Merge pull request #288827 from meganbradley/meganbradley/docutune-autopr-20241020-030949-3884606-ignore-build

[BULK] - DocuTune remediation - Sensitive terms with GUIDs (part 67)

Author: prmerger-automator[bot]

articles/sentinel/api-dcr-reference.md

@@ -302,7 +302,7 @@ The `outputStream` parameter is required only if the transform changes the schem
 {
     "properties": {
         "immutableId": "dcr-00112233445566778899aabbccddeeff",
-        "dataCollectionEndpointId": "/subscriptions/aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb/resourceGroups/Contoso-RG-1/providers/Microsoft.Insights/dataCollectionEndpoints/Microsoft-Sentinel-aaaabbbbccccddddeeeefff",
+        "dataCollectionEndpointId": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/Contoso-RG-1/providers/Microsoft.Insights/dataCollectionEndpoints/Microsoft-Sentinel-aaaabbbbccccddddeeeefff",
         "streamDeclarations": {
             "Custom-Text-ApacheHTTPServer_CL": {
                 "columns": [
@@ -339,7 +339,7 @@ The `outputStream` parameter is required only if the transform changes the schem
         "destinations": {
             "logAnalytics": [
                 {
-                    "workspaceResourceId": "/subscriptions/aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb/resourceGroups/contoso-rg-1/providers/Microsoft.OperationalInsights/workspaces/CyberSOC",
+                    "workspaceResourceId": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/contoso-rg-1/providers/Microsoft.OperationalInsights/workspaces/CyberSOC",
                     "workspaceId": "cccccccc-3333-4444-5555-dddddddddddd",
                     "name": "DataCollectionEvent"
                 }
@@ -363,7 +363,7 @@ The `outputStream` parameter is required only if the transform changes the schem
     "tags": {
         "createdBy": "Sentinel"
     },
-    "id": "/subscriptions/aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb/resourceGroups/Contoso-RG-1/providers/Microsoft.Insights/dataCollectionRules/DCR-CustomLogs-01",
+    "id": "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/Contoso-RG-1/providers/Microsoft.Insights/dataCollectionRules/DCR-CustomLogs-01",
     "name": "DCR-CustomLogs-01",
     "type": "Microsoft.Insights/dataCollectionRules",
     "etag": "\"00000000-1111-2222-3333-444444444444\"",

articles/sentinel/connect-aws.md

@@ -351,4 +351,3 @@ In this document, you learned how to connect to AWS resources to ingest their lo
 - Learn how to [get visibility into your data, and potential threats](get-visibility.md).
 - Get started [detecting threats with Microsoft Sentinel](detect-threats-built-in.md).
 - [Use workbooks](monitor-your-data.md) to monitor your data.
-

articles/sentinel/create-incident-manually.md

@@ -149,7 +149,7 @@ Here's an example of what a request body might look like:
     "description": "This is a demo incident",
     "title": "My incident",
     "owner": {
-      "objectId": "2046feea-040d-4a46-9e2b-91c2941bfa70"
+      "objectId": "aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb"
     },
     "severity": "High",
     "classification": "FalsePositive",

articles/sentinel/normalization-about-schemas.md

@@ -119,7 +119,7 @@ The allowed values for a user ID type are:
 | ---- | ------- | ------------- |
 | **SID** | A Windows user ID. | `S-1-5-21-1377283216-344919071-3415362939-500` |
 | **UID** | A Linux user ID. | `4578` |
-| **AADID**| A Microsoft Entra user ID.| `9267d02c-5f76-40a9-a9eb-b686f3ca47aa` |
+| **AADID**| A Microsoft Entra user ID.| `00aa00aa-bb11-cc22-dd33-44ee44ee44ee` |
 | **OktaId** | An Okta user ID. |  `00urjk4znu3BcncfY0h7` |
 | **AWSId** | An AWS user ID. | `72643944673` |
 | **PUID** | A Microsoft 365 user ID. | `10032001582F435C` |

