refreshing reports articles

Shereen-Bhar · Shereen-Bhar · commit 837163b66a10 · 2022-11-30T14:44:57.000+02:00
diff --git a/articles/defender-for-iot/organizations/how-to-create-attack-vector-reports.md b/articles/defender-for-iot/organizations/how-to-create-attack-vector-reports.md
@@ -7,26 +7,21 @@ ms.topic: how-to
 
 # Attack vector reporting
 
-## About attack vector reports
+Attack vector reports, generated by Defender for IoT OT network sensors, provide a graphical representation of a vulnerability chain of exploitable devices. These vulnerabilities can give an attacker access to key network devices. The Attack Vector Simulator calculates attack vectors in real time and analyzes all attack vectors for a specific target.
 
-Attack vector reports provide a graphical representation of a vulnerability chain of exploitable devices. These vulnerabilities can give an attacker access to key network devices. The Attack Vector Simulator calculates attack vectors in real time and analyzes all attack vectors for a specific target.
+## Prerequisites
 
-Working with the attack vector lets you evaluate the effect of mitigation activities in the attack sequence. You can then determine, for example, if a system upgrade disrupts the attacker's path by breaking the attack chain, or if an alternate attack path remains. This information helps you prioritize remediation and mitigation activities.
-
-> [!NOTE]
-> Administrators and security analysts can perform the procedures described in this section.
+You must be an **Admin** or **Security Analyst** user to create an attack vector report.
 
 ## Create an attack vector report
 
-This section describes how to create Attack Vector reports.
-
 **To create an attack vector simulation:**
 
 1. Select **Attack vector** from the sensor side menu.
 1. Select **Add simulation**.
 1. Enter simulation properties:
 
-    | Parameter  | Description  |
+    | Property  | Description  |
     |---------|---------|
     | **Name** | Simulation name |
     | **Maximum vectors** | The maximum number of vectors in a single simulation. |
@@ -49,4 +44,4 @@ This section describes how to create Attack Vector reports.
 
 ## Next steps
 
-For more information, see [Attack vector reporting](how-to-create-attack-vector-reports.md).
+Working with the attack vector lets you evaluate the effect of mitigation activities in the attack sequence. You can now determine, for example, if a system upgrade disrupts the attacker's path by breaking the attack chain, or if an alternate attack path remains. This information helps you prioritize remediation and mitigation activities. For more information, see [fill this in](not-sure-yet.md).
diff --git a/articles/defender-for-iot/organizations/how-to-create-data-mining-queries.md b/articles/defender-for-iot/organizations/how-to-create-data-mining-queries.md
@@ -5,39 +5,40 @@ ms.date: 02/02/2022
 ms.topic: how-to
 ---
 
-# Run data mining queries
+# Data mining queries
 
-Using data mining queries to get dynamic, granular information about your network devices, including for specific time periods, internet connectivity, ports and protocols, firmware versions, programming commands, and device state. You can use data mining queries for:
+Running data mining queries provides dynamic, detailed information about your network devices. This includes information for specific time periods, internet connectivity, ports and protocols, firmware versions, programming commands, and device state.
 
-| Information | Description |
-|---------|---------|
-| **SOC incident response** | Generate a report in real time to help deal with immediate incident response. For example, Data Mining can generate a report for a list of devices that might require patching. |
-| **Forensics** | Generate a report based on historical data for investigative reports. |
-| **Network security** | Generate a report that helps improve overall network security. For example, generate a report can be generated that lists devices with weak authentication credentials. |
-| **Visibility** | Generate a report that covers all query items to view all baseline parameters of your network. |
-| **PLC security** | Improve security by detecting PLCs in unsecure states, for example,  Program and Remote states. |
+Reports can be viewed in the **Data Mining** page. You can refresh a report, edit report parameters, and export to a CSV file or PDF. You can also take a snapshot of a report.
 
 Data mining information is saved and stored continuously, except for when a device is deleted. Data mining results can be exported and stored externally to a secure server. In addition, the sensor performs automatic daily backups to ensure system continuity and preservation of data.
 
+## Prerequisites
+
+You must be an **Admin** or **Security Analyst** user to access predefined data mining reports.
+
 ## Predefined data mining reports
 
-The following predefined reports are available. These queries are generated in real time.
+The following predefined reports are available in **Analyze** > **Data Mining**. These queries are generated in real time.
 
