Merge pull request #285490 from batamig/cust-intents-austin

Stacyrch140 · web-flow · commit 21f15833ccae · 2024-10-13T18:13:07.000-04:00
Adding customer intents - Austin's files
diff --git a/articles/sentinel/billing.md b/articles/sentinel/billing.md
@@ -11,7 +11,10 @@ ms.collection: usx-security
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
-#Customer intent: As a SOC manager, plan Microsoft Sentinel costs so I can understand and optimize the costs of my SIEM.
+
+
+#Customer intent: As a SOC manager, I want to understand Microsoft Sentinel's pricing and billing models so that I can optimize costs and accurately forecast expenses.
+
 ---
 
 # Plan costs and understand Microsoft Sentinel pricing and billing
diff --git a/articles/sentinel/bookmarks.md b/articles/sentinel/bookmarks.md
@@ -9,6 +9,10 @@ ms.collection: usx-security
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
+
+
+#Customer intent: As a security analyst, I want to create and manage hunting bookmarks so that I can preserve and collaborate on relevant threat investigation data.
+
 ---
 
 # Keep track of data during hunting with Microsoft Sentinel
diff --git a/articles/sentinel/ci-cd-custom-content.md b/articles/sentinel/ci-cd-custom-content.md
@@ -8,7 +8,10 @@ ms.service: microsoft-sentinel
 ms.topic: conceptual
 ms.date: 8/24/2022
 ms.custom: template-concept
-#Customer intent: As a SOC collaborator or MSSP analyst, I want to manage dynamic Sentinel workspace content based on source control repositories for continuous integration and continuous delivery (CI/CD). Specifically as an MSSP content manager, I want to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
+
+
+#Customer intent: As a SOC collaborator or MSSP analyst, I want to manage dynamic Microsoft Sentinel content as code based on source control repositories using CI/CD pipelines so that I can automate updates and ensure consistent configurations across workspaces. As an MSSP content manager, I want to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
+
 ---
 
 # Manage custom content with Microsoft Sentinel repositories (public preview)
diff --git a/articles/sentinel/ci-cd-custom-deploy.md b/articles/sentinel/ci-cd-custom-deploy.md
@@ -6,7 +6,10 @@ author: austinmccollum
 ms.topic: how-to
 ms.date: 3/13/2024
 ms.author: austinmc
-#Customer intent: As a SOC collaborator or MSSP analyst, I want to know how to optimize my source control repositories for continuous integration and continuous delivery (CI/CD). Specifically as an MSSP content manager, I want to know how to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
+
+
+#Customer intent: As a SOC collaborator or MSSP analyst, I want to customize repository deployment workflows and pipelines so that I can control deployment triggers, paths, and parameter mappings for efficient and tailored content deployment to cloud workspaces.
+
 ---
 
 # Customize repository deployments (Public Preview)
diff --git a/articles/sentinel/ci-cd.md b/articles/sentinel/ci-cd.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As a SOC collaborator or MSSP analyst, I want to know how to connect my source control repositories for continuous integration and continuous delivery (CI/CD). Specifically as an MSSP content manager, I want to know how to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
+
+
+#Customer intent: As a security administrator or MSSP analyst, I want to manage dynamic Microsoft Sentinel content as code based on source control repositories using CI/CD pipelines. I want to automate updates and ensure consistent configurations across workspaces in my security monitoring environment. As an MSSP content manager, I want to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
+
 ---
 
 # Deploy custom content from your repository (Public preview)
diff --git a/articles/sentinel/connect-mdti-data-connector.md b/articles/sentinel/connect-mdti-data-connector.md
@@ -11,7 +11,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As an SOC admin, I want to use the best threat intelligence from Microsoft so that I can generate high-fidelity alerts and incidents.
+
+
+#Customer intent: As a security administrator, I want to enable the data connector for Microsoft Defender Threat Intelligence so that I can ingest high fidelity indicators of compromise into my Microsoft Sentinel workspace for enhanced threat monitoring and response.
+
 ---
 
 # Enable data connector for Microsoft Defender Threat Intelligence
diff --git a/articles/sentinel/connect-threat-intelligence-taxii.md b/articles/sentinel/connect-threat-intelligence-taxii.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As an SOC admin, I want to connect Microsoft Sentinel to a STIX/TAXII feed to ingest threat intelligence so that I can generate alert incidents.
+
+
+#Customer intent: As a security admin, I want to integrate STIX/TAXII feeds into Microsoft Sentinel to ingest threat intelligence, generating alerts and incidents to enhance threat detection and response capabilities.
+
 ---
 