articles/sentinel/normalization-schema-v1.md

@@ -70,7 +70,7 @@ Below is the schema of the network sessions table, versioned 1.0.0
 | **DvcHostname** | Device Name (String) | syslogserver1.contoso.com | The device name of the device generating the message. | Device |
 | **EventProduct** | String | OfficeSharepoint | The product generating the event. | Event |
 | **EventProductVersion** | string | 9.0 |  The version of the product generating the event. | Event |
-| **EventResourceId** | Device ID (String) | /subscriptions/3c1bb38c-82e3-4f8d-a115-a7110ba70d05 /resourcegroups/contoso77/providers /microsoft.compute/virtualmachines /syslogserver1 | The resource ID of the device generating the message. | Event |
+| **EventResourceId** | Device ID (String) | /subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e /resourcegroups/contoso77/providers /microsoft.compute/virtualmachines /syslogserver1 | The resource ID of the device generating the message. | Event |
 | **EventReportUrl** | String | https://192.168.1.1/repoerts/ae3-56.htm | A link to the full report created by the reporting device | Event |
 | **EventVendor** | String | Microsoft | The vendor of the product generating the event. | Event |
 | **EventResult** | Multivalue: Success, Partial, Failure, [Empty] (String) | Success | The result reported for the activity. Empty value when not applicable. | Event |
@@ -102,7 +102,7 @@ Below is the schema of the network sessions table, versioned 1.0.0
 | **DstDvcDomain** | String | CONTOSO | The Domain of the destination device. | Destination,<br>Device |
 | **DstPortNumber** | Integer | 443 | The destination IP port. | Destination,<br>Port |
 | **DstGeoRegion** | Region (String) | Vermont | The region associated with the destination IP address | Destination,<br>Geo |
-| **DstResourceId** | Device ID (String) |  /subscriptions/3c1bb38c-82e3-4f8d-a115-a7110ba70d05 /resourcegroups/contoso77/providers /microsoft.compute/virtualmachines /victim | The resource ID of the destination device. | Destination |
+| **DstResourceId** | Device ID (String) |  /subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e /resourcegroups/contoso77/providers /microsoft.compute/virtualmachines /victim | The resource ID of the destination device. | Destination |
 | **DstNatIpAddr** | IP address | 2::1 | If reported by an intermediary NAT device such as a firewall, the IP address used by the NAT device for communication with the source. | Destination NAT,<br>IP |
 | **DstNatPortNumber** | int | 443 | If reported by an intermediary NAT device such as a firewall, the port used by the NAT device for communication with the source. | Destination NAT,<br>Port |
 | **DstUserSid** | User SID |  S-12-1445 | The User ID of the identity associated with the session’s destination. Typically, the identity used to authenticate a server. For more information, see [Data types and formats](#data-types-and-formats). | Destination,<br>User |
@@ -145,7 +145,7 @@ Below is the schema of the network sessions table, versioned 1.0.0
 | **SrcDvcMacAddr** | String | 06:10:9f:eb:8f:14 | The source MAC address of a device that is not directly associated with the network packet. | Source,<br>Device,<br>Mac |
 | **SrcPortNumber** | Integer | 2335 | The IP port from which the connection originated. May not be relevant for a session comprising multiple connections. | Source,<br>Port |
 | **SrcGeoRegion** | Region (String) | Vermont | The region within a country/region associated with the source IP address | Source,<br>Geo |
-| **SrcResourceId** | String | /subscriptions/3c1bb38c-82e3-4f8d-a115-a7110ba70d05 /resourcegroups/contoso77/providers /microsoft.compute/virtualmachines /syslogserver1 | The resource ID of the device generating the message. | Source |
+| **SrcResourceId** | String | /subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e /resourcegroups/contoso77/providers /microsoft.compute/virtualmachines /syslogserver1 | The resource ID of the device generating the message. | Source |
 | **SrcNatIpAddr** | IP address | 4.3.2.1 | If reported by an intermediary NAT device such as a firewall, the IP address used by the NAT device for communication with the destination. | Source NAT,<br>IP |
 | **SrcNatPortNumber** | Integer | 345 | If reported by an intermediary NAT device such as a firewall, the port used by the NAT device for communication with the destination. | Source NAT,<br>Port |
 | **SrcUserSid** | User ID (String) | S-15-1445 | The user ID of the identity associated with the sessions source. Typically, user performing an action on the client. For more information, see [Data types and formats](#data-types-and-formats). | Source,<br>User |

