addenda

yelevin · yelevin · commit 0b3d0651f3b1 · 2024-11-25T16:44:17.000+02:00
diff --git a/articles/sentinel/collaborate-in-microsoft-teams.md b/articles/sentinel/collaborate-in-microsoft-teams.md
@@ -12,7 +12,7 @@ appliesto:
 
 # Collaborate in Microsoft Teams in the Azure portal (Public preview)
 
-Microsoft Sentinel supports a direct integration with [Microsoft Teams](/microsoftteams/), enabling you to jump directly into teamwork on specific incidents.
+Microsoft Sentinel in the Azure portal supports a direct integration with [Microsoft Teams](/microsoftteams/), enabling you to jump directly into teamwork on specific incidents.
 
 
 > [!IMPORTANT]
diff --git a/articles/sentinel/create-incident-manually.md b/articles/sentinel/create-incident-manually.md
@@ -28,7 +28,7 @@ With Microsoft Sentinel as your security information and event management (SIEM)
 
 However, threat data can also come from other sources *not ingested into Microsoft Sentinel*, or events not recorded in any log, and yet can justify opening an investigation. For example, an employee might notice an unrecognized person engaging in suspicious activity related to your organization’s information assets. This employee might call or email the security operations center (SOC) to report the activity.
 
-Microsoft Sentinel allows your security analysts to manually create incidents for any type of event, regardless of its source or data, so you don't miss out on investigating these unusual types of threats.
+Microsoft Sentinel in the Azure portal allows your security analysts to manually create incidents for any type of event, regardless of its source or data, so you don't miss out on investigating these unusual types of threats.
 
 ## Common use cases
 
diff --git a/articles/sentinel/delete-incident.md b/articles/sentinel/delete-incident.md
@@ -18,7 +18,7 @@ appliesto:
 > 
 > Incident deletion is generally available through the API.
 
-The ability to create incidents from scratch in Microsoft Sentinel opens the possibility that you'll create an incident that you later decide you shouldn't have. For example, you may have created an incident based on an employee report, before having received any evidence (such as alerts), and soon afterward you receive alerts that automatically generate the incident in question. But now, you have a duplicate incident with no data in it. In this scenario, you can delete your duplicate incident right from the incident queue in the portal.
+The ability to create incidents from scratch in Microsoft Sentinel in the Azure portal opens the possibility that you'll create an incident that you later decide you shouldn't have. For example, you may have created an incident based on an employee report, before having received any evidence (such as alerts), and soon afterward you receive alerts that automatically generate the incident in question. But now, you have a duplicate incident with no data in it. In this scenario, you can delete your duplicate incident right from the incident queue in the Azure portal.
 
 **Deleting an incident is not a substitute for closing an incident!** Deleting an incident should only be done when at least one of the following conditions is met:
 - The incident was created manually by mistake.
diff --git a/articles/sentinel/investigate-incidents.md b/articles/sentinel/investigate-incidents.md
@@ -12,9 +12,9 @@ appliesto:
 
 # Navigate and investigate incidents in Microsoft Sentinel in the Azure portal
 
-Microsoft Sentinel gives you a complete, full-featured case management platform for investigating security incidents. The **Incident details** page is your central location from which to run your investigation, collecting all the relevant information and all the applicable tools and tasks in one screen.
+Microsoft Sentinel gives you a complete, full-featured case management platform in the Azure portal for investigating security incidents. The **Incident details** page is your central location from which to run your investigation, collecting all the relevant information and all the applicable tools and tasks in one screen.
 
-This article takes you through all the panels and options available on the incident details page, helping you navigate and investigate your incidents more quickly, effectively, and efficiently, and reducing your mean time to resolve (MTTR).
+This article takes you through all the panels and options available on the incident details page in the Azure portal, helping you navigate and investigate your incidents more quickly, effectively, and efficiently, and reducing your mean time to resolve (MTTR).
 
 See instructions for the [previous version of incident investigation](investigate-cases.md).
 
diff --git a/articles/sentinel/relate-alerts-to-incidents.md b/articles/sentinel/relate-alerts-to-incidents.md
@@ -12,7 +12,7 @@ appliesto:
 
 # Relate alerts to incidents in Microsoft Sentinel in the Azure portal
 
-This article shows you how to relate alerts to your incidents in Microsoft Sentinel. This feature allows you to manually or automatically add alerts to, or remove them from, existing incidents as part of your investigation processes, refining the incident scope as the investigation unfolds. 
+This article shows you how to relate alerts to your incidents in Microsoft Sentinel. This feature allows you to manually or automatically add alerts to, or remove them from, existing incidents in the Azure portal as part of your investigation processes, refining the incident scope as the investigation unfolds. 
 
 > [!IMPORTANT]
 > Incident expansion is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
diff --git a/articles/sentinel/work-with-tasks.md b/articles/sentinel/work-with-tasks.md
@@ -12,7 +12,7 @@ appliesto:
 
 # Work with incident tasks in Microsoft Sentinel in the Azure portal
 
-This article explains how SOC analysts can use incident tasks to manage their incident-handling workflow processes in Microsoft Sentinel.
+This article explains how SOC analysts can use incident tasks to manage their incident-handling workflow processes in Microsoft Sentinel in the Azure portal.
 
 [Incident tasks](incident-tasks.md) are typically created automatically by either automation rules or playbooks set up by senior analysts or SOC managers, but lower-tier analysts can create their own tasks on the spot, manually, right from within the incident.
 

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ appliesto:`
`18`	`18`	`>`
`19`	`19`	`> Incident deletion is generally available through the API.`
`20`	`20`
`21`		-The ability to create incidents from scratch in Microsoft Sentinel opens the possibility that you'll create an incident that you later decide you shouldn't have. For example, you may have created an incident based on an employee report, before having received any evidence (such as alerts), and soon afterward you receive alerts that automatically generate the incident in question. But now, you have a duplicate incident with no data in it. In this scenario, you can delete your duplicate incident right from the incident queue in the portal.
	`21`	+The ability to create incidents from scratch in Microsoft Sentinel in the Azure portal opens the possibility that you'll create an incident that you later decide you shouldn't have. For example, you may have created an incident based on an employee report, before having received any evidence (such as alerts), and soon afterward you receive alerts that automatically generate the incident in question. But now, you have a duplicate incident with no data in it. In this scenario, you can delete your duplicate incident right from the incident queue in the Azure portal.
`22`	`22`
`23`	`23`	`Deleting an incident is not a substitute for closing an incident! Deleting an incident should only be done when at least one of the following conditions is met:`
`24`	`24`	`- The incident was created manually by mistake.`