 # Connect Microsoft Sentinel to STIX/TAXII threat intelligence feeds
diff --git a/articles/sentinel/connect-threat-intelligence-tip.md b/articles/sentinel/connect-threat-intelligence-tip.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As an SOC admin, I want to use a threat intelligence platform solution to ingest threat intelligence so that I can generate alerts incidents.
+
+
+#Customer intent: As a security admin, I want to integrate my threat intelligence platform with Microsoft Sentinel to ingest threat intelligence, generating alerts and incidents so that I can centralize and enhance threat detection and response.
+
 ---
 
 # Connect your threat intelligence platform to Microsoft Sentinel
diff --git a/articles/sentinel/connect-threat-intelligence-upload-api.md b/articles/sentinel/connect-threat-intelligence-upload-api.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As a security engineer, I want to connect a threat intelligence platform with the Upload Indicators API to ingest threat intelligence that so I can use the benefits of this updated API.
+
+
+#Customer intent: As a security admin, I want to connect my threat intelligence platform with Microsoft Sentinel using the appropriate API so that I can centralize and enhance threat detection and response capabilities.
+
 ---
 
 # Connect your threat intelligence platform to Microsoft Sentinel with the Upload Indicators API
diff --git a/articles/sentinel/create-codeless-connector.md b/articles/sentinel/create-codeless-connector.md
@@ -5,6 +5,10 @@ author: austinmccollum
 ms.author: austinmc
 ms.topic: how-to
 ms.date: 09/26/2024
+
+
+#Customer intent: As a security engineer, I want to create custom data connectors for Microsoft Sentinel so that I can ingest and analyze data from various sources without writing code.
+
 ---
 # Create a codeless connector for Microsoft Sentinel
 
diff --git a/articles/sentinel/data-connector-connection-rules-reference.md b/articles/sentinel/data-connector-connection-rules-reference.md
@@ -8,6 +8,10 @@ ms.topic: reference
 ms.date: 9/30/2024
 ms.author: austinmc
 
+
+
+#Customer intent: As a security engineer, I want to reference paging, authentication and payload options to create and configure RestApiPoller data connectors using the Codeless Connector Platform so that I can integrate a specific data source into Microsoft Sentinel without writing custom code.
+
 ---
 
 # RestApiPoller data connector reference for the Codeless Connector Platform
diff --git a/articles/sentinel/data-connector-ui-definitions-reference.md b/articles/sentinel/data-connector-ui-definitions-reference.md
@@ -8,6 +8,10 @@ ms.topic: reference
 ms.date: 11/13/2023
 ms.author: austinmc
 
+
+
+#Customer intent: As a developer, I want to reference user interface options to create and customize data connectors using a codeless platform so that I can integrate various data sources into Microsoft Sentinel without writing custom code.
+
 ---
 
 # Data connector definitions reference for the Codeless Connector Platform
diff --git a/articles/sentinel/enroll-simplified-pricing-tier.md b/articles/sentinel/enroll-simplified-pricing-tier.md
@@ -5,7 +5,10 @@ author: austinmccollum
 ms.topic: how-to
 ms.date: 04/25/2024
 ms.author: austinmc
-#customerintent: As a SOC administrator or a billing specialist, I want to know how to switch to simplified pricing and whether it will benefit us financially or simplify our administration of Microsoft Sentinel and log analytics workspaces.
+
+
+#Customer intent: As a billing administrator, I want to switch to simplified pricing tiers for Microsoft Sentinel so that I can streamline billing and potentially reduce costs.
+
 ---
 
 # Switch to the simplified pricing tiers for Microsoft Sentinel
diff --git a/articles/sentinel/hunting.md b/articles/sentinel/hunting.md
@@ -9,6 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to use advanced threat hunting tools and queries so that I can proactively identify and mitigate security threats across my organization's data sources.
+
 ---
 
 # Threat hunting in Microsoft Sentinel
diff --git a/articles/sentinel/hunts-custom-queries.md b/articles/sentinel/hunts-custom-queries.md
@@ -10,6 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to create and edit custom hunting queries so that I can proactively identify and mitigate security threats specific to my organization's environment.
+
 ---
 
 # Create custom hunting queries in Microsoft Sentinel
diff --git a/articles/sentinel/hunts.md b/articles/sentinel/hunts.md
@@ -10,6 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to conduct end-to-end threat hunting so that I can identify and mitigate undetected threats and malicious behaviors in my environment while managing all components of the hunting process.
+
 ---
 
 # Conduct end-to-end proactive threat hunting in Microsoft Sentinel
diff --git a/articles/sentinel/indicators-bulk-file-import.md b/articles/sentinel/indicators-bulk-file-import.md
@@ -11,7 +11,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As a security analyst, I want to bulk import indicators from common file types to my threat intelligence so that I can more effectively share TI during an investigation.
+
+
+#Customer intent: As a security analyst, I want to import threat indicators in bulk from CSV or JSON files so that I can quickly integrate and analyze emerging threats within my threat intelligence platform.
+
 ---
 
 # Add indicators in bulk to Microsoft Sentinel threat intelligence from a CSV or JSON file
diff --git a/articles/sentinel/livestream.md b/articles/sentinel/livestream.md
@@ -9,6 +9,10 @@ ms.collection: usx-security
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
+
+
+#Customer intent: As a security analyst, I want to create and manage hunting livestream sessions so that I can detect and respond to threats in real-time.
+
 ---
 
 # Detect threats by using hunting livestream in Microsoft Sentinel
diff --git a/articles/sentinel/mitre-coverage.md b/articles/sentinel/mitre-coverage.md
@@ -5,6 +5,10 @@ author: austinmccollum
 ms.topic: how-to
 ms.date: 12/21/2021
 ms.author: austinmc
+
+
+#Customer intent: As a security analyst, I want to use the MITRE ATT&CK framework in Microsoft Sentinel so that I can assess and enhance my organization's threat detection and response capabilities.
+
 ---
 
 # Understand security coverage by the MITRE ATT&CK® framework
diff --git a/articles/sentinel/notebook-get-started.md b/articles/sentinel/notebook-get-started.md
@@ -9,6 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to use Jupyter notebooks with MSTICPy in Microsoft Sentinel so that I can efficiently perform threat hunting and data analysis with minimal coding.
+
 ---
 
 # Get started with Jupyter notebooks and MSTICPy in Microsoft Sentinel
diff --git a/articles/sentinel/notebooks-msticpy-advanced.md b/articles/sentinel/notebooks-msticpy-advanced.md
@@ -6,6 +6,10 @@ ms.author: austinmc
 ms.topic: how-to
 ms.custom: devx-track-python
 ms.date: 01/09/2023
+
+
+#Customer intent: As a security analyst, I want to configure advanced settings for Jupyter notebooks and MSTICPy in Microsoft Sentinel so that I can efficiently hunt for security threats and automate my workflows.
+
 ---
 
 # Advanced configurations for Jupyter notebooks and MSTICPy in Microsoft Sentinel
diff --git a/articles/sentinel/search-jobs.md b/articles/sentinel/search-jobs.md
@@ -9,6 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to search and analyze historical log data across large datasets so that I can investigate and identify specific events.
+
 ---
 
 # Search across long time spans in large datasets
diff --git a/articles/sentinel/sentinel-content-centralize.md b/articles/sentinel/sentinel-content-centralize.md
@@ -6,7 +6,10 @@ author: austinmccollum
 ms.topic: conceptual
 ms.date: 06/22/2023
 ms.author: austinmc
-#Customer intent: As a SIEM decision maker or implementer, I want to know about changes to out-of-the-box content, and how to centralize the management, discovery, and inventory of content in Microsoft Sentinel.
+
+
+#Customer intent: As a security operations center (SOC) admin, I want to centralize and update out-of-the-box (OOTB) content in Microsoft Sentinel so that I can ensure all security tools and templates are current and centrally manage content efficiently.
+
 ---
 
 # Microsoft Sentinel out-of-the-box content centralization changes
diff --git a/articles/sentinel/sentinel-security-copilot.md b/articles/sentinel/sentinel-security-copilot.md
@@ -14,7 +14,10 @@ appliesto:
     - Microsoft Sentinel
     - Copilot for Security
 ms.date: 07/04/2024
-#Customer intent: As a SOC administer or analyst, understand how to use Microsoft Sentinel data with Copilot for Security.
+
+
+#Customer intent: As a security analyst, I want to integrate Copilot for Security with Microsoft Sentinel data so that I can investigate incidents and generate advanced hunting queries at machine speed and scale.
+
 ---
 
 # Microsoft Sentinel incidents in Copilot for Security
diff --git a/articles/sentinel/sentinel-solution.md b/articles/sentinel/sentinel-solution.md
@@ -7,6 +7,10 @@ ms.author: austinmc
 ms.topic: how-to
 ms.collection:
   -       zerotrust-services
+
+
+#Customer intent: As a security analyst, I want to monitor and respond to Zero Trust (TIC 3.0) requirements using automated tools, so that I can ensure compliance and improve our security posture.
+
 ---
 
 # Monitor Zero Trust (TIC 3.0) security architectures with Microsoft Sentinel
diff --git a/articles/sentinel/sentinel-solutions-deploy.md b/articles/sentinel/sentinel-solutions-deploy.md
@@ -8,6 +8,10 @@ ms.author: cwatson
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal.
+
+
+#Customer intent: As a security operations administrator, I want to discover, install, and centrally manage out-of-the-box content so that I can efficiently enhance and maintain my security monitoring capabilities.
+
 ---
 
 # Discover and manage Microsoft Sentinel out-of-the-box content
diff --git a/articles/sentinel/siem-migration.md b/articles/sentinel/siem-migration.md
@@ -8,8 +8,10 @@ ms.date: 9/23/2024
 ms.author: austinmc
 appliesto: 
 - Microsoft Sentinel in the Azure portal
-- Microsoft Sentinel in the Defender portal
-#customer intent: As an SOC administrator, I want to use the SIEM migration experience so I can migrate to Microsoft Sentinel.
+#Customer intent: As an security operations administrator, I want to use the SIEM migration experience so I can streamline a migration to Microsoft Sentinel to enhance my security monitoring capabilities.
+
+
+
 ---
 
 # Migrate to Microsoft Sentinel with the SIEM migration experience
diff --git a/articles/sentinel/threat-intelligence-integration.md b/articles/sentinel/threat-intelligence-integration.md
@@ -9,6 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to integrate various threat intelligence feeds into Microsoft Sentinel so that I can enhance threat detection, investigation, and response capabilities.
+
 ---
 
 # Threat intelligence integration in Microsoft Sentinel
diff --git a/articles/sentinel/understand-threat-intelligence.md b/articles/sentinel/understand-threat-intelligence.md
@@ -10,6 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to integrate threat intelligence into Microsoft Sentinel so that I can detect, investigate, and respond to potential security threats effectively.
+
 ---
 
 # Understand threat intelligence in Microsoft Sentinel
diff --git a/articles/sentinel/upload-indicators-api.md b/articles/sentinel/upload-indicators-api.md
@@ -6,6 +6,10 @@ author: austinmccollum
 ms.topic: reference
 ms.date: 05/23/2023
 ms.author: austinmc
+
+
+#Customer intent: As a security analyst, I want to use the upload indicators API reference to customize the threat intelligence data from my source into Microsoft Sentinel.
+
 ---
 
 # Reference the upload indicators API (Preview) to import threat intelligence to Microsoft Sentinel
diff --git a/articles/sentinel/use-matching-analytics-to-detect-threats.md b/articles/sentinel/use-matching-analytics-to-detect-threats.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As an SOC analyst, I want to match my security data with Microsoft threat intelligence so that I can generate high-fidelity alerts and incidents.
+
+
+#Customer intent: As a security operations analyst, I want to match my security data with Microsoft threat intelligence so I can generate high fidelity alerts and incidents.
+
 ---
 
 # Use matching analytics to detect threats
diff --git a/articles/sentinel/use-threat-indicators-in-analytics-rules.md b/articles/sentinel/use-threat-indicators-in-analytics-rules.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As an SOC analyst, I want to connect the threat intelligence available to analytics rules so that I can generate alerts and incidents.
+
+
+#Customer intent: As a security analyst, I want to configure analytics rules using threat indicators so that I can automatically generate and investigate security alerts based on integrated threat intelligence from various data sources.
+
 ---
 
 # Use threat indicators in analytics rules
diff --git a/articles/sentinel/work-with-threat-indicators.md b/articles/sentinel/work-with-threat-indicators.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As a security analyst, I want to use threat intelligence so that I can power my threat detections.
+
+
+#Customer intent: As a security analyst, I want to use threat intelligence in Microsoft Sentinel so that I can detect and respond to security threats more effectively.
+
 ---
 
 # Work with threat indicators in Microsoft Sentinel
diff --git a/articles/sentinel/workspace-manager.md b/articles/sentinel/workspace-manager.md
@@ -6,6 +6,10 @@ ms.author: austinmc
 ms.topic: how-to
 ms.date: 04/24/2023
 ms.custom: template-how-to
+
+
+#Customer intent: As a Managed Security Services Provider (MSSP) or global enterprise, I want to centrally manage multiple security workspaces so that I can efficiently operate at scale across one or more Azure tenants.
+
 ---
 
 # Centrally manage multiple Microsoft Sentinel workspaces with workspace manager (Preview)
