Adding customer intents - Austin's files

batamig · batamig · commit 31c3570c172c · 2024-08-26T15:24:32.000+03:00
diff --git a/articles/sentinel/billing.md b/articles/sentinel/billing.md
@@ -12,6 +12,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 #Customer intent: As a SOC manager, plan Microsoft Sentinel costs so I can understand and optimize the costs of my SIEM.
+
+
+#Customer intent: [AI]As a financial planner for cloud security solutions, I want to understand Microsoft Sentinel's pricing and billing models so that I can optimize costs and accurately forecast expenses.
+
 ---
 
 # Plan costs and understand Microsoft Sentinel pricing and billing
diff --git a/articles/sentinel/bookmarks.md b/articles/sentinel/bookmarks.md
@@ -9,6 +9,10 @@ ms.collection: usx-security
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
+
+
+#Customer intent: [AI]As a security analyst, I want to create and manage hunting bookmarks so that I can preserve and collaborate on relevant threat investigation data.
+
 ---
 
 # Keep track of data during hunting with Microsoft Sentinel
diff --git a/articles/sentinel/ci-cd-custom-content.md b/articles/sentinel/ci-cd-custom-content.md
@@ -9,6 +9,10 @@ ms.topic: conceptual
 ms.date: 8/24/2022
 ms.custom: template-concept
 #Customer intent: As a SOC collaborator or MSSP analyst, I want to manage dynamic Sentinel workspace content based on source control repositories for continuous integration and continuous delivery (CI/CD). Specifically as an MSSP content manager, I want to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
+
+
+#Customer intent: [AI]As a security operations engineer, I want to manage and deploy Microsoft Sentinel content as code using CI/CD pipelines so that I can automate updates and ensure consistent configurations across workspaces.
+
 ---
 
 # Manage custom content with Microsoft Sentinel repositories (public preview)
diff --git a/articles/sentinel/ci-cd-custom-deploy.md b/articles/sentinel/ci-cd-custom-deploy.md
@@ -7,6 +7,10 @@ ms.topic: how-to
 ms.date: 3/13/2024
 ms.author: austinmc
 #Customer intent: As a SOC collaborator or MSSP analyst, I want to know how to optimize my source control repositories for continuous integration and continuous delivery (CI/CD). Specifically as an MSSP content manager, I want to know how to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
+
+
+#Customer intent: [AI]As a DevOps engineer, I want to customize repository deployment workflows and pipelines so that I can control deployment triggers, paths, and parameter mappings for efficient and tailored content deployment to cloud workspaces.
+
 ---
 
 # Customize repository deployments (Public Preview)
diff --git a/articles/sentinel/ci-cd.md b/articles/sentinel/ci-cd.md
@@ -11,6 +11,10 @@ appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
 #Customer intent: As a SOC collaborator or MSSP analyst, I want to know how to connect my source control repositories for continuous integration and continuous delivery (CI/CD). Specifically as an MSSP content manager, I want to know how to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
+
+
+#Customer intent: [AI]As a security operations analyst, I want to deploy and manage custom content from my source control repository to my SIEM platform so that I can streamline updates and maintain consistency across my security monitoring environment.
+
 ---
 
 # Deploy custom content from your repository (Public preview)
diff --git a/articles/sentinel/connect-mdti-data-connector.md b/articles/sentinel/connect-mdti-data-connector.md
@@ -12,6 +12,10 @@ appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
 #customer intent: As a SOC admin, I want to utilize the best threat intelligence from Microsoft, so I can generate high fidelity alerts and incidents.
+
+
+#Customer intent: [AI]As a security analyst, I want to enable the data connector for Microsoft Defender Threat Intelligence so that I can ingest high fidelity indicators of compromise into my Microsoft Sentinel workspace for enhanced threat monitoring and response.
+
 ---
 
 # Enable data connector for Microsoft Defender Threat Intelligence
diff --git a/articles/sentinel/connect-threat-intelligence-taxii.md b/articles/sentinel/connect-threat-intelligence-taxii.md
@@ -11,6 +11,10 @@ appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
 #customer intent: As a SOC admin, I want to connect Microsoft Sentinel to a STIX/TAXII feed to ingest threat intelligence, so I can generate alerts incidents.
+
+
+#Customer intent: [AI]As a security analyst, I want to integrate STIX/TAXII threat intelligence feeds into my SIEM platform so that I can enhance threat detection and response capabilities.
+
 ---
 
 # Connect Microsoft Sentinel to STIX/TAXII threat intelligence feeds
diff --git a/articles/sentinel/connect-threat-intelligence-tip.md b/articles/sentinel/connect-threat-intelligence-tip.md
@@ -11,6 +11,10 @@ appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
 #customer intent: As a SOC admin, I want to use a Threat Intelligence Platform solution to ingest threat intelligence, so I can generate alerts incidents.
+
+
+#Customer intent: [AI]As a security analyst, I want to integrate my threat intelligence platform with a SIEM solution so that I can centralize and enhance threat detection and response.
+
 ---
 
 # Connect your threat intelligence platform to Microsoft Sentinel
diff --git a/articles/sentinel/connect-threat-intelligence-upload-api.md b/articles/sentinel/connect-threat-intelligence-upload-api.md
@@ -11,6 +11,10 @@ appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
 #customer intent: As a SOC admin, I want to connect my Threat Intelligence Platform with the upload indicators API to ingest threat intelligence, so I can utilize the benefits of this updated API.
+
+
+#Customer intent: [AI]As a security analyst, I want to integrate my threat intelligence platform with a SIEM solution so that I can centralize and enhance threat detection and response capabilities.
+
 ---
 
 # Connect your threat intelligence platform to Microsoft Sentinel with the upload indicators API
diff --git a/articles/sentinel/create-codeless-connector-legacy.md b/articles/sentinel/create-codeless-connector-legacy.md
@@ -5,6 +5,10 @@ author: austinmccollum
 ms.author: austinmc
 ms.topic: how-to
 ms.date: 11/22/2023
+
+
+#Customer intent: [AI]As a developer, I want to create and deploy a custom data connector for a cloud-based security information and event management (SIEM) system so that I can ingest and monitor data from various sources without writing code.
+
 ---
 # Create a legacy codeless connector for Microsoft Sentinel
 
diff --git a/articles/sentinel/create-codeless-connector.md b/articles/sentinel/create-codeless-connector.md
@@ -5,6 +5,10 @@ author: austinmccollum
 ms.author: austinmc
 ms.topic: how-to
 ms.date: 06/26/2024
+
+
+#Customer intent: [AI]As a security analyst, I want to create custom data connectors for my SIEM platform so that I can ingest and analyze data from various sources without writing code.
+
 ---
 # Create a codeless connector for Microsoft Sentinel
 
diff --git a/articles/sentinel/data-connector-connection-rules-reference.md b/articles/sentinel/data-connector-connection-rules-reference.md
@@ -8,6 +8,10 @@ ms.topic: reference
 ms.date: 11/13/2023
 ms.author: austinmc
 
+
+
+#Customer intent: [AI]As a security engineer, I want to create and configure data connectors using the Codeless Connector Platform so that I can integrate various data sources into my security monitoring system without writing custom code.
+
 ---
 
 # Data connector reference for the Codeless Connector Platform
diff --git a/articles/sentinel/data-connector-ui-definitions-reference.md b/articles/sentinel/data-connector-ui-definitions-reference.md
@@ -8,6 +8,10 @@ ms.topic: reference
 ms.date: 11/13/2023
 ms.author: austinmc
 
+
+
+#Customer intent: [AI]As a developer, I want to create and customize data connectors using a codeless platform so that I can integrate various data sources into my monitoring and analytics environment efficiently.
+
 ---
 
 # Data connector definitions reference for the Codeless Connector Platform
diff --git a/articles/sentinel/enroll-simplified-pricing-tier.md b/articles/sentinel/enroll-simplified-pricing-tier.md
@@ -6,6 +6,10 @@ ms.topic: how-to
 ms.date: 04/25/2024
 ms.author: austinmc
 #customerintent: As a SOC administrator or a billing specialist, I want to know how to switch to simplified pricing and whether it will benefit us financially or simplify our administration of Microsoft Sentinel and log analytics workspaces.
+
+
+#Customer intent: [AI]As a cloud administrator, I want to switch to simplified pricing tiers for Microsoft Sentinel so that I can streamline billing and potentially reduce costs.
+
 ---
 
 # Switch to the simplified pricing tiers for Microsoft Sentinel
diff --git a/articles/sentinel/hunting.md b/articles/sentinel/hunting.md
@@ -9,6 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: [AI]As a security analyst, I want to use advanced threat hunting tools and queries so that I can proactively identify and mitigate security threats across my organization's data sources.
+
 ---
 
 # Threat hunting in Microsoft Sentinel
diff --git a/articles/sentinel/hunts-custom-queries.md b/articles/sentinel/hunts-custom-queries.md
@@ -10,6 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: [AI]As a security analyst, I want to create and edit custom hunting queries in my SIEM platform so that I can proactively identify and mitigate security threats specific to my organization's environment.
+
 ---
 
 # Create custom hunting queries in Microsoft Sentinel
diff --git a/articles/sentinel/hunts.md b/articles/sentinel/hunts.md
@@ -10,6 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: [AI]As a security analyst, I want to conduct end-to-end proactive threat hunting so that I can identify and mitigate undetected threats and malicious behaviors in my environment.
+
 ---
 
 # Conduct end-to-end proactive threat hunting in Microsoft Sentinel
diff --git a/articles/sentinel/indicators-bulk-file-import.md b/articles/sentinel/indicators-bulk-file-import.md
@@ -12,6 +12,10 @@ appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
 #Customer intent: As a security analyst, I want to bulk import indicators from common file types to my threat intelligence (TI), so I can more effectively share TI during an investigation.
+
+
+#Customer intent: [AI]As a security analyst, I want to import threat indicators in bulk from CSV or JSON files so that I can quickly integrate and analyze emerging threats within my threat intelligence platform.
+
 ---
 
 # Add indicators in bulk to Microsoft Sentinel threat intelligence from a CSV or JSON file
diff --git a/articles/sentinel/livestream.md b/articles/sentinel/livestream.md
@@ -9,6 +9,10 @@ ms.collection: usx-security
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
+
+
+#Customer intent: [AI]As a security analyst, I want to create and manage hunting livestream sessions so that I can detect and respond to threats in real-time.
+
 ---
 
 # Detect threats by using hunting livestream in Microsoft Sentinel
diff --git a/articles/sentinel/mitre-coverage.md b/articles/sentinel/mitre-coverage.md
@@ -5,6 +5,10 @@ author: austinmccollum
 ms.topic: how-to
 ms.date: 12/21/2021
 ms.author: austinmc
+
+
+#Customer intent: [AI]As a security analyst, I want to use the MITRE ATT&CK framework in my SIEM tool so that I can assess and enhance my organization's threat detection and response capabilities.
+
 ---
 
 # Understand security coverage by the MITRE ATT&CK® framework
diff --git a/articles/sentinel/notebook-get-started.md b/articles/sentinel/notebook-get-started.md
@@ -9,6 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: [AI]As a cybersecurity analyst, I want to use Jupyter notebooks with MSTICPy in Microsoft Sentinel so that I can efficiently perform threat hunting and data analysis with minimal coding.
+
 ---
 
 # Get started with Jupyter notebooks and MSTICPy in Microsoft Sentinel
diff --git a/articles/sentinel/notebooks-msticpy-advanced.md b/articles/sentinel/notebooks-msticpy-advanced.md
@@ -6,6 +6,10 @@ ms.author: austinmc
 ms.topic: how-to
 ms.custom: devx-track-python
 ms.date: 01/09/2023
+
+
+#Customer intent: [AI]As a security analyst, I want to configure advanced settings for Jupyter notebooks and MSTICPy in Microsoft Sentinel so that I can efficiently hunt for security threats and automate my workflows.
+
 ---
 
 # Advanced configurations for Jupyter notebooks and MSTICPy in Microsoft Sentinel
diff --git a/articles/sentinel/search-jobs.md b/articles/sentinel/search-jobs.md
@@ -9,6 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: [AI]As a security analyst, I want to search and analyze historical log data across large datasets so that I can investigate and identify specific events from up to seven years ago.
+
 ---
 
 # Search across long time spans in large datasets
diff --git a/articles/sentinel/sentinel-content-centralize.md b/articles/sentinel/sentinel-content-centralize.md
@@ -7,6 +7,10 @@ ms.topic: conceptual
 ms.date: 06/22/2023
 ms.author: austinmc
 #Customer intent: As a SIEM decision maker or implementer, I want to know about changes to out-of-the-box content, and how to centralize the management, discovery, and inventory of content in Microsoft Sentinel.
+
+
+#Customer intent: [AI]As a security operations center (SOC) analyst, I want to centralize and update out-of-the-box (OOTB) content in Microsoft Sentinel so that I can ensure all security tools and templates are current and managed efficiently.
+
 ---
 
 # Microsoft Sentinel out-of-the-box content centralization changes
diff --git a/articles/sentinel/sentinel-security-copilot.md b/articles/sentinel/sentinel-security-copilot.md
@@ -15,6 +15,10 @@ appliesto:
     - Copilot for Security
 ms.date: 07/04/2024
 #Customer intent: As a SOC administer or analyst, understand how to use Microsoft Sentinel data with Copilot for Security.
+
+
+#Customer intent: [AI]As a security analyst, I want to integrate Microsoft Sentinel with Copilot for Security so that I can efficiently investigate incidents and generate advanced hunting queries.
+
 ---
 
 # Investigate Microsoft Sentinel incidents in Copilot for Security
diff --git a/articles/sentinel/sentinel-solution.md b/articles/sentinel/sentinel-solution.md
@@ -7,6 +7,10 @@ ms.author: austinmc
 ms.topic: how-to
 ms.collection:
   -       zerotrust-services
+
+
+#Customer intent: [AI]As a security governance professional, I want to monitor and respond to Zero Trust (TIC 3.0) requirements using automated tools, so that I can ensure compliance and improve our security posture.
+
 ---
 
 # Monitor Zero Trust (TIC 3.0) security architectures with Microsoft Sentinel
diff --git a/articles/sentinel/sentinel-solutions-deploy.md b/articles/sentinel/sentinel-solutions-deploy.md
@@ -8,6 +8,10 @@ ms.author: austinmc
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal.
+
+
+#Customer intent: [AI]As a security operations analyst, I want to discover, install, and manage out-of-the-box content in a centralized hub so that I can efficiently enhance and maintain my security monitoring capabilities.
+
 ---
 
 # Discover and manage Microsoft Sentinel out-of-the-box content
diff --git a/articles/sentinel/siem-migration.md b/articles/sentinel/siem-migration.md
@@ -9,6 +9,10 @@ ms.author: austinmc
 appliesto: 
 - Microsoft Sentinel in the Azure portal
 #customer intent: As an SOC administrator, I want to use the SIEM migration experience so I can migrate to Microsoft Sentinel.
+
+
+#Customer intent: [AI]As a security operations manager, I want to migrate my SIEM from Splunk to Microsoft Sentinel so that I can streamline and enhance my security monitoring capabilities.
+
 ---
 
 # Migrate to Microsoft Sentinel with the SIEM migration experience
diff --git a/articles/sentinel/threat-intelligence-integration.md b/articles/sentinel/threat-intelligence-integration.md
@@ -9,6 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: [AI]As a security analyst, I want to integrate various threat intelligence feeds into my SIEM platform so that I can enhance threat detection, investigation, and response capabilities.
+
 ---
 
 # Threat intelligence integration in Microsoft Sentinel
diff --git a/articles/sentinel/understand-threat-intelligence.md b/articles/sentinel/understand-threat-intelligence.md
@@ -10,6 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: [AI]As a security analyst, I want to integrate and manage threat intelligence in my SIEM solution so that I can detect, investigate, and respond to potential security threats effectively.
+
 ---
 
 # Understand threat intelligence in Microsoft Sentinel
diff --git a/articles/sentinel/upload-indicators-api.md b/articles/sentinel/upload-indicators-api.md
@@ -6,6 +6,10 @@ author: austinmccollum
 ms.topic: reference
 ms.date: 05/23/2023
 ms.author: austinmc
+
+
+#Customer intent: [AI]As a security analyst, I want to use the upload indicators API to import threat intelligence data into my SIEM system so that I can enhance threat detection and response capabilities.
+
 ---
 
 # Reference the upload indicators API (Preview) to import threat intelligence to Microsoft Sentinel
diff --git a/articles/sentinel/use-matching-analytics-to-detect-threats.md b/articles/sentinel/use-matching-analytics-to-detect-threats.md
@@ -11,6 +11,10 @@ appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
 #Customer intent: As a SOC analyst, I want to match my security data with Microsoft threat intelligence so I can generate high fidelity alerts and incidents.
+
+
+#Customer intent: [AI]As a security analyst, I want to configure and use matching analytics to detect threats so that I can generate high fidelity alerts and incidents from various data sources.
+
 ---
 
 # Use matching analytics to detect threats
diff --git a/articles/sentinel/use-threat-indicators-in-analytics-rules.md b/articles/sentinel/use-threat-indicators-in-analytics-rules.md
@@ -11,6 +11,10 @@ appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
 #Customer intent: As a SOC analyst, I want to connect the threat intelligence available to analytics rules so I can generate alerts and incidents.
+
+
+#Customer intent: [AI]As a security analyst, I want to configure analytics rules using threat indicators so that I can automatically generate and investigate security alerts based on integrated threat intelligence.
+
 ---
 
 # Use threat indicators in analytics rules
diff --git a/articles/sentinel/work-with-threat-indicators.md b/articles/sentinel/work-with-threat-indicators.md
@@ -11,6 +11,10 @@ appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
 #customer intent: As a security analyst, I want to use threat intelligence so I can power my threat detections.
+
+
+#Customer intent: [AI]As a security analyst, I want to integrate, manage, and visualize threat intelligence in a cloud-based SIEM platform so that I can detect and respond to security threats more effectively.
+
 ---
 
 # Work with threat indicators in Microsoft Sentinel
diff --git a/articles/sentinel/workspace-manager.md b/articles/sentinel/workspace-manager.md
@@ -6,6 +6,10 @@ ms.author: austinmc
 ms.topic: how-to
 ms.date: 04/24/2023
 ms.custom: template-how-to
+
+
+#Customer intent: [AI]As a Managed Security Services Provider (MSSP) or global enterprise, I want to centrally manage multiple security workspaces so that I can efficiently operate at scale across one or more Azure tenants.
+
 ---
 
 # Centrally manage multiple Microsoft Sentinel workspaces with workspace manager (Preview)