 | Report | Description |
 |---------|---------|
 | **Programming commands** | Devices that send industrial programming. |
 | **Remote access** | Devices that communicate through remote session protocols. |
 | **Internet activity** | Devices that are connected to the internet. |
 | **CVEs** | A list of devices detected with known vulnerabilities, along with CVSSv2 risk scores. |
-| **Excluded CVEs** | A list of all the CVEs that were manually excluded. It is possible to customize the CVE list manually so that the VA reports and attack vectors more accurately reflect your network by excluding or including particular CVEs and updating the CVSSv2 score accordingly. |
+| **Excluded CVEs** | A list of all the CVEs that were manually excluded. It's possible to customize the CVE list manually so that the VA reports and attack vectors more accurately reflect your network by excluding or including particular CVEs and updating the CVSSv2 score accordingly. |
 | **Nonactive devices** | Devices that haven't communicated for the past seven days. |
 | **Active devices** | Active network devices within the last 24 hours. |
 
-Find these reports in **Analyze** > **Data Mining**. Reports are available for users with Administrator and Security Analyst permissions. Read only users can't access these reports.
-
 ## Create a report
 
-To create a data-mining report:
+Reports are dynamically updated each time you open them. For example:
+
+- If you create a report for firmware versions on devices on June 1 and open the report again on June 10, this report will be updated with information that's accurate for June 10.
+- If you create a report to detect new devices discovered over the last 30 days on June 1 and open the report on June 30, the results will be displayed for the last 30 days.
+
+**To generate a report**:
 
 1. Select **Data Mining** from the side menu. Predefined suggested reports appear automatically.
 
@@ -53,27 +54,32 @@ To create a data-mining report:
 
 1. Select **Save** to save your report and display results on the **Data Mining** page.
 
-Reports are dynamically updated each time you open them. For example:
+## Data mining report contents
 
-- If you create a report for firmware versions on devices on June 1 and open the report again on June 10, this report will be updated with information that's accurate for June 10.
-- If you create a report to detect new devices discovered over the last 30 days on June 1 and open the report on June 30, the results will be displayed for the last 30 days.
+You can use data mining queries for:
 
-## Managing reports
-
-Reports can be viewed in the **Data Mining** page, You can refresh a report, edit report parameters, and export to a CSV file or PDF. You can also take a snapshot of a report.
+| Information | Description |
+|---------|---------|
+| **SOC incident response** | Generate a report in real time to help deal with immediate incident response. For example, Data Mining can generate a report for a list of devices that might require patching. |
+| **Forensics** | Generate a report based on historical data for investigative reports. |
+| **Network security** | Generate a report that helps improve overall network security. For example, generate a report can be generated that lists devices with weak authentication credentials. |
+| **Visibility** | Generate a report that covers all query items to view all baseline parameters of your network. |
+| **PLC security** | Improve security by detecting PLCs in unsecure states, for example,  Program and Remote states. |
 
 ## View reports in on-premises management console
 
 The on-premises management console lets you generate reports for each sensor that's connected to it. Reports are based on sensor data-mining queries that are performed, and include:
 
-- **Active Devices (Last 24 Hours)**: Presents a list of devices that show network activity within a period of 24 hours.
-- **Non-Active Devices (Last 7 Days)**: Presents a list of devices that show no network activity in the last seven days.
-- **Programming Commands**: Presents a list of devices that sent programming commands within the last 24 hours.
-- **Remote Access**: Presents a list of devices that remote sources accessed within the last 24 hours.
+| Information  | Description  |
+|---------|---------|
+| **Active Devices (Last 24 Hours)** | Presents a list of devices that show network activity within a period of 24 hours. |
+| **Non-Active Devices (Last 7 Days)** | Presents a list of devices that show no network activity in the last seven days. |
+| **Programming Commands** | Presents a list of devices that sent programming commands within the last 24 hours. |
+| **Remote Access** | Presents a list of devices that remote sources accessed within the last 24 hours. |
 
 When you choose the sensor from the on-premises management console, all the custom reports configured on that sensor appear in the list of reports. For each sensor, you can generate a default report or a custom report configured on that sensor.
 
-To generate a report:
+**To generate a report**:
 
 1. On the left pane, select **Reports**. The **Reports** window appears.
 
diff --git a/articles/defender-for-iot/organizations/how-to-create-trends-and-statistics-reports.md b/articles/defender-for-iot/organizations/how-to-create-trends-and-statistics-reports.md
@@ -7,16 +7,17 @@ ms.topic: how-to
 
 # Create trends and statistics dashboards
 
-This article describes how to create dashboards on your sensor console to get insight into network trends and statistics.
+Dashboards on your sensor console provide insight into network trends and statistics.
 
+## Prerequisites
 
-## Before you start
-
-You need Administrator or Security Analyst permissions to create dashboards.
+You must be an **Administrator** or **Security Analyst** user to create dashboards.
 
 ## Create dashboards
 
-You can create many different types of dashboard. Based on traffic, device state, alerts, connectivity, and protocol.
+You can create many different types of dashboards, based on traffic, device state, alerts, connectivity, and protocol.
+
+**To create a dashboard**:
 
 1. On your Defender for IoT sensor console, select **Trends & Statistics** > **Create Dashboard**.
 
