Merge pull request #105787 from memildin/asc-melvyn-vmva

Added notes about changed intents

Author: PRMerger20

articles/security-center/alerts-reference.md

@@ -395,8 +395,8 @@ Security Center's supported kill chain intents are based on the [MITRE ATT&CK™
 
 |Intent|Description|
 |------|-------|
-|**Probing**|Probing could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt, originating from outside the network, to scan the target system and identify an entry point.|
-|**Exploitation**|Exploitation is the stage where an attacker manages to get a foothold on the attacked resource. This stage is relevant for compute hosts and resources such as user accounts, certificates etc. Threat actors will often be able to control the resource after this stage.|
+|**PreAttack**</br>(replaces Probing)|PreAttack could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt, originating from outside the network, to scan the target system and identify an entry point.</br>Further details on the PreAttack stage can be read in [MITRE's page](https://attack.mitre.org/matrices/pre/).|
+|**InitialAccess**</br>(replaces Exploitation)|InitialAccess is the stage where an attacker manages to get a foothold on the attacked resource. This stage is relevant for compute hosts and resources such as user accounts, certificates etc. Threat actors will often be able to control the resource after this stage.|
 |**Persistence**|Persistence is any access, action, or configuration change to a system that gives a threat actor a persistent presence on that system. Threat actors will often need to maintain access to systems through interruptions such as system restarts, loss of credentials, or other failures that would require a remote access tool to restart or provide an alternate backdoor for them to regain access.|
 |**PrivilegeEscalation**|Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. Certain tools or actions require a higher level of privilege to work and are likely necessary at many points throughout an operation. User accounts with permissions to access specific systems or perform specific functions necessary for adversaries to achieve their objective may also be considered an escalation of privilege.|
 |**DefenseEvasion**|Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as (or variations of) techniques in other categories that have the added benefit of subverting a particular defense or mitigation.|