Merge pull request #217719 from bmansheim/sample-alerts-containers

RN for containers sample alerts

Author: prmerger-automator[bot]

articles/defender-for-cloud/adaptive-application-controls.md

@@ -181,12 +181,12 @@ To remediate the issues:
 
 1. For further details, and the list of affected machines, select an alert.
 
-    The alerts page shows the more details of the alerts and provides a **Take action** link with recommendations of how to mitigate the threat.
+    The security alerts page shows more details of the alerts and provides a **Take action** link with recommendations of how to mitigate the threat.
 
     :::image type="content" source="media/adaptive-application/adaptive-application-alerts-start-time.png" alt-text="The start time of adaptive application controls alerts is the time that adaptive application controls created the alert.":::
 
     > [!NOTE]
-    > Adaptive application controls calculates events once every twelve hours. The "activity start time" shown in the alerts page is the time that adaptive application controls created the alert, **not** the time that the suspicious process was active.
+    > Adaptive application controls calculates events once every twelve hours. The "activity start time" shown in the security alerts page is the time that adaptive application controls created the alert, **not** the time that the suspicious process was active.
 
 
 ## Move a machine from one group to another

articles/defender-for-cloud/alert-validation.md

@@ -30,7 +30,7 @@ Use sample alerts to:
 
 To create sample alerts:
 
-1. As a user with the role **Subscription Contributor**, from the toolbar on the alerts page, select **Create sample alerts**.
+1. As a user with the role **Subscription Contributor**, from the toolbar on the security alerts page, select **Sample alerts**.
 1. Select the subscription.
 1. Select the relevant Microsoft Defender plan/s for which you want to see alerts. 
 1. Select **Create sample alerts**.
@@ -103,7 +103,7 @@ You can simulate alerts for both of the control plane, and workload alerts with
 
 1. Wait 30 minutes.
 
-1. In the Azure portal, navigate to the Defender for Cloud's alerts page.
+1. In the Azure portal, navigate to the Defender for Cloud's security alerts page.
 
 1. On the relevant Kubernetes cluster, locate the following alert `Microsoft Defender for Cloud test alert for K8S (not a threat)` 
 
@@ -149,7 +149,7 @@ You can simulate alerts for both of the control plane, and workload alerts with
 
 1. Wait 10 minutes.
 
-1. In the Azure portal, navigate to the Defender for Cloud's alerts page.
+1. In the Azure portal, navigate to the Defender for Cloud's security alerts page.
 
 1. On the relevant AKS cluster, locate the following alert `Microsoft Defender for Cloud test alert (not a threat)`.
 

articles/defender-for-cloud/defender-for-databases-enable-cosmos-protections.md

@@ -101,9 +101,9 @@ You can use sample Microsoft Defender for Azure Cosmos DB alerts to evaluate the
 
 1. Sign in to the  [Azure portal](https://portal.azure.com/) as a Subscription Contributor user.
 
-1. Navigate to the Alerts page. 
+1. Navigate to the security alerts page. 
 
-1. Select **Create sample alerts**. 
+1. Select **Sample alerts**. 
 
 1. Select the subscription. 
 

articles/defender-for-cloud/defender-for-databases-usage.md

@@ -41,15 +41,15 @@ When Microsoft Defender for Cloud is enabled on your database, it detects anomal
 - In the inbox of whoever in your organization has been [designated to receive email alerts](configure-email-notifications.md).  
 
 > [!TIP]
-> A live tile on [Microsoft Defender for Cloud's overview dashboard](overview-page.md) tracks the status of active threats to all your resources including databases. Select the tile to launch the Defender for Cloud alerts page and get an overview of active threats detected on your databases.
+> A live tile on [Microsoft Defender for Cloud's overview dashboard](overview-page.md) tracks the status of active threats to all your resources including databases. Select the security alerts tile to go to the Defender for Cloud security alerts page and get an overview of active threats detected on your databases.
 >
 > For detailed steps and the recommended method to respond to security alerts, see [Respond to a security alert](tutorial-security-incident.md#respond-to-a-security-alert).
 
 ### Respond to email notifications of security alerts
 
 Defender for Cloud sends email notifications when it detects anomalous database activities. The email includes details of the suspicious security event such as the nature of the anomalous activities, database name, server name, application name, and event time. The email also provides information on possible causes and recommended actions to investigate and mitigate any potential threats to the database.
 
-1. From the email, select the **View the full alert** link to launch the Azure portal and show the alerts page, which provides an overview of active threats detected on the database.
+1. From the email, select the **View the full alert** link to launch the Azure portal and show the security alerts page, which provides an overview of active threats detected on the database.
 
