update name to upload API

Author: austinmccollum

articles/sentinel/TOC.yml

@@ -780,7 +780,7 @@
     href: threat-intelligence-integration.md
   - name: Enable MDTI data connector
     href: connect-mdti-data-connector.md
-  - name: Connect threat intelligence STIX objects API
+  - name: Connect threat intelligence with upload API
     href: connect-threat-intelligence-upload-api.md
   - name: Connect threat intelligence platforms
     href: connect-threat-intelligence-tip.md
@@ -1253,7 +1253,7 @@
       href: hunting-with-rest-api.md
     - name: Enrich entities with geolocation data with REST-API
       href: geolocation-data-api.md
-    - name: STIX objects API reference
+    - name: Threat intelligence upload API reference
       href: stix-objects-api.md
     - name: Legacy upload indicator API reference
       href: upload-indicators-api.md

articles/sentinel/connect-threat-intelligence-tip.md

@@ -20,7 +20,7 @@ ms.collection: usx-security
 
 > [!NOTE]
 > This data connector is on a path for deprecation. More information will be published on the precise timeline. Use the new Threat Intelligence Upload Indicators API data connector for new solutions going forward.
-> For more information, see [Connect your threat intelligence platform to Microsoft Sentinel with the STIX objects API](connect-threat-intelligence-upload-api.md).
+> For more information, see [Connect your threat intelligence platform to Microsoft Sentinel with the upload API](connect-threat-intelligence-upload-api.md).
 
 Many organizations use threat intelligence platform (TIP) solutions to aggregate threat indicator feeds from various sources. From the aggregated feed, the data is curated to apply to security solutions such as network devices, EDR/XDR solutions, or security information and event management (SIEM) solutions such as Microsoft Sentinel. By using the TIP data connector, you can use these solutions to import threat indicators into Microsoft Sentinel. 
 
@@ -155,7 +155,7 @@ Within a few minutes, threat indicators should begin flowing into this Microsoft
 
 ## Related content
 
-In this article, you learned how to connect your TIP to Microsoft Sentinel using a method on path for deprecation. To connect your TIP using the recommended method, see [Connect your TIP with STIX objects API](connect-threat-intelligence-upload-api.md).
+In this article, you learned how to connect your TIP to Microsoft Sentinel using a method on path for deprecation. To connect your TIP using the recommended method, see [Connect your TIP with the upload API](connect-threat-intelligence-upload-api.md).
 
 - Learn how to [get visibility into your data and potential threats](get-visibility.md).
 - Get started [detecting threats with Microsoft Sentinel](./detect-threats-built-in.md).

articles/sentinel/connect-threat-intelligence-upload-api.md

@@ -1,8 +1,8 @@
 ---
-title: Connect your TIP with STIX objects API
+title: Connect your TIP with the upload API
 titleSuffix: Microsoft Sentinel
 
-description: Learn how to connect your threat intelligence platform (TIP) or custom feed using the STIX objects API to Microsoft Sentinel.
+description: Learn how to connect your threat intelligence platform (TIP) or custom feed using the upload API to Microsoft Sentinel.
 author: austinmccollum
 ms.topic: how-to
 ms.date: 3/14/2024
@@ -14,18 +14,18 @@ ms.collection: usx-security
 #Customer intent: As a security admin, I want to connect my threat intelligence platform with Microsoft Sentinel using the appropriate API so that I can centralize and enhance threat detection and response capabilities.
 ---
 
-# Connect your threat intelligence platform to Microsoft Sentinel with the STIX objects API
+# Connect your threat intelligence platform to Microsoft Sentinel with the upload API
 
-Many organizations use threat intelligence platform (TIP) solutions to aggregate threat intelligence feeds from various sources. From the aggregated feed, the data is curated to apply to security solutions such as network devices, EDR/XDR solutions, or security information and event management (SIEM) solutions such as Microsoft Sentinel. The industry standard for describing cyberthreat information is called, "Structured Threat Information Expression" or STIX. By using the STIX objects API, you use an expressive way to import threat intelligence into Microsoft Sentinel.
+Many organizations use threat intelligence platform (TIP) solutions to aggregate threat intelligence feeds from various sources. From the aggregated feed, the data is curated to apply to security solutions such as network devices, EDR/XDR solutions, or security information and event management (SIEM) solutions such as Microsoft Sentinel. The industry standard for describing cyberthreat information is called, "Structured Threat Information Expression" or STIX. By using the upload API which supports STIX objects, you use a more expressive way to import threat intelligence into Microsoft Sentinel.
 
-The STIX objects API ingests threat intelligence into Microsoft Sentinel without the need for a data connector. This article describes what you need to connect. For more information on the API details, see the reference document [Microsoft Sentinel STIX objects API](stix-objects-api.md).
+The upload API ingests threat intelligence into Microsoft Sentinel without the need for a data connector. This article describes what you need to connect. For more information on the API details, see the reference document [Microsoft Sentinel upload API](stix-objects-api.md).
 
 :::image type="content" source="media/connect-threat-intelligence-upload-api/threat-intel-stix-objects-api.png" alt-text="Screenshot that shows the threat intelligence import path.":::
 
 For more information about threat intelligence, see [Threat intelligence](understand-threat-intelligence.md).
 
 > [!IMPORTANT]
-> The Microsoft Sentinel threat intelligence STIX objects API is in preview. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for more legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+> The Microsoft Sentinel threat intelligence upload API is in preview. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for more legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 >
 > [!INCLUDE [unified-soc-preview-without-alert](includes/unified-soc-preview-without-alert.md)]
 
@@ -62,7 +62,7 @@ After you register your application, record its application (client) ID from the
 
 ## Assign a role to the application
 
-The STIX objects API ingests threat intelligence objects at the workspace level and requires the role of Microsoft Sentinel Contributor.
+The upload API ingests threat intelligence objects at the workspace level and requires the role of Microsoft Sentinel Contributor.
 
 1. From the Azure portal, go to **Log Analytics workspaces**.
 1. Select **Access control (IAM)**.
@@ -79,15 +79,15 @@ For more information on assigning roles to applications, see [Assign a role to t
 
 ## Configure your threat intelligence platform solution or custom application
 
-The following configuration information is required by the STIX objects API:
+The following configuration information is required by the upload API:
 
 - Application (client) ID
 - Microsoft Entra access token with [OAuth 2.0 authentication](../active-directory/fundamentals/auth-oauth2.md)
 - Microsoft Sentinel workspace ID
 
 Enter these values in the configuration of your integrated TIP or custom solution where required.
 
-1. Submit the threat intelligence to the STIX objects API. For more information, see [Microsoft Sentinel STIX objects API](stix-objects-api.md).
+1. Submit the threat intelligence to the upload API. For more information, see [Microsoft Sentinel upload API](stix-objects-api.md).
 1. Within a few minutes, threat intelligence objects should begin flowing into your Microsoft Sentinel workspace. Find the new STIX objects on the **Threat intelligence** page, which is accessible from the Microsoft Sentinel menu.
 
 ## Related content

articles/sentinel/indicators-bulk-file-import.md

@@ -54,7 +54,7 @@ Add multiple threat intelligence objects with a specially crafted CSV or JSON fi
 
     > [!NOTE]
     > The CSV template only supports indicators. The JSON template supports indicators and other STIX objects like threat actors, attack patterns, identities and relationships. 
-    > For more information about crafting supported STIX objects in JSON, see [STIX objects API reference](stix-objects-api.md).
+    > For more information about crafting supported STIX objects in JSON, see [Upload API reference](stix-objects-api.md).
  
 
 1. After you choose a bulk upload template, select the **Download template** link.

articles/sentinel/stix-objects-api.md

@@ -1,7 +1,7 @@
 ---
-title: Import threat intelligence with the STIX objects API
+title: Import threat intelligence with the upload API
 titleSuffix: Microsoft Sentinel
-description: This article is a reference for the upload STIX objects API with example requests and responses.
+description: This article is a reference for the upload upload API with example requests and responses.
 author: austinmccollum
 ms.topic: reference
 ms.date: 05/30/2024
@@ -10,15 +10,16 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
 ---
 
-# Import threat intelligence to Microsoft Sentinel with the STIX objects API (Preview)
+# Import threat intelligence to Microsoft Sentinel with the upload API (Preview)
 
-Import threat intelligence to use in Microsoft Sentinel with the STIX objects API. Whether you're using a threat intelligence platform or a custom application, use this document as a supplemental reference to the instructions in the [Microsoft Sentinel STIX objects API data connector](connect-threat-intelligence-upload-api.md). Installing the data connector isn't required to connect to the API. The threat intelligence you can import includes indicators of compromise and other STIX domain objects.
+Import threat intelligence to use in Microsoft Sentinel with the upload API. Whether you're using a threat intelligence platform or a custom application, use this document as a supplemental reference to the instructions in [Connect your TIP with the upload API](connect-threat-intelligence-upload-api.md). Installing the data connector isn't required to connect to the API. The threat intelligence you can import includes indicators of compromise and other STIX domain objects.
 
 > [!IMPORTANT]
 > This API is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 >
 
-Structured Threat Information Expression (STIX) is a language for expressing cyber threat and observable information. Enhanced support for the following domain objects is included with the STIX objects API:
+Structured Threat Information Expression (STIX) is a language for expressing cyber threat and observable information. Enhanced support for the following domain objects is included with the upload API:
+
 - indicator
 - attack pattern
 - threat actor
@@ -28,11 +29,11 @@ Structured Threat Information Expression (STIX) is a language for expressing cyb
 For more information, see [Introduction to STIX](https://oasis-open.github.io/cti-documentation/stix/intro.html). 
 
 > [!NOTE]
-> The previous upload indicators API is now legacy. If you need to reference that API while transitioning to the new STIX objects API, see [Legacy upload indicators API](upload-indicators-api.md).
+> The previous upload indicators API is now legacy. If you need to reference that API while transitioning to this new upload API, see [Legacy upload indicators API](upload-indicators-api.md).
 
 ## Call the API
 
-A call to the STIX objects API has five components:
+A call to the upload API has five components:
 
 1. The request URI
 1. HTTP request message header
@@ -42,7 +43,7 @@ A call to the STIX objects API has five components:
 
 ## Register your client application with Microsoft Entra ID
 
-In order to authenticate to Microsoft Sentinel, the request to the STIX objects API requires a valid Microsoft Entra access token. For more information on application registration, see [Register an application with the Microsoft identity platform](/entra/identity-platform/quickstart-register-app) or see the basic steps as part of the [Connect threat intelligence with STIX objects API](connect-threat-intelligence-upload-api.md#register-an-azure-ad-application) setup.
+In order to authenticate to Microsoft Sentinel, the request to the upload API requires a valid Microsoft Entra access token. For more information on application registration, see [Register an application with the Microsoft identity platform](/entra/identity-platform/quickstart-register-app) or see the basic steps as part of the [Connect threat intelligence with upload API](connect-threat-intelligence-upload-api.md#register-an-azure-ad-application) setup.
 
 This API requires the calling Microsoft Entra application to be granted the Microsoft Sentinel contributor role at the workspace level.
 
@@ -96,7 +97,7 @@ Create the array of STIX objects using the STIX format specification. Some of th
 
 #### Common properties
 
-All the objects you import with the STIX objects API share these common properties.
+All the objects you import with the upload API share these common properties.
 
 |Property Name	|Type |	Description |
 |----|----|----|

articles/sentinel/understand-threat-intelligence.md

@@ -32,7 +32,7 @@ Organizations use CTI to provide essential context to unusual activity so that s
 - Threat intelligence-sharing communities.
 - Commercial intelligence feeds.
 - Local intelligence gathered in the course of security investigations within an organization.
-- **Import threat intelligence** into Microsoft Sentinel by enabling **data connectors** or using the STIX objects API to connect various TI [platforms](connect-threat-intelligence-tip.md) and [feeds](connect-threat-intelligence-taxii.md).
+- **Import threat intelligence** into Microsoft Sentinel by enabling **data connectors** or using the upload API to connect various TI [platforms](connect-threat-intelligence-tip.md) and [feeds](connect-threat-intelligence-taxii.md).
 
 For SIEM solutions like Microsoft Sentinel, the most common forms of CTI are threat indicators, which are also known as indicators of compromise (IOCs) or indicators of attack. Threat indicators are data that associate observed artifacts such as URLs, file hashes, or IP addresses with known threat activity such as phishing, botnets, or malware. This form of threat intelligence is often called *tactical threat intelligence*. It's applied to security products and automation in large scale to detect potential threats to an organization and protect against them.
 
