Merge pull request #108302 from memildin/asc-melvyn-alertsschema

PRMerger14 · web-flow · commit 3d11b8057f07 · 2020-03-19T06:31:11.000-07:00
Removed mentions of confidence score
diff --git a/articles/security-center/security-center-troubleshooting-guide.md b/articles/security-center/security-center-troubleshooting-guide.md
@@ -34,8 +34,6 @@ Depending on the alert types, customers can gather the necessary information to
 * AuditD in Linux
 * The Azure activity logs, and the enable diagnostic logs on the attack resource.
 
-For some alerts we also have a confidence score. The confidence score in **Security Center** can help your team triage and prioritize alerts. **Security Center** automatically applies industry best practices, intelligent algorithms, and processes used by analysts to determine whether a threat is legitimate and provides meaningful insights in the form of a confidence score.
-
 Customers can share feedback for the alert description and relevance. Navigate to the alert itself, select the **Was This Useful** button, select the reason, and then enter a comment to explain which explains the feedback. We consistently monitor this feedback channel to improve our alerts.
 
 ## Audit log
@@ -70,7 +68,7 @@ There are two installation scenarios that can produce different results when ins
 
 * **Agent installed automatically by Security Center**: in this scenario you will be able to view the alerts in both locations, Security Center and Log search. You will receive email notifications to the email address that was configured in the security policy for the subscription the resource belongs to.
 
-* **Agent manually installed on a VM located in Azure**: in this scenario, if you are using agents downloaded and installed manually prior to February 2017, you can view the alerts in the Security Center portal only if you filter on the subscription the workspace belongs to. If you filter on the subscription the resource belongs to, you won’t see any alerts. You'll receive email notifications to the email address that was configured in the security policy for the subscription the workspace belongs to.
+* **Agent manually installed on a VM located in Azure**: in this scenario, if you are using agents downloaded and installed manually prior to February 2017, you can view the alerts in the Security Center portal only if you filter on the subscription the workspace belongs to. If you filter on the subscription the resource belongs to, you won't see any alerts. You'll receive email notifications to the email address that was configured in the security policy for the subscription the workspace belongs to.
 
 > [!NOTE]
 > To avoid the behavior explained in the second scenario, make sure you download the latest version of the agent.
@@ -88,8 +86,8 @@ There are two installation scenarios that can produce different results when ins
 |Installation failed - general error | The Microsoft Monitoring Agent was installed but failed due to an error. | [Manually install the extension](../azure-monitor/learn/quick-collect-azurevm.md#enable-the-log-analytics-vm-extension) or uninstall the extension so Security Center will try to install again. |
 | Installation failed -  local agent already installed | Microsoft Monitoring Agent install failed. Security Center identified a local agent (Log Analytics or System Center Operations Manager) already installed on the VM. To avoid multi-homing configuration, where the VM is reporting to two separate workspaces, the Microsoft Monitoring Agent installation stopped. | There are two ways to resolve: [manually install the extension](../azure-monitor/learn/quick-collect-azurevm.md#enable-the-log-analytics-vm-extension) and connect it to your desired workspace. Or, set your desired workspace as your default workspace and enable automatic provisioning of the agent.  See [enable automatic provisioning](security-center-enable-data-collection.md). |
 | Agent cannot connect to workspace | Microsoft Monitoring Agent installed but failed due to network connectivity.  Check that there is  internet access or that a valid HTTP proxy has been configured for the agent. | See monitoring agent network requirements. |
-| Agent connected to missing or unknown workspace | Security Center identified that the Microsoft Monitoring Agent installed on the VM is connected to a workspace which it doesn’t have access to. | This can happen in two cases. The workspace was deleted and no longer exists. Reinstall the agent with the correct workspace or uninstall the agent and allow Security Center to complete its automatic provisioning installation. The second case is where the workspace is part of a subscription that Security Center does not have permissions to. Security Center requires subscriptions to allow the Microsoft Security Resource Provider to access them. To enable, register the subscription to the Microsoft Security Resource Provider. This can be done by API, PowerShell, portal or by simply filtering on the subscription in the Security Center **Overview** dashboard. See [Resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md#azure-portal) for more information. |
-| Agent not responsive or missing ID | Security Center is unable to retrieve security data scanned from the VM, even though the agent is installed. | The agent is not reporting any data, including heartbeat. The agent might be damaged or something is blocking traffic. Or, the agent is reporting data but is missing an Azure resource ID so it’s impossible to match the data to the Azure VM. To troubleshoot Linux, see [Troubleshooting Guide for Log Analytics Agent for Linux](https://github.com/Microsoft/OMS-Agent-for-Linux/blob/master/docs/Troubleshooting.md#im-not-seeing-any-linux-data-in-the-oms-portal). To troubleshoot Windows, see [Troubleshooting Windows Virtual Machines](https://github.com/MicrosoftDocs/azure-docs/blob/8c53ac4371d482eda3d85819a4fb8dac09996a89/articles/log-analytics/log-analytics-azure-vm-extension.md#troubleshooting-windows-virtual-machines). |
+| Agent connected to missing or unknown workspace | Security Center identified that the Microsoft Monitoring Agent installed on the VM is connected to a workspace which it doesn't have access to. | This can happen in two cases. The workspace was deleted and no longer exists. Reinstall the agent with the correct workspace or uninstall the agent and allow Security Center to complete its automatic provisioning installation. The second case is where the workspace is part of a subscription that Security Center does not have permissions to. Security Center requires subscriptions to allow the Microsoft Security Resource Provider to access them. To enable, register the subscription to the Microsoft Security Resource Provider. This can be done by API, PowerShell, portal or by simply filtering on the subscription in the Security Center **Overview** dashboard. See [Resource providers and types](../azure-resource-manager/management/resource-providers-and-types.md#azure-portal) for more information. |
+| Agent not responsive or missing ID | Security Center is unable to retrieve security data scanned from the VM, even though the agent is installed. | The agent is not reporting any data, including heartbeat. The agent might be damaged or something is blocking traffic. Or, the agent is reporting data but is missing an Azure resource ID so it's impossible to match the data to the Azure VM. To troubleshoot Linux, see [Troubleshooting Guide for Log Analytics Agent for Linux](https://github.com/Microsoft/OMS-Agent-for-Linux/blob/master/docs/Troubleshooting.md#im-not-seeing-any-linux-data-in-the-oms-portal). To troubleshoot Windows, see [Troubleshooting Windows Virtual Machines](https://github.com/MicrosoftDocs/azure-docs/blob/8c53ac4371d482eda3d85819a4fb8dac09996a89/articles/log-analytics/log-analytics-azure-vm-extension.md#troubleshooting-windows-virtual-machines). |
 | Agent not installed | Data collection is disabled. | Turn on data collection in the security policy or manually install the Microsoft Monitoring Agent. |
 
 ## Troubleshooting monitoring agent network requirements <a name="mon-network-req"></a>
@@ -146,7 +144,6 @@ In this document, you learned how to configure security policies in Azure Securi
 * [Alerts Validation in Azure Security Center](security-center-alert-validation.md)
 * [Email Notifications in Azure Security Center](security-center-provide-security-contact-details.md)
 * [Handling Security Incidents in Azure Security Center](security-center-incident.md)
-* [Alert confidence score](security-center-secure-score.md)
 * [Investigate Incidents and Alerts in Azure Security Center](security-center-investigation.md)
 * [Azure Security Center detection capabilities](security-center-detection-capabilities.md)
 * [Monitoring partner solutions with Azure Security Center](security-center-partner-solutions.md) — Learn how to monitor the health status of your partner solutions.