     :::image type="content" source="media/defender-for-databases-usage/suspected-brute-force-attack-notification-email.png" alt-text="Defender for Cloud's email notification about a suspected brute force attack.":::
 

articles/defender-for-cloud/defender-for-key-vault-introduction.md

@@ -32,7 +32,7 @@ When anomalous activities occur, Defender for Key Vault shows alerts and optiona
 ## Microsoft Defender for Key Vault alerts
 When you get an alert from Microsoft Defender for Key Vault, we recommend you investigate and respond to the alert as described in [Respond to Microsoft Defender for Key Vault](defender-for-key-vault-usage.md). Microsoft Defender for Key Vault protects applications and credentials, so even if you're familiar with the application or user that triggered the alert, it's important to check the situation surrounding every alert.
 
-The alerts appear in Key Vault's **Security** page, the Workload protections, and Defender for Cloud's alerts page.
+The alerts appear in Key Vault's **Security** page, the Workload protections, and Defender for Cloud's security alerts page.
 
 :::image type="content" source="./media/defender-for-key-vault-intro/key-vault-security-page.png" alt-text="Azure Key Vault's security page":::
 

articles/defender-for-cloud/defender-for-sql-usage.md

@@ -108,7 +108,7 @@ Alerts are generated by unusual and potentially harmful attempts to access or ex
 
 Microsoft Defender for SQL alerts are available in:
 
-- The Defender for Cloud's alerts page
+- The Defender for Cloud's security alerts page
 - The machine's security page
 - The [workload protections dashboard](workload-protections-dashboard.md)
 - Through the direct link in the alert emails

articles/defender-for-cloud/incidents.md

@@ -20,13 +20,13 @@ In Defender for Cloud, a security incident is an aggregation of all alerts for a
 
 ## Managing security incidents
 
-1. On Defender for Cloud's alerts page, use the **Add filter** button to filter by alert name to the alert name **Security incident detected on multiple resources**. 
+1. On Defender for Cloud's security alerts page, use the **Add filter** button to filter by alert name to the alert name **Security incident detected on multiple resources**. 
 
-    :::image type="content" source="media/incidents/locating-incidents.png" alt-text="Locating the incidents on the alerts page in Microsoft Defender for Cloud.":::
+    :::image type="content" source="media/incidents/locating-incidents.png" alt-text="Locating the incidents on the security alerts page in Microsoft Defender for Cloud.":::
 
     The list is now filtered to show only incidents. Notice that security incidents have a different icon to security alerts.
 
-    :::image type="content" source="media/incidents/incidents-list.png" alt-text="List of incidents on the alerts page in Microsoft Defender for Cloud.":::
+    :::image type="content" source="media/incidents/incidents-list.png" alt-text="List of incidents on the security alerts page in Microsoft Defender for Cloud.":::
 
 1. To view details of an incident, select one from the list. A side pane appears with more details about the incident.
 

articles/defender-for-cloud/includes/defender-for-containers-enable-plan-eks.md

@@ -62,4 +62,4 @@ To protect your EKS clusters, enable the Containers plan on the relevant account
 
 To view the alerts and recommendations for your EKS clusters, use the filters on the alerts, recommendations, and inventory pages to filter by resource type **AWS EKS cluster**.
 
-:::image type="content" source="../media/defender-for-kubernetes-intro/view-alerts-for-aws-eks-clusters.png" alt-text="Screenshot of how to use filters on Microsoft Defender for Cloud's alerts page to view alerts related to AWS EKS clusters." lightbox="../media/defender-for-kubernetes-intro/view-alerts-for-aws-eks-clusters.png":::
+:::image type="content" source="../media/defender-for-kubernetes-intro/view-alerts-for-aws-eks-clusters.png" alt-text="Screenshot of how to use filters on Microsoft Defender for Cloud's security alerts page to view alerts related to AWS EKS clusters." lightbox="../media/defender-for-kubernetes-intro/view-alerts-for-aws-eks-clusters.png":::

articles/defender-for-cloud/release-notes.md

@@ -21,6 +21,7 @@ To learn about *planned* changes that are coming soon to Defender for Cloud, see
 Updates in November include:
 
 - [Protect containers in your entire GKE organization with Defender for Containers](#protect-containers-in-your-entire-gke-organization-with-defender-for-containers)
+- [Validate Defender for Containers protections with sample alerts](#validate-defender-for-containers-protections-with-sample-alerts)
 
 ### Protect containers in your entire GKE organization with Defender for Containers
 
@@ -30,6 +31,12 @@ Now you can enable Defender for Containers for your GCP organization to protect
 
 Learn more about [connecting GCP projects and organizations](quickstart-onboard-gcp.md#connect-your-gcp-project) to Defender for Cloud.
 
+### Validate Defender for Containers protections with sample alerts
+
+You can now create sample alerts also for Defender for Containers plan. The new sample alerts are presented as being from AKS, Arc-connected clusters, EKS, and GKE resources with different severities and MITRE tactics. You can use the sample alerts to validate security alert configurations, such as SIEM integrations, workflow automation, and email notifications.
+
+Learn more about [alert validation](alert-validation.md).
+
 ## October 2022
 
 Updates in October include: