More cleanup

Author: yelevin

articles/sentinel/TOC.yml

@@ -25,8 +25,6 @@
     href: tutorial-enrich-ip-information.md
   - name: Detect Log4j vulnerability exploits
     href: tutorial-log4j-detection.md
-  - name: Detect threats and produce enriched alerts
-    href: tutorial-customize-analytics-rule-query.md
   - name: Get started with notebooks and MSTICPy
     href: notebook-get-started.md
   - name: Create a Power BI report from Microsoft Sentinel

articles/sentinel/detect-threats-custom.md

@@ -220,15 +220,15 @@ In the **Alert grouping** section, if you want a single incident to be generated
 
     :::image type="content" source="media/tutorial-detect-threats-custom/automated-response-tab.png" alt-text="Define the automated response settings":::
 
-1. Select **Review and create** to review all the settings for your new alert rule. When the "Validation passed" message appears, select **Create** to initialize your alert rule.
+1. Select **Review and create** to review all the settings for your new analytics rule. When the "Validation passed" message appears, select **Create**.
 
     :::image type="content" source="media/tutorial-detect-threats-custom/review-and-create-tab.png" alt-text="Review all settings and create the rule":::
 
 ## View the rule and its output
   
 - You can find your newly created custom rule (of type "Scheduled") in the table under the **Active rules** tab on the main **Analytics** screen. From this list you can enable, disable, or delete each rule.
 
-- To view the results of the alert rules you create, go to the **Incidents** page, where you can triage, [investigate incidents](investigate-cases.md), and remediate the threats.
+- To view the results of the analytics rules you create, go to the **Incidents** page, where you can triage incidents, [investigate them](investigate-cases.md), and [remediate the threats](respond-threats-during-investigation.md).
 
 - You can update the rule query to exclude false positives. For more information, see [Handle false positives in Microsoft Sentinel](false-positives.md).
 
@@ -294,8 +294,6 @@ You can also push rules to Microsoft Sentinel via [API](/rest/api/securityinsigh
 
 For more information, see:
 
-For more information, see:
-
 - [Tutorial: Investigate incidents with Microsoft Sentinel](investigate-cases.md)
 - [Classify and analyze data using entities in Microsoft Sentinel](entities.md)
 - [Tutorial: Use playbooks with automation rules in Microsoft Sentinel](tutorial-respond-threats-playbook.md)

articles/sentinel/media/tutorial-log4j-detection/full-review-and-create.png

@@ -129,6 +129,8 @@ In the **Automated response** tab:
 
 1. Select **+ Add new** to create a new automation rule for this analytics rule. This will open the **Create new automation rule** wizard.
 
+    :::image type="content" source="media/tutorial-log4j-detection/add-automation-rule.png" alt-text="Screenshot of Automated response tab in Analytics rule wizard.":::
+
 1. In the **Automation rule name** field, enter **Log4J vulnerability exploit detection - Tutorial-1**.
 
 1. Leave the **Trigger** and **Conditions** sections as they are.
@@ -145,7 +147,7 @@ In the **Automated response** tab:
 
     Select the image below for a display of the full review (most of the query text was clipped for viewability).
 
-    :::image type="content" source="media/tutorial-log4j-detection/review-and-create-tab.png" alt-text="Screenshot of the Review and Create tab of the Analytics rule wizard." lightbox="media/tutorial-log4j-detection/full-review-and-create.png":::
+    :::image type="content" source="media/tutorial-log4j-detection/review-and-create-tab.png" alt-text="Screenshot of the Review and Create tab of the Analytics rule wizard.":::
 
 ## Verify the success of the rule