Merge pull request #125158 from ArieHein/Spelling-Wave-38

Spelling Fixes

Author: Jak-MS

articles/sentinel/cef-name-mapping.md

@@ -51,7 +51,7 @@ The following tables map Common Event Format (CEF) field names to the names they
 | dmac | DestinationMacAddress | The destination MAC address (FQDN) |
 | dntdom | DestinationNTDomain | The Windows domain name of the destination address.|
 | dpid | DestinationProcessId |The ID of the destination process associated with the event.|
-| dpriv | DestinationUserPrivileges | Defines the destination use's privileges. <br>Valid values: `Admninistrator`, `User`, `Guest` |
+| dpriv | DestinationUserPrivileges | Defines the destination use's privileges. <br>Valid values: `Administrator`, `User`, `Guest` |
 | dproc | DestinationProcessName | The name of the event’s destination process, such as `telnetd` or `sshd.` |
 | dpt | DestinationPort | Destination port. <br>Valid values: `*0` - `65535` |
 | dst | DestinationIP | The destination IpV4 address that the event refers to in an IP network. |
@@ -113,7 +113,7 @@ The following tables map Common Event Format (CEF) field names to the names they
 | requestMethod | RequestMethod | The method used to access a URL. <br><br>Valid values include methods such as `POST`, `GET`, and so on. |
 | rt | ReceiptTime | The time at which the event related to the activity was received. |
 |Severity     |  <a name="logseverity"></a> LogSeverity       |  A string or integer that describes the importance of the event.<br><br> Valid string values: `Unknown` , `Low`, `Medium`, `High`, `Very-High` <br><br>Valid integer values are:<br> - `0`-`3` = Low <br>- `4`-`6` = Medium<br>- `7`-`8` = High<br>- `9`-`10` = Very-High |
-| shost    | SourceHostName        |Identifies the source that event refers to in an IP network. Format should be a fully qualified domain name (DQDN) associated with the source node, when a node is available. For example, `host` or `host.domain.com`. |
+| shost    | SourceHostName        |Identifies the source that event refers to in an IP network. Format should be a fully qualified domain name (FQDN) associated with the source node, when a node is available. For example, `host` or `host.domain.com`. |
 | smac | SourceMacAddress | Source MAC address. |
 | sntdom | SourceNTDomain | The Windows domain name for the source address. |
 | sourceDnsDomain | SourceDnsDomain | The DNS domain part of the complete FQDN. |

articles/sentinel/ci-cd-custom-content.md

@@ -66,7 +66,7 @@ A sample repository is available with ARM templates for each of the content type
 ## Improve performance with smart deployments
 
 > [!TIP]
-> To ensure smart deployments works in GitHub, Workflows must have read and write permissions on your repositoriy. See [Managing GitHub Actions settings for a repository](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository) for more details.
+> To ensure smart deployments works in GitHub, Workflows must have read and write permissions on your repository. See [Managing GitHub Actions settings for a repository](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-github-actions-settings-for-a-repository) for more details.
 >
 
 The **smart deployments** feature is a back-end capability that improves performance by actively tracking modifications made to the content files of a connected repository. It uses a CSV file within the '.sentinel' folder in your repository to audit each commit. The workflow avoids redeploying content that hasn't been modified since the last deployment. This process improves your deployment performance and prevents tampering with unchanged content in your workspace, such as resetting dynamic schedules of your analytics rules.

articles/sentinel/connect-data-sources.md

@@ -9,7 +9,7 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As a security eningeer, I want to use data connectors to integrate various data sources into Microsoft Sentinel so that I can enhance threat detection and response capabilities.
+#Customer intent: As a security engineer, I want to use data connectors to integrate various data sources into Microsoft Sentinel so that I can enhance threat detection and response capabilities.
 ---
 
 # Microsoft Sentinel data connectors

articles/sentinel/customer-managed-keys.md

@@ -48,7 +48,7 @@ This article provides background information and steps to configure a [customer-
 
 ## How CMK works 
 
-The Microsoft Sentinel solution uses a dedicated Log Analytics cluser for log collection and features. As part of the Microsoft Sentinel CMK configuration, you must configure the CMK settings on the related Log Analytics dedicated cluster. Data saved by Microsoft Sentinel in storage resources other than Log Analytics is also encrypted using the customer-managed key configured for the dedicated Log Analytics cluster.
+The Microsoft Sentinel solution uses a dedicated Log Analytics cluster for log collection and features. As part of the Microsoft Sentinel CMK configuration, you must configure the CMK settings on the related Log Analytics dedicated cluster. Data saved by Microsoft Sentinel in storage resources other than Log Analytics is also encrypted using the customer-managed key configured for the dedicated Log Analytics cluster.
 
 For more information, see:
 - [Azure Monitor customer-managed keys (CMK)](/azure/azure-monitor/logs/customer-managed-keys).

articles/sentinel/dynamics-365/dynamics-365-finance-operations-security-content.md

@@ -29,7 +29,7 @@ This article details the security content available for the Microsoft Sentinel s
 |**F&O – Mass update or deletion of user account records** |Identifies large delete or update operations on Finance and Operations user records based on predefined thresholds. <br><br>Default update threshold: **50**<br>Default delete threshold: **10** |Deletions or modifications in Finance and Operations portal, under **Modules > System Administration > Users**<br><br>Data source: `FinanceOperationsActivity_CL` |Impact |
 |**F&O – Bank account change following network alias reassignment** |Identifies updates to bank account number by a user account which his alias was recently modified to a new value. |Changes in bank account number, in Finance and Operations portal, under **Workspaces > Bank management > All bank accounts** correlated with a relevant change in the user account to alias mapping.<br><br>Data source: `FinanceOperationsActivity_CL` |Credential Access, Lateral Movement, Privilege Escalation |
 |**F&O – Reverted bank account number modifications** |Identifies changes to bank account numbers in Finance & Operations, whereby a bank account number is modified but then subsequently reverted a short time later. |Changes in bank account number, in Finance and Operations portal, under **Workspaces > Bank management > All bank accounts**.<br><br>Data source: `FinanceOperationsActivity_CL` |Impact |
-|**F&O – Unusual sign-in activity using single factor authentication** |Identifies successful sign-in events to Finance & Operations and Lifecycle Services using single factor/password authentication. <br><Br>Sign-in events from tenants that aren't using MFA, coming from a Microsoft Entra ID trusted network location, or from geographic locations seen in the last 14 days are excluded.<br><br>This detection uses logs ingested from Microsoft Entra ID and you must enable the [Microsoft Entra data connector](../data-connectors/microsoft-entra-id.md). |Sign-ins to the monitored Finance and Operations environment.<br><br>Data source: `Singinlogs` |Credential Access, Initial Access |
+|**F&O – Unusual sign-in activity using single factor authentication** |Identifies successful sign-in events to Finance & Operations and Lifecycle Services using single factor/password authentication. <br><Br>Sign-in events from tenants that aren't using MFA, coming from a Microsoft Entra ID trusted network location, or from geographic locations seen in the last 14 days are excluded.<br><br>This detection uses logs ingested from Microsoft Entra ID and you must enable the [Microsoft Entra data connector](../data-connectors/microsoft-entra-id.md). |Sign-ins to the monitored Finance and Operations environment.<br><br>Data source: `Signinlogs` |Credential Access, Initial Access |
 
 ## Related content
 

articles/sentinel/entities-reference.md

@@ -196,7 +196,7 @@ The following section contains a more in-depth look at the full schemas of each
 - **Address**  
 \*\* Address alone is a unique, strong identifier when the IP address is a global address.
 - **Address + AddressScope**  
-\*\* For private/internal, non-global IP addresses, the AddressScope component is required to make this a strong identifer.
+\*\* For private/internal, non-global IP addresses, the AddressScope component is required to make this a strong identifier.
 
 [Back to list of entity type schemas](#list-of-entity-type-schemas) | [Back to entity identifiers table](#entity-types-and-identifiers)
 

articles/sentinel/entities.md

@@ -26,13 +26,13 @@ In the Microsoft Defender portal, entities generally fall into two main categori
 
 ## Entity identifiers
 
-Microsoft Sentinel supports a wide variety of entity types. Each type has its own unique attributes, which are represented as fields in the entity schema, and are called **identifiers**. See the full list of supported entities [below](#supported-entities), and the complete set of entity schemas and identifers in [Microsoft Sentinel entity types reference](entities-reference.md).
+Microsoft Sentinel supports a wide variety of entity types. Each type has its own unique attributes, which are represented as fields in the entity schema, and are called **identifiers**. See the full list of supported entities [below](#supported-entities), and the complete set of entity schemas and identifiers in [Microsoft Sentinel entity types reference](entities-reference.md).
 
 ### Strong and weak identifiers
 
 For each type of entity there are fields, or sets of fields, that can identify particular instances of that entity. These fields or sets of fields can be referred to as **strong identifiers** if they can uniquely identify an entity without any ambiguity, or as **weak identifiers** if they can identify an entity under some circumstances, but are not guaranteed to uniquely identify an entity in all cases. In many cases, though, a selection of weak identifiers can be combined to produce a strong identifier.
 
-For example, user accounts can be identified as **account** entities in more than one way: using a single **strong identifer** like a Microsoft Entra account's numeric identifier (the **GUID** field), or its **User Principal Name (UPN)** value, or alternatively, using a combination of **weak identifiers** like its **Name** and **NTDomain** fields. Different data sources can identify the same user in different ways. Whenever Microsoft Sentinel encounters two entities that it can recognize as the same entity based on their identifiers, it merges the two entities into a single entity, so that it can be handled properly and consistently.
+For example, user accounts can be identified as **account** entities in more than one way: using a single **strong identifier** like a Microsoft Entra account's numeric identifier (the **GUID** field), or its **User Principal Name (UPN)** value, or alternatively, using a combination of **weak identifiers** like its **Name** and **NTDomain** fields. Different data sources can identify the same user in different ways. Whenever Microsoft Sentinel encounters two entities that it can recognize as the same entity based on their identifiers, it merges the two entities into a single entity, so that it can be handled properly and consistently.
 
 If, however, one of your resource providers creates an alert in which an entity is not sufficiently identified—for example, using only a single **weak identifier** like a user name without the domain name context—then the user entity cannot be merged with other instances of the same user account. Those other instances would be identified as a separate entity, and those two entities would remain separate instead of unified.
 

articles/sentinel/investigate-with-ueba.md

@@ -104,7 +104,7 @@ For example:
 
     ```kusto
     SigninLogs
-    | where AppDisplayName == "GithHub.Com"
+    | where AppDisplayName == "GitHub.Com"
     | join kind=inner  (
         IdentityInfo
         | summarize arg_max(TimeGenerated, *) by AccountObjectId) on $left.UserId == $right.AccountObjectId

articles/sentinel/migration-arcsight-detection-rules.md

@@ -204,7 +204,7 @@ As a third option, use a parameter function:
 2. Define the parameters of the function. For example:
 
     ```kusto
-        Tbl: (TimeGenerated:datatime, Computer:string, 
+        Tbl: (TimeGenerated:datetime, Computer:string, 
         EventID:string, SubjectDomainName:string, 
         TargetDomainName:string, SubjectUserName:string)
     ```

articles/sentinel/migration-qradar-historical-data.md

@@ -73,7 +73,7 @@ To execute the search query:
         ```
 
 1. Review the output. If the value in the `status` field is `COMPLETED`, continue to the next step. If the status isn't `COMPLETED`, check the value in the `progress` field, and after 5-10 minutes, run the command you ran in step 4. 
-1. Review the output and ensure that the status is `COMPELETED`. 
+1. Review the output and ensure that the status is `COMPLETED`. 
 1. Run one of these commands to download the results or returned data from the JSON file to a folder on the current system:
     - For the QRadar Console user ID method, run: