Merge pull request #203075 from yelevin/patch-1

PRMerger8 · web-flow · commit 568a6298fa46 · 2022-06-28T02:26:55.000-07:00
Added requirement to enable UEBA
diff --git a/articles/sentinel/anomalies-reference.md b/articles/sentinel/anomalies-reference.md
@@ -25,6 +25,8 @@ Microsoft Sentinel uses two different models to create baselines and detect anom
 
 Sentinel UEBA detects anomalies based on dynamic baselines created for each entity across various data inputs. Each entity's baseline behavior is set according to its own historical activities, those of its peers, and those of the organization as a whole. Anomalies can be triggered by the correlation of different attributes such as action type, geo-location, device, resource, ISP, and more.
 
+You must [enable the UEBA feature](enable-entity-behavior-analytics.md) for UEBA anomalies to be detected.
+
 - [Anomalous Account Access Removal](#anomalous-account-access-removal)
 - [Anomalous Account Creation](#anomalous-account-creation)
 - [Anomalous Account Deletion](#anomalous-account-deletion)
diff --git a/articles/sentinel/enable-entity-behavior-analytics.md b/articles/sentinel/enable-entity-behavior-analytics.md
@@ -57,6 +57,10 @@ If you haven't yet enabled UEBA, you will be taken to the **Settings** page. Sel
 
 ## Next steps
 
-In this document, you learned how to enable and configure User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel. To learn more about Microsoft Sentinel, see the following articles:
+In this document, you learned how to enable and configure User and Entity Behavior Analytics (UEBA) in Microsoft Sentinel. For more information about UEBA:
+- See the [list of anomalies](anomalies-reference.md#ueba-anomalies) detected using UEBA.
+- Learn more about [how UEBA works](identify-threats-with-entity-behavior-analytics.md) and how to use it.
+
+To learn more about Microsoft Sentinel, see the following articles:
 - Learn how to [get visibility into your data, and potential threats](get-visibility.md).
 - Get started [detecting threats with Microsoft Sentinel](detect-threats-built-in.md).
diff --git a/articles/sentinel/identify-threats-with-entity-behavior-analytics.md b/articles/sentinel/identify-threats-with-entity-behavior-analytics.md
@@ -166,6 +166,7 @@ As legacy defense tools become obsolete, organizations may have such a vast and
 In this document, you learned about Microsoft Sentinel's entity behavior analytics capabilities. For practical guidance on implementation, and to use the insights you've gained, see the following articles:
 
 - [Enable entity behavior analytics](./enable-entity-behavior-analytics.md) in Microsoft Sentinel.
+- See the [list of anomalies](anomalies-reference.md#ueba-anomalies) detected by the UEBA engine.
 - [Investigate incidents with UEBA data](investigate-with-ueba.md).
 - [Hunt for security threats](./hunting.md).
 
