You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/mitre-coverage.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -48,13 +48,13 @@ By default, both currently active scheduled query and near real-time (NRT) rules
48
48
49
49
In the Azure portal, under **Threat management**, select **MITRE ATT&CK (Preview)**.
50
50
51
-
:::image type="content" source="media/mitre-coverage/mitre-coverage.png" alt-text="Screenshot of the MITRE coverage page.":::
51
+
:::image type="content" source="media/mitre-coverage/mitre-coverage.png" alt-text="Screenshot of the MITRE coverage page." lightbox="media/mitre-coverage/mitre-coverage.png":::
52
52
53
53
### [Defender portal](#tab/defender-portal)
54
54
55
55
In the Defender portal, select **Microsoft Sentinel > Threat management > MITRE ATT&CK**.
56
56
57
-
:::image type="content" source="media/mitre-coverage/mitre-coverage-defender.png" alt-text="Screenshot of the MITRE ATT&CK page in the Defender portal.":::
57
+
:::image type="content" source="media/mitre-coverage/mitre-coverage-defender.png" alt-text="Screenshot of the MITRE ATT&CK page in the Defender portal." lightbox="media/mitre-coverage/mitre-coverage-defender.png":::
58
58
59
59
To filter the page by a specific threat scenario, toggle the **View MITRE by threat scenario** option on, and then select a threat scenario from the drop down. The page is updated accordingly.
Copy file name to clipboardExpand all lines: articles/sentinel/soc-optimization/soc-optimization-access.md
+6-4Lines changed: 6 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -141,19 +141,21 @@ Scroll down to the bottom of the details pane for a link to where you can take t
141
141
142
142
- If an optimization includes recommendations to add analytics rules, select **Go to Content Hub**.
143
143
- If an optimization includes recommendations to move a table to basic logs, select **Change plan**.
144
-
- For threat-based coverage optimizations, select **View full threat scenario** to see the full list of relevant threats, active and recommended detections, and coverage levels. From there you can jump directly to the **Content hub** to activate any recommended detections, or to the **MITRE ATT&CK** page to view the [full MITRE ATT&CK coverage for the selected scenario](../mitre-coverage.md?tabs=defender-portal). For example:
144
+
- For threat-based coverage optimizations, select **View full threat scenario** to see the full list of relevant threats, active and recommended detections, and coverage levels. From there you can jump directly to the **Content hub** to activate any recommended detections, or to the **MITRE ATT&CK** page to view the [full MITRE ATT&CK coverage for the selected scenario](../mitre-coverage.md?tabs=defender-portal#view-current-mitre-coverage). For example:
145
145
146
-
:::image type="content" source="media/soc-optimization-access/threat-scenario-page.png" alt-text="Screenshot of the SOC optimization threat scenario page.":::
146
+
:::image type="content" source="media/soc-optimization-access/threat-scenario-page.png" alt-text="Screenshot of the SOC optimization threat scenario page." lightbox="media/soc-optimization-access/threat-scenario-page.png":::
147
147
148
148
---
149
149
150
-
If you choose to install an analytics rule template from the Content hub, and you don't already have the solution installed, only the analytics rule template that you install is shown in the solution when you're done. Install the full solution to see all available content items from the selected solution. For more information, see [Discover and manage Microsoft Sentinel out-of-the-box content](../sentinel-solutions-deploy.md).
150
+
If you choose to install an analytics rule template from the Content hub, and you don't already have the solution installed, only the analytics rule template that you install is shown in the solution when you're done.
151
+
152
+
Install the full solution to see all available content items from the selected solution. For more information, see [Discover and manage Microsoft Sentinel out-of-the-box content](../sentinel-solutions-deploy.md).
151
153
152
154
### Manage optimizations
153
155
154
156
By default, optimization statuses are **Active**. Change their statuses as your teams progress through triaging and implementing recommendations.
155
157
156
-
Either select the options menu or select **View full details** to take one of the following actions:
158
+
Either select the options menu or select **View details** to take one of the following actions:
0 commit comments