@@ -57,7 +57,7 @@ Most threat intelligence is imported using data connectors or an API. Here are t
 
 - **Microsoft Defender Threat Intelligence data connector** to ingest Microsoft's threat indicators 
 - **Threat Intelligence - TAXII** for industry-standard STIX/TAXII feeds
-- **Threat Intelligence STIX objects API** for integrated and curated TI feeds using a REST API to connect 
+- **Threat Intelligence upload API** for integrated and curated TI feeds using a REST API to connect 
 - **Threat Intelligence Platform data connector** also connects TI feeds using a REST API, but is on the path for deprecation
 
 Use any of these solutions in any combination together, depending on where your organization sources threat intelligence. All three of these are available in **Content hub** as part of the **Threat Intelligence** solution. For more information about this solution, see the Azure Marketplace entry [Threat Intelligence](https://azuremarketplace.microsoft.com/marketplace/apps/azuresentinel.azure-sentinel-solution-threatintelligence-taxii?tab=Overview).
@@ -84,26 +84,26 @@ For more information, see the following articles:
 - To learn how to enable the Defender Threat Intelligence and the premium Defender Threat Intelligence data connectors, see [Enable the Defender Threat Intelligence data connector](connect-mdti-data-connector.md).
 - To learn about matching analytics, see [Use matching analytics to detect threats](use-matching-analytics-to-detect-threats.md).
 
-### Add threat intelligence to Microsoft Sentinel with the STIX objects API
+### Add threat intelligence to Microsoft Sentinel with the upload API
 
-Many organizations use threat intelligence platform (TIP) solutions to aggregate threat indicator feeds from various sources. From the aggregated feed, the data is curated to apply to security solutions such as network devices, EDR/XDR solutions, or SIEMs such as Microsoft Sentinel. The **STIX objects API** allows you to use these solutions to import threat intelligence into Microsoft Sentinel. 
+Many organizations use threat intelligence platform (TIP) solutions to aggregate threat indicator feeds from various sources. From the aggregated feed, the data is curated to apply to security solutions such as network devices, EDR/XDR solutions, or SIEMs such as Microsoft Sentinel. The **upload API** allows you to use these solutions to import threat intelligence STIX objects into Microsoft Sentinel. 
 
-:::image type="content" source="media/understand-threat-intelligence/threat-intel-upload-api.png" alt-text="Diagram that shows the Upload Indicators API import path.":::
+:::image type="content" source="media/understand-threat-intelligence/threat-intel-upload-api.png" alt-text="Diagram that shows the upload API import path.":::
 
-This data connector uses a new API and offers the following improvements:
+The new upload API doesn't require a data connector and offers the following improvements:
 
 - The threat indicator fields are based off of the STIX standardized format.
-- The Microsoft Entra application only requires the Microsoft Sentinel Contributor role.
+- The Microsoft Entra application requires the Microsoft Sentinel Contributor role.
 - The API request endpoint is scoped at the workspace level. The required Microsoft Entra application permissions allow granular assignment at the workspace level.
 
-For more information, see [Connect your threat intelligence platform using STIX objects API](connect-threat-intelligence-upload-api.md) 
+For more information, see [Connect your threat intelligence platform using upload API](connect-threat-intelligence-upload-api.md) 
 
 ### Add threat indicators to Microsoft Sentinel with the Threat Intelligence Platform data connector
 
 > [!NOTE]
 > This data connector is now on a path for deprecation. 
 
-Much like the existing STIX objects API, the Threat Intelligence Platform data connector uses an API that allows your TIP or custom solution to send indicators into Microsoft Sentinel. However, this data connector is now on a path for deprecation. We recommend that you take advantage of the optimizations the STIX objects API has to offer.
+Much like the existing upload API, the Threat Intelligence Platform data connector uses an API that allows your TIP or custom solution to send indicators into Microsoft Sentinel. However, this data connector is now on a path for deprecation. We recommend that you take advantage of the optimizations the iupload API has to offer.
 
 The TIP data connector works with the [Microsoft Graph Security tiIndicators API](/graph/api/resources/tiindicator). Use it with any custom TIP that communicates with the tiIndicators API to send indicators to Microsoft Sentinel (and to other Microsoft security solutions like Defender XDR).