Skip to content

Commit 370c5f6

Browse files
committed
More cleanup
1 parent 34f7110 commit 370c5f6

File tree

7 files changed

+5
-332
lines changed

7 files changed

+5
-332
lines changed

articles/sentinel/TOC.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,6 @@
2525
href: tutorial-enrich-ip-information.md
2626
- name: Detect Log4j vulnerability exploits
2727
href: tutorial-log4j-detection.md
28-
- name: Detect threats and produce enriched alerts
29-
href: tutorial-customize-analytics-rule-query.md
3028
- name: Get started with notebooks and MSTICPy
3129
href: notebook-get-started.md
3230
- name: Create a Power BI report from Microsoft Sentinel

articles/sentinel/detect-threats-custom.md

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -220,15 +220,15 @@ In the **Alert grouping** section, if you want a single incident to be generated
220220
221221
:::image type="content" source="media/tutorial-detect-threats-custom/automated-response-tab.png" alt-text="Define the automated response settings":::
222222
223-
1. Select **Review and create** to review all the settings for your new alert rule. When the "Validation passed" message appears, select **Create** to initialize your alert rule.
223+
1. Select **Review and create** to review all the settings for your new analytics rule. When the "Validation passed" message appears, select **Create**.
224224
225225
:::image type="content" source="media/tutorial-detect-threats-custom/review-and-create-tab.png" alt-text="Review all settings and create the rule":::
226226
227227
## View the rule and its output
228228
229229
- You can find your newly created custom rule (of type "Scheduled") in the table under the **Active rules** tab on the main **Analytics** screen. From this list you can enable, disable, or delete each rule.
230230
231-
- To view the results of the alert rules you create, go to the **Incidents** page, where you can triage, [investigate incidents](investigate-cases.md), and remediate the threats.
231+
- To view the results of the analytics rules you create, go to the **Incidents** page, where you can triage incidents, [investigate them](investigate-cases.md), and [remediate the threats](respond-threats-during-investigation.md).
232232
233233
- You can update the rule query to exclude false positives. For more information, see [Handle false positives in Microsoft Sentinel](false-positives.md).
234234
@@ -294,8 +294,6 @@ You can also push rules to Microsoft Sentinel via [API](/rest/api/securityinsigh
294294
295295
For more information, see:
296296
297-
For more information, see:
298-
299297
- [Tutorial: Investigate incidents with Microsoft Sentinel](investigate-cases.md)
300298
- [Classify and analyze data using entities in Microsoft Sentinel](entities.md)
301299
- [Tutorial: Use playbooks with automation rules in Microsoft Sentinel](tutorial-respond-threats-playbook.md)
Binary file not shown.
Binary file not shown.
Binary file not shown.

articles/sentinel/tutorial-customize-analytics-rule-query.md

Lines changed: 0 additions & 325 deletions
This file was deleted.

articles/sentinel/tutorial-log4j-detection.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -129,6 +129,8 @@ In the **Automated response** tab:
129129

130130
1. Select **+ Add new** to create a new automation rule for this analytics rule. This will open the **Create new automation rule** wizard.
131131

132+
:::image type="content" source="media/tutorial-log4j-detection/add-automation-rule.png" alt-text="Screenshot of Automated response tab in Analytics rule wizard.":::
133+
132134
1. In the **Automation rule name** field, enter **Log4J vulnerability exploit detection - Tutorial-1**.
133135

134136
1. Leave the **Trigger** and **Conditions** sections as they are.
@@ -145,7 +147,7 @@ In the **Automated response** tab:
145147

146148
Select the image below for a display of the full review (most of the query text was clipped for viewability).
147149

148-
:::image type="content" source="media/tutorial-log4j-detection/review-and-create-tab.png" alt-text="Screenshot of the Review and Create tab of the Analytics rule wizard." lightbox="media/tutorial-log4j-detection/full-review-and-create.png":::
150+
:::image type="content" source="media/tutorial-log4j-detection/review-and-create-tab.png" alt-text="Screenshot of the Review and Create tab of the Analytics rule wizard.":::
149151

150152
## Verify the success of the rule
151153

0 commit comments

Comments
 (0)