work on alerts page and delete includes

Author: David Curwin

articles/defender-for-cloud/alerts-reference.md

@@ -126,7 +126,7 @@ You can view the security alerts events in Activity Log by searching for the Act
 |**subStatus**|The value and localizedValue subfields are empty|
 |**submissionTimestamp**|The UTC timestamp of event submission to Activity Log|
 |**subscriptionId**|The subscription ID of the compromised resource|
-|**properties**|A JSON bag of other properties pertaining to the alert. Properties can change from one alert to the other, however, the following fields appear in all alerts:<br>- severity: The severity of the attack<br>- compromisedEntity: The name of the compromised resource<br>- remediationSteps: Array of remediation steps to be taken<br>- intent: The kill-chain intent of the alert. Possible intents are documented in the [Intentions table](alerts-reference.md#intentions)|
+|**properties**|A JSON bag of other properties pertaining to the alert. Properties can change from one alert to the other, however, the following fields appear in all alerts:<br>- severity: The severity of the attack<br>- compromisedEntity: The name of the compromised resource<br>- remediationSteps: Array of remediation steps to be taken<br>- intent: The kill-chain intent of the alert. Possible intents are documented in the [Intentions table](alerts-reference.md#mitre-attck-tactics)|
 |**relatedEvents**|Constant - empty array|
 
 ### [Workflow automation](#tab/schema-workflow-automation)

articles/defender-for-cloud/alerts-schemas.md

@@ -37,7 +37,7 @@ You can use this information to quickly remediate security issues and improve th
 Alerts include details of the incident that triggered them, and recommendations on how to investigate and remediate threats. Alerts can be exported to Microsoft Sentinel or any other third-party SIEM or any other external tool. To learn how to stream alerts, see [Stream alerts to a SIEM, SOAR, or IT classic deployment model solution](export-to-siem.md).
 
 > [!TIP]
-> For a comprehensive list of all Defender for Azure Cosmos DB alerts, see the [alerts reference page](alerts-reference.md#alerts-azurecosmos). This is useful for workload owners who want to know what threats can be detected and help SOC teams gain familiarity with detections before investigating them. Learn more about what's in a Defender for Cloud security alert, and how to manage your alerts in [Manage and respond to security alerts in Microsoft Defender for Cloud](managing-and-responding-alerts.md).
+> For a comprehensive list of all Defender for Azure Cosmos DB alerts, see the [alerts reference page](alerts-reference.md#alerts-for-azure-cosmos-db). This is useful for workload owners who want to know what threats can be detected and help SOC teams gain familiarity with detections before investigating them. Learn more about what's in a Defender for Cloud security alert, and how to manage your alerts in [Manage and respond to security alerts in Microsoft Defender for Cloud](managing-and-responding-alerts.md).
 
 ## Alert types
 

articles/defender-for-cloud/concept-defender-for-cosmos.md

@@ -75,7 +75,7 @@ Dangling DNS protection is available whether your domains are managed with Azure
 
 Learn more about dangling DNS and the threat of subdomain takeover, in [Prevent dangling DNS entries and avoid subdomain takeover](../security/fundamentals/subdomain-takeover.md).
 
-For a full list of the App Service alerts, see the [Reference table of alerts](alerts-reference.md#alerts-azureappserv).
+For a full list of the App Service alerts, see the [Reference table of alerts](alerts-reference.md#alerts-for-azure-app-service).
 
 > [!NOTE]
 > Defender for Cloud might not trigger dangling DNS alerts if your custom domain doesn't point directly to an App Service resource, or if Defender for Cloud hasn't monitored traffic to your website since the dangling DNS protection was enabled (because there won't be logs to help identify the custom domain).
@@ -90,5 +90,5 @@ In this article, you learned about Microsoft Defender for App Service.
 For related material, see the following articles:
 
 - To export your alerts to Microsoft Sentinel, any third-party SIEM, or any other external tool, follow the instructions in [Stream alerts to a SIEM, SOAR, or IT Service Management solution](export-to-siem.md).
-- For a list of the Microsoft Defender for App Service alerts, see the [Reference table of alerts](alerts-reference.md#alerts-azureappserv).
+- For a list of the Microsoft Defender for App Service alerts, see the [Reference table of alerts](alerts-reference.md#alerts-for-azure-app-service).
 - For more information on App Service plans, see [App Service plans](https://azure.microsoft.com/pricing/details/app-service/plans/).

articles/defender-for-cloud/defender-for-app-service-introduction.md

@@ -72,7 +72,7 @@ You can also learn more by watching these videos from the Defender for Cloud in
 
 ## Simulate security alerts from Microsoft Defender for Containers
 
-A full list of supported alerts is available in the [reference table of all Defender for Cloud security alerts](alerts-reference.md#alerts-k8scluster).
+A full list of supported alerts is available in the [reference table of all Defender for Cloud security alerts](alerts-reference.md#alerts-for-containers-kubernetes-clusters).
 
 1. To simulate a security alert, run the following command from the cluster:
 

articles/defender-for-cloud/defender-for-containers-enable.md

@@ -99,7 +99,7 @@ The security alerts page opens:
 
    :::image type="content" source="media/defender-for-containers/view-containers-alerts.png" alt-text="Screenshot showing you where to view the list of alerts." lightbox="media/defender-for-containers/view-containers-alerts.png":::
 
-Security alerts for runtime workload in the clusters can be recognized by the `K8S.NODE_` prefix of the alert type.  For a full list of the cluster level alerts, see the [reference table of alerts](alerts-reference.md#alerts-k8scluster).
+Security alerts for runtime workload in the clusters can be recognized by the `K8S.NODE_` prefix of the alert type.  For a full list of the cluster level alerts, see the [reference table of alerts](alerts-reference.md#alerts-for-containers-kubernetes-clusters).
 
 Defender for Containers also includes host-level threat detection with over 60 Kubernetes-aware analytics, AI, and anomaly detections based on your runtime workload.
 

articles/defender-for-cloud/defender-for-containers-introduction.md

@@ -131,7 +131,7 @@ Use an Azure Policy to enable Microsoft Defender for Cloud across storage accoun
 
 ## Simulate security alerts from Microsoft Defender for Azure Cosmos DB
 
-A full list of [supported alerts](alerts-reference.md#alerts-azurecosmos) is available in the reference table of all Defender for Cloud security alerts.
+A full list of [supported alerts](alerts-reference.md#alerts-for-azure-cosmos-db) is available in the reference table of all Defender for Cloud security alerts.
 
 You can use sample Microsoft Defender for Azure Cosmos DB alerts to evaluate their value, and capabilities. Sample alerts will also validate any configurations you've made for your security alerts (such as SIEM integrations, workflow automation, and email notifications).
 

articles/defender-for-cloud/defender-for-databases-enable-cosmos-protections.md

@@ -53,7 +53,7 @@ Threat intelligence enriched security alerts are triggered when there are:
 - **Brute-force attacks** – With the ability to separate simple brute force from brute force on a valid user or a successful brute force
 
 > [!TIP]
-> View the full list of security alerts for database servers [in the alerts reference page](alerts-reference.md#alerts-osrdb).
+> View the full list of security alerts for database servers [in the alerts reference page](alerts-reference.md#alerts-for-open-source-relational-databases).
 
 ## Next steps
 

articles/defender-for-cloud/defender-for-databases-introduction.md

@@ -32,7 +32,7 @@ Microsoft Defender for DNS detects suspicious and anomalous activities such as:
 - **DNS attacks** - communication with malicious DNS resolvers
 - **Communication with domains used for malicious activities** such as phishing and crypto mining
 
-A full list of the alerts provided by Microsoft Defender for DNS is on the [alerts reference page](alerts-reference.md#alerts-dns).
+A full list of the alerts provided by Microsoft Defender for DNS is on the [alerts reference page](alerts-reference.md#alerts-for-dns).
 
 ## Dependencies
 

articles/defender-for-cloud/defender-for-dns-introduction.md

@@ -101,6 +101,6 @@ In this article, you learned about Microsoft Defender for Key Vault.
 
 For related material, see the following articles:
 
-- [Key Vault security alerts](alerts-reference.md#alerts-azurekv)--The Key Vault section of the reference table for all Microsoft Defender for Cloud alerts
+- [Key Vault security alerts](alerts-reference.md#alerts-for-azure-key-vault)--The Key Vault section of the reference table for all Microsoft Defender for Cloud alerts
 - [Continuously export Defender for Cloud data](continuous-export.md)
 - [Suppress security alerts](alerts-suppression-rules.md)