validating procedures

Author: Shereen-Bhar

articles/defender-for-iot/organizations/how-to-create-attack-vector-reports.md

@@ -9,15 +9,14 @@ ms.topic: how-to
 
 Attack vector reports show a chain of vulnerable devices in a specified attack path. Simulate an attack on a specific target in your network to discover vulnerable devices and analyze attack vectors in real time.
 
-Attack vector reports can also help evaluate mitigation activities to ensure that you're taking all required steps to reduce the risk to your network. For example, use an attack vector report to understand whether a system upgrade would disrupt the attacker's path, or if an alternate attack path still remains. 
+Attack vector reports can also help evaluate mitigation activities to ensure that you're taking all required steps to reduce the risk to your network. For example, use an attack vector report to understand whether a system upgrade would disrupt the attacker's path, or if an alternate attack path still remains.
 
 ## Prerequisites
 
-You must be an **Admin** or **Security Analyst** user to create an attack vector report.
+You must be an **Admin** or **Security Analyst** [user](roles-on-premises.md) to create an attack vector report.
 
 ## Generate an attack vector simulation
 
-
 Generate an attack vector simulation so that you can view the resulting report.
 
 **To generate an attack vector simulation:**
@@ -31,28 +30,27 @@ Generate an attack vector simulation so that you can view the resulting report.
     | **Maximum Vectors** | The maximum number of attack vectors you want to include in the simulation. |
     | **Show in Device Map** | Select to show the attack vector as a group in the **Device map**. |
     | **Show All Source Devices** | Select to consider all devices as a possible attack source. |
-    | **Attack Source** | Shown only, and required, if the **Show All Source Devices** option is toggled off. Select one or more devices to consider as the attack source.|
+    | **Attack Source** | Appears only, and required, if the **Show All Source Devices** option is toggled off. Select one or more devices to consider as the attack source.|
     | **Show All Target Devices** | Select to consider all devices as possible attack targets.|
-    | **Attack Target** | Shown only, and required, if the **Show All Target Devices** option is toggled off. Select one or more devices to consider as the attack target.|
+    | **Attack Target** | Appears only, and required, if the **Show All Target Devices** option is toggled off. Select one or more devices to consider as the attack target.|
     | **Exclude Devices** | Select one or more devices to exclude from the attack vector simulation.|
     | **Exclude Subnets** | Select one or more subnets to exclude from the attack vector simulation.|
 
-1. Select **Save**.
-
-## Attack vector report contents
+1. Select **Save**. Your simulation is added to the list, with the number of attack paths indicated in parenthesis.
+1. Expand your simulation to view the list of possible attack vector, and select one to view more details on the right. For example:
+    :::image type="content" source="media/how-to-generate-reports/sample-attack-vectors.png" alt-text="Screen shot of Attack vectors report." lightbox="media/how-to-generate-reports/sample-attack-vectors.png":::
 
-You can use the report that is saved from the Attack vector page to review:
+## View an attack vector in the Device Map
 
-- network attack paths and insights
-- a risk score
-- source and target devices
-- a graphical representation of attack vectors
+The Device map provides, among [other things](how-to-work-with-the-sensor-device-map.md), a graphical representation of vulnerable devices detected in attack vector reports. To view an attack vector in the Device map:
 
-:::image type="content" source="media/how-to-generate-reports/sample-attack-vectors.png" alt-text="Screen shot of Attack vectors report.":::
+1. In the **Attack vector** page, make sure your simulation has **Show in Device map** toggled on.
+1. Select **Device map** from the side menu.
+1. Select your simulation and then select an attack vector to visualize the devices in your map. For example:
+    :::image type="content" source="media/how-to-generate-reports/sample-device-map.png" alt-text="Screen shot of Device map." lightbox="media/how-to-generate-reports/sample-device-map.png":::
 
 ## Next steps
 
-
 Continue creating other reports for more security data from your OT sensor. For more information, see:
 
 - [Risk assessment reporting](how-to-create-risk-assessment-reports.md)

articles/defender-for-iot/organizations/how-to-create-data-mining-queries.md

@@ -1,7 +1,7 @@
 ---
 title: Create data mining queries and reports in Defender for IoT
 description: Learn how to create granular reports about network devices.
-ms.date: 02/02/2022
+ms.date: 12/05/2022
 ms.topic: how-to
 ---
 
@@ -13,11 +13,11 @@ Data mining information is saved and stored continuously, except for when a devi
 
 ## Prerequisites
 
-You must be an **Admin** or **Security Analyst** user to access predefined data mining reports.
+You must be an **Admin** or **Security Analyst** [user](roles-on-premises.md) to access predefined data mining reports.
 
 ## Create a report
 
-Reports are dynamically updated each time you open them, meaning that the report will show information that's accurate for the date of viewing the report, rather than the date of creating the report.
+Reports are dynamically updated each time you open them. The report shows information that's accurate for the date of viewing the report, rather than the date of creating the report.
 
 **To generate a report**:
 
@@ -35,11 +35,11 @@ Reports are dynamically updated each time you open them, meaning that the report
 
 1. Select **Save** to save your report and display results on the **Data Mining** page.
 
-## Data mining report contents
+## Custom data mining reports
 
-You can use data mining queries for:
+Customize your data mining queries, using the different parameters in the **Create new report** pane, to:
 
-| Information | Description |
+| Purpose | Description |
 |---------|---------|
 | **SOC incident response** | Generate a report in real time to help deal with immediate incident response. For example, Data Mining can generate a report for a list of devices that might require patching. |
 | **Forensics** | Generate a report based on historical data for investigative reports. |
@@ -49,37 +49,33 @@ You can use data mining queries for:
 
 ## Predefined data mining reports
 
-The following predefined reports are available in **Analyze** > **Data Mining**. These queries are generated in real time.
+The following predefined reports are available in the **Data Mining** page. These queries are generated in real time.
 
 | Report | Description |
 |---------|---------|
 | **Programming commands** | Devices that send industrial programming. |
 | **Remote access** | Devices that communicate through remote session protocols. |
 | **Internet activity** | Devices that are connected to the internet. |
 | **CVEs** | A list of devices detected with known vulnerabilities, along with CVSSv2 risk scores. |
-| **Excluded CVEs** | A list of all the CVEs that were manually excluded. Customize the CVE list manually if you want the VA reports and attack vectors to reflect your network more accurately by excluding or including particular CVEs and updating the CVSSv2 score accordingly. |
+| **Excluded CVEs** | A list of all the CVEs that were manually excluded. Customize the CVE list manually if you want the VA reports and attack vectors to reflect your network more accurately. Customization includes excluding or including particular CVEs and updating the CVSSv2 score accordingly. |
 | **Nonactive devices** | Devices that haven't communicated for the past seven days. |
 | **Active devices** | Active network devices within the last 24 hours. |
 
 ## Generate reports in on-premises management console
 
-The on-premises management console lets you generate reports for each sensor that's connected to it. For each sensor, you can generate a default report or a custom report configured on that sensor.
+The on-premises management console lets you generate reports for each sensor that's connected to it. For each sensor, you can generate a default report or a custom report configured on that sensor. When you choose a sensor from the on-premises management console, all the custom reports configured on that sensor appear in the list of reports.
 
 **To generate a report**:
 
-1. On the left pane, select **Reports**. The **Reports** window appears.
+1. Select **Reports** from the side menu.
 
 2. From the **Sensors** drop-down list, select the sensor for which you want to generate the report.
 
-   :::image type="content" source="media/how-to-generate-reports/sensor-drop-down-list.png" alt-text="Screenshot of sensors view.":::
-
-3. From the right drop-down list, select the report that you want to generate.
+3. From the **Select Report** drop-down list, select the report that you want to generate.
 
 4. To create a PDF of the report results, select :::image type="icon" source="media/how-to-generate-reports/pdf-report-icon.png" border="false":::.
 
-## View reports in on-premises management console
-
-When you choose a sensor from the on-premises management console, all the custom reports configured on that sensor appear in the list of reports. 
+## Default reports in on-premises management console
 
 Reports are based on sensor data-mining queries that are performed, and include:
 
@@ -92,9 +88,7 @@ Reports are based on sensor data-mining queries that are performed, and include:
 
 ## Next steps
 
-Reports can be viewed in the **Data Mining** page. You can refresh a report, edit report parameters, and export to a CSV file or PDF. You can also take a snapshot of a report.
-
-For more information, see:
+Continue creating other reports for more security data from your OT sensor. For more information, see:
 
 - [Risk assessment reporting](how-to-create-risk-assessment-reports.md)
 

articles/defender-for-iot/organizations/how-to-create-risk-assessment-reports.md

@@ -13,7 +13,7 @@ Each Defender for IoT network sensor can generate a risk assessment report, whil
 
 ## Prerequisites
 
-- You must be an **Admin** user to import firewall rules to an OT sensor or add backup and anti-virus server addresses.
+- You must be an **Admin** [user](roles-on-premises.md) to import firewall rules to an OT sensor or add backup and anti-virus server addresses.
 
 - You must be an **Admin** or **Security Analyst** user to create or view risk assessment reports on the OT sensor or on-premises management console.
 

articles/defender-for-iot/organizations/how-to-create-trends-and-statistics-reports.md

@@ -1,7 +1,7 @@
 ---
 title: Create trends and statistics reports in Defender for IoT
 description: Gain insight into network activity, statistics, and trends by using Defender for IoT Trends and Statistics widgets.
-ms.date: 02/01/2022
+ms.date: 12/05/2022
 ms.topic: how-to
 ---
 
@@ -11,7 +11,7 @@ On your sensor console, create reports that provide insight into network trends
 
 ## Prerequisites
 
-You must be an **Administrator** or **Security Analyst** user to create dashboards.
+You must be an **Administrator** or **Security Analyst** [user](roles-on-premises.md) to create dashboards.
 
 ## Create dashboards
 
@@ -27,13 +27,13 @@ You can create many different types of dashboards, based on traffic, device stat
     |---------|---------|
     | **Dashboard name** | Enter a meaningful name for your dashboard. |
     | **Dashboard widget type** (Optional) | Filter the widgets displayed by selecting a category or protocol from the  menu. |
-    | **Widget** | Scroll down as needed and select the widget you want to add. Each widget has a short description and indicates whether it focuses on operations, security, or traffic. |
+    | **Widget** | Scroll down as needed and select the widget you want to add. Each widget has a short description and indicates what it focuses on. |
 
 1. Select **Save** to start your new dashboard.
 
 1. Your widget is added to the new dashboard. Use the toolbar at the top of page to continue modifying your dashboard.
 
-By default, results display detections for over the last seven days. Select the **Filter** button at the top left of each widget to change this range.
+By default, results display detections for the current day. Select the **Filter** icon at the top left of each widget to change this range.
 
 > [!NOTE]
 > The time shown in the widget is set according to the sensor machine's time.
@@ -59,7 +59,7 @@ The following table summarizes common use cases for dashboard widgets.
 
 ## Next steps
 
-For more information, see:
+Continue creating other reports for more security data from your OT sensor. For more information, see:
 
 - [Risk assessment reporting](how-to-create-risk-assessment-reports.md)