add integrating sections to migrate docs

austinmccollum · austinmccollum · commit 157bbe392103 · 2024-03-11T13:07:04.000-05:00
diff --git a/articles/sentinel/migration-splunk-detection-rules.md b/articles/sentinel/migration-splunk-detection-rules.md
@@ -1,10 +1,12 @@
 ---
-title: Migrate Splunk detection rules to Microsoft Sentinel | Microsoft Docs
+title: Migrate Splunk detection rules to Microsoft Sentinel
+titleSuffix: Microsoft Sentinel
 description: Learn how to identify, compare, and migrate your Splunk detection rules to Microsoft Sentinel built-in rules.
 author: limwainstein
 ms.author: lwainstein
 ms.topic: how-to
-ms.date: 03/08/2024
+ms.date: 03/11/2024
+#customer intent: As a SOC administrator, I want to migrate Splunk detection rules to KQL so I can migrate to Microsoft Sentinel.
 ---
 
 # Migrate Splunk detection rules to Microsoft Sentinel
@@ -22,11 +24,12 @@ Microsoft Sentinel uses machine learning analytics to create high-fidelity and a
 - Check that you understand the [rule terminology](#compare-rule-terminology).
 - Review any rules that haven't triggered any alerts in the past 6-12 months, and determine whether they're still relevant.
 - Eliminate low-level threats or alerts that you routinely ignore.
-- Use existing functionality, and check whether Microsoft Sentinel’s [built-in analytics rules](https://github.com/Azure/Azure-Sentinel/tree/master/Detections) might address your current use cases. Because Microsoft Sentinel uses machine learning analytics to produce high-fidelity and actionable incidents, it’s likely that some of your existing detections won’t be required anymore.
+- Use existing functionality, and check whether Microsoft Sentinel's [built-in analytics rules](https://github.com/Azure/Azure-Sentinel/tree/master/Detections) might address your current use cases. Because Microsoft Sentinel uses machine learning analytics to produce high-fidelity and actionable incidents, it's likely that some of your existing detections won't be required anymore.
 - Confirm connected data sources and review your data connection methods. Revisit data collection conversations to ensure data depth and breadth across the use cases you plan to detect.
+- Test the capabilities of the [SIEM migration experience](siem-migration.md) to determine if the automated translation is suitable.
 - Explore community resources such as the [SOC Prime Threat Detection Marketplace](https://my.socprime.com/platform-overview/) to check whether  your rules are available.
 - Consider whether an online query converter such as Uncoder.io might work for your rules. 
-- If rules aren’t available or can’t be converted, they need to be created manually, using a KQL query. Review the [rules mapping](#map-and-compare-rule-samples) to create new queries. 
+- If rules aren't available or can't be converted, they need to be created manually, using a KQL query. Review the [rules mapping](#map-and-compare-rule-samples) to create new queries. 
 
 Learn more about [best practices for migrating detection rules](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/best-practices-for-migrating-detection-rules-from-arcsight/ba-p/2216417).
 
@@ -41,14 +44,18 @@ Learn more about [best practices for migrating detection rules](https://techcomm
     1. **Confirm that you have any required data sources connected,** and review your data connection methods.
 
 1. Verify whether your detections are available as built-in templates in Microsoft Sentinel:
+    
+    - **Use the SIEM migration experience** to automate translation and migration.
+
+        For more information, see [Use the SIEM migration experience](siem-migration.md).
 
     - **If the built-in rules are sufficient**, use built-in rule templates to create rules for your own workspace.
 
         In Microsoft Sentinel, go to the **Configuration > Analytics > Rule templates** tab, and create and update each relevant analytics rule.
 
         For more information, see [Detect threats out-of-the-box](detect-threats-built-in.md).
 
-    - **If you have detections that aren't covered by Microsoft Sentinel's built-in rules**, try an online query converter, such as [Uncoder.io](https://uncoder.io/) to convert your queries to KQL.
+    - **If you have detections that aren't covered by Microsoft Sentinel's built-in rules**, try an online query converter, such as [Uncoder.io](https://uncoder.io/) or [SPL2KQL](https://azure.github.io/spl2kql) to convert your queries to KQL.
 
         Identify the trigger condition and rule action, and then construct and review your KQL query.
 
diff --git a/articles/sentinel/migration-splunk-historical-data.md b/articles/sentinel/migration-splunk-historical-data.md
@@ -1,10 +1,12 @@
 ---
-title: "Microsoft Sentinel migration: Export Splunk data to target platform | Microsoft Docs"
-description: Learn how to export your historical data from Splunk.
+title: Export Splunk data to target platform
+titlesuffix: Microsoft Sentinel
+description: Learn how to export your historical data from Splunk for a Microsoft Sentinel migration of security monitoring use cases
 author: limwainstein
 ms.author: lwainstein
 ms.topic: how-to
-ms.date: 05/03/2022
+ms.date: 03/11/2024
+#customer intent: As a SOC administrator, I want to migrate historical data from Splunk so I have continuity when I migrate to Microsoft Sentinel.
 ---
 
 # Export historical data from Splunk
diff --git a/articles/sentinel/siem-migration.md b/articles/sentinel/siem-migration.md
@@ -31,12 +31,10 @@ You need the following from the source SIEM:
 
 You need the following on the target, Microsoft Sentinel:
 
-- The SIEM migration experience deploys analytics rules which requires the **Microsoft Sentinel Contributor** role. For more information about other roles and permissions supported for Microsoft Sentinel, see [Permissions in Microsoft Sentinel](roles.md). 
+- The SIEM migration experience deploys analytics rules. This capability requires the **Microsoft Sentinel Contributor** role.<br><br>For more information, see [Permissions in Microsoft Sentinel](roles.md). 
 - Ingest security data previously used in your source SIEM into Microsoft Sentinel by enabling an out-of-the-box (OOTB) data connector. 
 - If the data connector isn't installed yet, find the relevant solution in **Content hub**. 
-- If no data connector exists, create a custom ingestion pipeline. 
-
-For more information, see [Discover and manage Microsoft Sentinel out-of-the-box content](sentinel-solutions-deploy.md) or [Custom data ingestion and transformation](data-transformation.md).
+- If no data connector exists, create a custom ingestion pipeline.<br><br>For more information, see [Discover and manage Microsoft Sentinel out-of-the-box content](sentinel-solutions-deploy.md) or [Custom data ingestion and transformation](data-transformation.md).
 
 ## Translate Splunk detection rules
 
diff --git a/articles/sentinel/whats-new.md b/articles/sentinel/whats-new.md
@@ -1,10 +1,10 @@
 ---
 title: What's new in Microsoft Sentinel
-description: This article describes new features in Microsoft Sentinel from the past few months.
+description: Learn about the latest new features and announcement in Microsoft Sentinel from the past few months.
 author: yelevin
 ms.author: yelevin
-ms.topic: conceptual
-ms.date: 02/28/2024
+ms.topic: concept
+ms.date: 03/11/2024
 ---
 
 # What's new in Microsoft Sentinel