articles/sentinel/resource-context-rbac.md

@@ -123,7 +123,7 @@ For example, the following code shows a sample Logstash configuration file:
        workspace_id => "4g5tad2b-a4u4-147v-a4r7-23148a5f2c21" # <your workspace id>
        workspace_key => "u/saRtY0JGHJ4Ce93g5WQ3Lk50ZnZ8ugfd74nk78RPLPP/KgfnjU5478Ndh64sNfdrsMni975HJP6lp==" # <your workspace key>
        custom_log_table_name => "tableName"
-       azure_resource_id => "/subscriptions/wvvu95a2-99u4-uanb-hlbg-2vatvgqtyk7b/resourceGroups/contosotest" # <your resource ID>   
+       azure_resource_id => "/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/contosotest" # <your resource ID>   
      }
  }
 ```

articles/sentinel/ueba-reference.md

@@ -90,7 +90,7 @@ The following table describes the enrichments featured in the **UsersInsights**
 | --- | --- | --- |
 | **Account display name**<br>*(AccountDisplayName)* | The account display name of the user. | Admin, Hayden Cook |
 | **Account domain**<br>*(AccountDomain)* | The account domain name of the user. |  |
-| **Account object ID**<br>*(AccountObjectID)* | The account object ID of the user. | a58df659-5cab-446c-9dd0-5a3af20ce1c2 |
+| **Account object ID**<br>*(AccountObjectID)* | The account object ID of the user. | aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb |
 | **Blast radius**<br>*(BlastRadius)* | The blast radius is calculated based on several factors: the position of the user in the org tree, and the user's Microsoft Entra roles and permissions. User must have *Manager* property populated in Microsoft Entra ID for *BlastRadius* to be calculated. | Low, Medium, High |
 | **Is dormant account**<br>*(IsDormantAccount)* | The account has not been used for the past 180 days. | True, False |
 | **Is local admin**<br>*(IsLocalAdmin)* | The account has local administrator privileges. | True, False |

articles/sentinel/watchlist-schemas.md

@@ -24,7 +24,7 @@ The High Value Assets watchlist lists devices, resources, and other assets that
 | Field name | Format                              | Example                                                                                                                                | Mandatory/Optional |
 | ---------- | ----------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
 | **Asset Type** | String                              | `Device`, `Azure resource`, `AWS resource`, `URL`, `SPO`, `File share`, `Other`                                                                      | Mandatory          |
-| **Asset Id**   | String, depending on asset type | `/subscriptions/d1d8779d-38d7-4f06-91db-9cbc8de0176f/resourceGroups/SOC-Purview/providers/Microsoft.Storage/storageAccounts/purviewadls` | Mandatory          |
+| **Asset Id**   | String, depending on asset type | `/subscriptions/aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/resourceGroups/SOC-Purview/providers/Microsoft.Storage/storageAccounts/purviewadls` | Mandatory          |
 | **Asset Name** | String                              | `Microsoft.Storage/storageAccounts/purviewadls`                                                                                          | Optional           |
 | **Asset FQDN** | FQDN                                | `Finance-SRv.local.microsoft.com`                                                                                                        | Mandatory          |
 | **IP Address** | IP                                  | `1.1.1.1`                                                                                                                                | Optional           |
@@ -38,7 +38,7 @@ The VIP Users watchlist lists user accounts of employees that have high impact v
 | Field name          | Format | Example                                             | Mandatory/Optional |
 | ------------------- | ------ | --------------------------------------------------- | ------------------ |
 | **User Identifier**     | UID    | `52322ec8-6ebf-11eb-9439-0242ac130002`                | Optional           |
-| **User AAD Object Id**  | SID    | `03fa4b4e-dc26-426f-87b7-98e0c9e2955e`                | Optional           |
+| **User AAD Object Id**  | SID    | `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb`                | Optional           |
