Fix broken bookmark links

cwatson-cat · cwatson-cat · commit 3f6c242814ad · 2023-06-09T08:47:44.000-07:00
diff --git a/articles/sentinel/fusion.md b/articles/sentinel/fusion.md
@@ -23,7 +23,7 @@ Since Fusion correlates multiple signals from various products to detect advance
 
 ### Configure Fusion
 
-Fusion is enabled by default in Microsoft Sentinel, as an [analytics rule](detect-threats-built-in.md#view-built-in-detections) called **Advanced multistage attack detection**. You can view and change the status of the rule, configure source signals to be included in the Fusion ML model, or exclude specific detection patterns that may not be applicable to your environment from Fusion detection. Learn how to [configure the Fusion rule](configure-fusion-rules.md).
+Fusion is enabled by default in Microsoft Sentinel, as an [analytics rule](detect-threats-built-in.md) called **Advanced multistage attack detection**. You can view and change the status of the rule, configure source signals to be included in the Fusion ML model, or exclude specific detection patterns that may not be applicable to your environment from Fusion detection. Learn how to [configure the Fusion rule](configure-fusion-rules.md).
 
 > [!NOTE]
 > Microsoft Sentinel currently uses 30 days of historical data to train the Fusion engine's machine learning algorithms. This data is always encrypted using Microsoft’s keys as it passes through the machine learning pipeline. However, the training data is not encrypted using [Customer-Managed Keys (CMK)](customer-managed-keys.md) if you enabled CMK in your Microsoft Sentinel workspace. To opt out of Fusion, navigate to **Microsoft Sentinel** \> **Configuration** \> **Analytics \> Active rules**, right-click on the **Advanced Multistage Attack Detection** rule, and select **Disable.**
diff --git a/articles/sentinel/migration-arcsight-automation.md b/articles/sentinel/migration-arcsight-automation.md
@@ -37,7 +37,7 @@ This section shows how key SOAR concepts in ArcSight translate to Microsoft Sent
 |Step (in diagram) |ArcSight  |Microsoft Sentinel |
 |---------|---------|---------|
 |1 |Ingest events into Enterprise Security Manager (ESM) and trigger correlation events.     |Ingest events into the Log Analytics workspace.     |
-|2 |Automatically filter alerts for case creation.     |Use [analytics rules](detect-threats-built-in.md#use-built-in-analytics-rules) to trigger alerts. Enrich alerts using the [custom details feature](surface-custom-details-in-alerts.md) to create dynamic incident names.   |
+|2 |Automatically filter alerts for case creation.     |Use [analytics rules](detect-threats-built-in.md) to trigger alerts. Enrich alerts using the [custom details feature](surface-custom-details-in-alerts.md) to create dynamic incident names.   |
 |3 |Classify cases. |Use [automation rules](automate-incident-handling-with-automation-rules.md). With automation rules, Microsoft Sentinel treats incidents according to the analytics rule that triggered the incident, and the incident properties that match defined criteria. |
 |4 |Consolidate cases. |You can consolidate several alerts to a single incident according to properties such as matching entities, alert details, or creation timeframe, using the alert grouping feature. |
 |5 |Dispatch cases. |Assign incidents to specific analysts using [an integration](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/automate-incident-assignment-with-shifts-for-teams/ba-p/2297549) between Microsoft Teams, Azure Logic Apps, and Microsoft Sentinel automation rules. |
diff --git a/articles/sentinel/migration-arcsight-detection-rules.md b/articles/sentinel/migration-arcsight-detection-rules.md
@@ -17,7 +17,7 @@ This article describes how to identify, compare, and migrate your ArcSight detec
 Microsoft Sentinel uses machine learning analytics to create high-fidelity and actionable incidents, and some of your existing detections may be redundant in Microsoft Sentinel. Therefore, don't migrate all of your detection and analytics rules blindly. Review these considerations as you identify your existing detection rules.
 
