Skip to content

Commit 7f1a790

Browse files
yelevinyelevin
committed
Continued work 1
1 parent bf180ae commit 7f1a790

File tree

2 files changed

+4
-2
lines changed

2 files changed

+4
-2
lines changed

articles/sentinel/tutorial-log4j-detection.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,8 @@ To complete this tutorial, make sure you have:
102102

103103
:::image type="content" source="media/tutorial-log4j-detection/set-rule-logic-tab.png" alt-text="Screenshot of the Set rule logic tab of the Analytics rule wizard." lightbox="media/tutorial-log4j-detection/set-rule-logic-tab.png":::
104104

105+
[!INCLUDE [kusto-reference-general-no-alert](includes/kusto-reference-general-no-alert.md)]
106+
105107
## Enrich alerts with entities and other details
106108

107109
1. Under **Alert enrichment**, keep the **Entity mapping** settings as they are. Note the three mapped entities.
@@ -218,4 +220,4 @@ Now that you've learned how to search for exploits of a common vulnerability usi
218220
- [Alert properties](customize-alert-details.md)
219221

220222
- Learn about [other kinds of analytics rules](detect-threats-built-in.md) in Microsoft Sentinel and their function.
221-
- Learn more about writing queries in Kusto Query Language (KQL). Learn more about KQL [concepts](/azure/data-explorer/kusto/concepts/) and [queries](/azure/data-explorer/kusto/query/), and see this handy [quick reference guide](/azure/data-explorer/kql-quick-reference).
223+
- Learn more about writing queries in Kusto Query Language (KQL). To learn more about KQL, see this [overview](/kusto/query/?view=microsoft-sentinel&preserve-view=true), learn some [best practices](/kusto/query/best-practices?view=microsoft-sentinel&preserve-view=true), and keep this handy [quick reference guide](/kusto/query/kql-quick-reference?view=microsoft-sentinel&preserve-view=true).

articles/sentinel/unified-connector-custom-device.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -262,7 +262,7 @@ Follow these steps to ingest log messages from JuniperIDP:
262262
263263
The following screenshot shows the complete query in the preceding example in a more readable format:
264264
265-
:::image type="content" source="media/unified-connector-custom-device/kusto-query-screenshot.png" alt-text="Screenshot showing expanded Kusto query with line breaks for readability.":::
265+
:::image type="content" source="media/unified-connector-custom-device/kusto-query-screenshot.png" alt-text="Screenshot showing expanded Kusto query with line breaks for readability." lightbox="media/unified-connector-custom-device/kusto-query-screenshot.png":::
266266
267267
See more information on the following items used in the preceding examples, in the Kusto documentation:
268268
- [***parse*** operator](/kusto/query/parse-operator?view=microsoft-sentinel&preserve-view=true)

0 commit comments

Comments
 (0)