 **Update an incident based on a new incident** (incident trigger):
 
-![Screenshot of an incident trigger simple update flow example.](../media/playbook-triggers-actions/incident-simple-flow.png)
+![Screenshot of an incident trigger simple update flow example.](../media/playbook-recommendations/incident-simple-flow.png)
 
 **Update an incident based on a new alert** (alert trigger):
 
-![Screenshot of an alert trigger simple update incident flow example.](../media/playbook-triggers-actions/alert-update-flow.png)
+![Screenshot of an alert trigger simple update incident flow example.](../media/playbook-recommendations/alert-update-flow.png)
 
 ### Use incident details in your flow
 
 This section provides sample screenshots of how you might use your playbook to use incident details elsewhere in your flow:
 
 **Send incident details by mail, using a playbook triggered by a new incident**: 
 
-![Screenshot of an incident trigger simple get flow example.](../media/playbook-triggers-actions/incident-simple-mail-flow.png)
+![Screenshot of an incident trigger simple get flow example.](../media/playbook-recommendations/incident-simple-mail-flow.png)
 
 **Send incident details by mail, using a playbook triggered by a new alert**:
 
-![Screenshot of an alert trigger simple get incident flow example.](../media/playbook-triggers-actions/alert-simple-mail-flow.png)
+![Screenshot of an alert trigger simple get incident flow example.](../media/playbook-recommendations/alert-simple-mail-flow.png)
 
 ### Add a comment to an incident
 
 This section provides sample screenshots of how you might use your playbook to add comments to an incident:
 
 **Add a comment to an incident, using a playbook triggered by a new incident**:
 
-![Screenshot of an incident trigger simple add comment example.](../media/playbook-triggers-actions/incident-comment.png)
+![Screenshot of an incident trigger simple add comment example.](../media/playbook-recommendations/incident-comment.png)
 
 **Add a comment to an incident, using a playbook triggered by a new alert**:
 
-![Screenshot of an alert trigger simple add comment example.](../media/playbook-triggers-actions/alert-comment.png)
+![Screenshot of an alert trigger simple add comment example.](../media/playbook-recommendations/alert-comment.png)
 
 ### Disable a user
 
 The following screenshot shows an example of how you might use your playbook to disable a user account, based on a Microsoft Sentinel entity trigger:
 
-:::image type="content" source="../media/playbook-triggers-actions/entity-trigger-actions.png" alt-text="Screenshot showing actions to take in an entity-trigger playbook to disable a user.":::
+:::image type="content" source="../media/playbook-recommendations/entity-trigger-actions.png" alt-text="Screenshot showing actions to take in an entity-trigger playbook to disable a user.":::
 
 ## Related content
 

articles/sentinel/automation/run-playbooks.md

@@ -54,7 +54,7 @@ In a multitenant deployment, if the playbook you want to run is in a different t
 1. Select the **Configure permissions** button to open the **Manage permissions** panel.
 1. Mark the check boxes of the resource groups containing the playbooks you want to run, and select **Apply**. For example:
 
-    :::image type="content" source="../media/tutorial-respond-threats-playbook/manage-permissions.png" alt-text="Screenshot that shows the actions section with run playbook selected.":::
+    :::image type="content" source="../media/run-playbooks/manage-permissions.png" alt-text="Screenshot that shows the actions section with run playbook selected.":::
 
 You yourself must have **Owner** permissions on any resource group to which you want to grant Microsoft Sentinel permissions, and you must have the **Microsoft Sentinel Playbook Operator** role on any resource group containing playbooks you want to run.
 
@@ -88,17 +88,17 @@ To respond automatically to entire incidents or individual alerts with a playboo
 
 1. From the **Automation** page in the Microsoft Sentinel navigation menu, select **Create** from the top menu and then **Automation rule**. For example:
 
-   :::image type="content" source="../media/tutorial-respond-threats-playbook/add-new-rule.png" alt-text="Screenshot showing how to add a new automation rule.":::
+   :::image type="content" source="../media/run-playbooks/add-new-rule.png" alt-text="Screenshot showing how to add a new automation rule.":::
 
 1. The **Create new automation rule** panel opens. Enter a name for your rule. Your options differ depending on whether your workspace is onboarded to the unified security operations platform. For example:
 
     ### [Onboarded workspaces](#tab/after-onboarding)
 
-    :::image type="content" source="../media/tutorial-respond-threats-playbook/create-automation-rule-onboarded.png" alt-text="Screenshot showing the automation rule creation wizard.":::
+    :::image type="content" source="../media/run-playbooks/create-automation-rule-onboarded.png" alt-text="Screenshot showing the automation rule creation wizard.":::
 
     ### [Workspaces that aren't onboarded](#tab/before-onboarding)
 
-   :::image type="content" source="../media/tutorial-respond-threats-playbook/create-automation-rule.png" alt-text="Screenshot showing the automation rule creation wizard.":::
+   :::image type="content" source="../media/run-playbooks/create-automation-rule.png" alt-text="Screenshot showing the automation rule creation wizard.":::
 
     ---
 
@@ -127,7 +127,7 @@ To respond automatically to entire incidents or individual alerts with a playboo
 
        In the **Manage permissions** panel that opens up, mark the check boxes of the resource groups containing the playbooks you want to run, and select **Apply**. For example:
 
-       :::image type="content" source="../media/tutorial-respond-threats-playbook/manage-permissions.png" alt-text="Screenshot that shows the actions section with run playbook selected.":::
+       :::image type="content" source="../media/run-playbooks/manage-permissions.png" alt-text="Screenshot that shows the actions section with run playbook selected.":::
 
         You yourself must have **Owner** permissions on any resource group to which you want to grant Microsoft Sentinel permissions, and you must have the **Microsoft Sentinel Playbook Operator** role on any resource group containing playbooks you want to run.
 

articles/sentinel/create-manage-use-automation-rules.md

@@ -261,7 +261,7 @@ If you add a **Run playbook** action, you will be prompted to choose from the dr
 - <a name="explicit-permissions"></a>Microsoft Sentinel must be granted explicit permissions in order to run playbooks. If a playbook appears "grayed out" in the drop-down list, it means Sentinel does not have permission to that playbook's resource group. Select the **Manage playbook permissions** link to assign permissions.
 
     In the **Manage permissions** panel that opens up, mark the check boxes of the resource groups containing the playbooks you want to run, and select **Apply**.
-        :::image type="content" source="./media/tutorial-respond-threats-playbook/manage-permissions.png" alt-text="Manage permissions":::
+        :::image type="content" source="./media/create-manage-automation-rules/manage-permissions.png" alt-text="Manage permissions":::
 
     You yourself must have **owner** permissions on any resource group to which you want to grant Microsoft Sentinel permissions, and you must have the **Microsoft Sentinel Automation Contributor** role on any resource group containing playbooks you want to run.
 

articles/sentinel/includes/playbooks-roles.md

@@ -14,7 +14,7 @@ ms.topic: include
 | **Microsoft Sentinel Playbook Operator** | Lets you run a playbook manually. |
 | **Microsoft Sentinel Automation Contributor** | Allows automation rules to run playbooks. This role isn't used for any other purpose. |
 
-The following table describes required roles based on whether you select a *Consumption* or *Standard* logic app to create your playbook:
+The following table describes required roles based on whether you select a Consumption or Standard logic app to create your playbook:
 
 | Logic app | Azure roles | Description |
 |-----------|-------------|-------------|