 - Make sure to select use cases that justify rule migration, considering business priority and efficiency.
-- Check that you [understand Microsoft Sentinel rule types](detect-threats-built-in.md#view-built-in-detections). 
+- Check that you [understand Microsoft Sentinel rule types](detect-threats-built-in.md). 
 - Check that you understand the [rule terminology](#compare-rule-terminology).
 - Review any rules that haven't triggered any alerts in the past 6-12 months, and determine whether they're still relevant.
 - Eliminate low-level threats or alerts that you routinely ignore.
diff --git a/articles/sentinel/migration-qradar-automation.md b/articles/sentinel/migration-qradar-automation.md
@@ -47,7 +47,7 @@ Review which Microsoft Sentinel or Azure Logic Apps features map to the main QRa
 
 |QRadar  |Microsoft Sentinel/Azure Logic Apps  |
 |---------|---------|
-|Rules |[Analytics rules](detect-threats-built-in.md#use-built-in-analytics-rules) attached to playbooks or automation rules |
+|Rules |[Analytics rules](detect-threats-built-in.md) attached to playbooks or automation rules |
 |Gateway |[Condition control](../logic-apps/logic-apps-control-flow-conditional-statement.md) |
 |Scripts |[Inline code](../logic-apps/logic-apps-add-run-inline-code.md) |
 |Custom action processors |[Custom API calls](../logic-apps/logic-apps-create-api-app.md) in Azure Logic Apps or third party connectors |
diff --git a/articles/sentinel/migration-qradar-detection-rules.md b/articles/sentinel/migration-qradar-detection-rules.md
@@ -16,7 +16,7 @@ This article describes how to identify, compare, and migrate your QRadar detecti
 Microsoft Sentinel uses machine learning analytics to create high-fidelity and actionable incidents, and some of your existing detections may be redundant in Microsoft Sentinel. Therefore, don't migrate all of your detection and analytics rules blindly. Review these considerations as you identify your existing detection rules.
 
 - Make sure to select use cases that justify rule migration, considering business priority and efficiency.
-- Check that you [understand Microsoft Sentinel rule types](detect-threats-built-in.md#view-built-in-detections). 
+- Check that you [understand Microsoft Sentinel rule types](detect-threats-built-in.md). 
 - Check that you understand the [rule terminology](#compare-rule-terminology).
 - Review any rules that haven't triggered any alerts in the past 6-12 months, and determine whether they're still relevant.
 - Eliminate low-level threats or alerts that you routinely ignore.
diff --git a/articles/sentinel/migration-splunk-detection-rules.md b/articles/sentinel/migration-splunk-detection-rules.md
@@ -18,7 +18,7 @@ If you want to migrate your Splunk Observability deployment, learn more about ho
 Microsoft Sentinel uses machine learning analytics to create high-fidelity and actionable incidents, and some of your existing detections may be redundant in Microsoft Sentinel. Therefore, don't migrate all of your detection and analytics rules blindly. Review these considerations as you identify your existing detection rules.
 
 - Make sure to select use cases that justify rule migration, considering business priority and efficiency.
-- Check that you [understand Microsoft Sentinel rule types](detect-threats-built-in.md#view-built-in-detections). 
+- Check that you [understand Microsoft Sentinel rule types](detect-threats-built-in.md). 
 - Check that you understand the [rule terminology](#compare-rule-terminology).
 - Review any rules that haven't triggered any alerts in the past 6-12 months, and determine whether they're still relevant.
 - Eliminate low-level threats or alerts that you routinely ignore.
diff --git a/articles/sentinel/sentinel-content-centralize.md b/articles/sentinel/sentinel-content-centralize.md
@@ -91,7 +91,7 @@ The following table lists specific impacts to the content templates for each of
 | Content type | Impact |
 | ------- | ------- |
 | [Data connectors](connect-data-sources.md) | Templates identifiable as **Content source** = **Gallery content** and **Status** = **Not connected** will no longer appear in the data connectors gallery. |
-| [Analytics](detect-threats-built-in.md#view-built-in-detections) | Templates identifiable as **Source name** = **Gallery content** will no longer appear in the analytics gallery. |
+| [Analytics](detect-threats-built-in.md) | Templates identifiable as **Source name** = **Gallery content** will no longer appear in the analytics gallery. |
 | [Hunting](hunting.md#use-built-in-queries) | Templates with **Content source** = **Gallery content** will no longer appear in the hunting gallery. |
 | [Playbooks](use-playbook-templates.md#explore-playbook-templates) | Templates identifiable as **Source name** = **Gallery content** will no longer appear in the automation playbooks gallery. |
 | [Workbooks](get-visibility.md#use-built-in-workbooks) | Templates with **Content source** = **Gallery content** will no longer appear in the workbooks gallery. |