 | **User On-Prem Sid**    | SID    | `S-1-12-1-4141952679-1282074057-627758481-2916039507` | Optional           |
 | **User Principal Name** | UPN    | `[email protected]`                                  | Mandatory          |
 | **Tags**                | List   | `["SAW user","Blue Ocean team"]` for CSV files created in Microsoft Excel or `[""SAW user"",""Blue Ocean team""]` for CSV files created in a text editor     | Optional           |
@@ -62,7 +62,7 @@ The Terminated Employees watchlist lists user accounts of employees that have be
 | Field name          | Format                                                                          | Example                              | Mandatory/Optional |
 | ------------------- | ------------------------------------------------------------------------------- | ------------------------------------ | ------------------ |
 | **User Identifier**     | UID                                                                             | `52322ec8-6ebf-11eb-9439-0242ac130002` | Optional           |
-| **User AAD Object Id**  | SID                                                                             | `03fa4b4e-dc26-426f-87b7-98e0c9e2955e` | Optional           |
+| **User AAD Object Id**  | SID                                                                             | `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb` | Optional           |
 | **User On-Prem Sid**    | SID                                                                             | `S-1-12-1-4141952679-1282074057-123`   | Optional           |
 | **User Principal Name** | UPN                                                                             | `[email protected]`                  | Mandatory          |
 | **UserState**           | String <br><br>We recommend using either `Notified` or `Terminated` | `Terminated`                           | Mandatory          |
@@ -79,7 +79,7 @@ The Identity Correlation watchlist lists related user accounts that belong to th
 | Field name                       | Format  | Example                                             | Mandatory/Optional |
 | -------------------------------- | ------- | --------------------------------------------------- | ------------------ |
 | **User Identifier**                  | UID     | `52322ec8-6ebf-11eb-9439-0242ac130002`                | Optional           |
-| **User AAD Object Id**               | SID     | `03fa4b4e-dc26-426f-87b7-98e0c9e2955e`                | Optional           |
+| **User AAD Object Id**               | SID     | `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb`                | Optional           |
 | **User On-Prem Sid**                 | SID     | `S-1-12-1-4141952679-1282074057-627758481-2916039507` | Optional           |
 | **User Principal Name**              | UPN     | `[email protected]`                                  | Mandatory          |
 | **Employee Id**                      | String  | `8234123`                                             | Optional           |
@@ -100,7 +100,7 @@ The Service Accounts watchlist lists service accounts and their owners, and incl
 | **Service On-Prem Sid**       | SID    | `S-1-12-1-3123123-123213123-12312312-2916039507`      | Optional           |
 | **Service Principal Name**    | UPN    | `[email protected]`                           | Mandatory          |
 | **Owner User Identifier**     | UID    | `52322ec8-6ebf-11eb-9439-0242ac130002`                | Optional           |
-| **Owner User AAD Object Id**  | SID    | `03fa4b4e-dc26-426f-87b7-98e0c9e2955e`                | Optional           |
+| **Owner User AAD Object Id**  | SID    | `aaaaaaaa-0000-1111-2222-bbbbbbbbbbbb`                | Optional           |
 | **Owner User On-Prem Sid**    | SID    | `S-1-12-1-4141952679-1282074057-627758481-2916039507` | Optional           |
 | **Owner User Principal Name** | UPN    | `[email protected]`                                  | Mandatory          |
 | **Tags**                      | List   | `["Automation Account","GitHub Account"]` for CSV files created in Microsoft Excel or `[""Automation Account"",""GitHub Account""]`for CSV files created in a text editor  | Optional           |