pr review

batamig · batamig · commit 8bf011fef0fe · 2024-11-27T14:22:39.000+02:00
diff --git a/articles/sentinel/TOC.yml b/articles/sentinel/TOC.yml
@@ -313,7 +313,7 @@
       href: data-connectors/azure-cognitive-search.md
     - name: Azure DDoS Protection
       href: data-connectors/azure-ddos-protection.md
-    - name: Azure Event Hub
+    - name: Azure Event Hubs
       href: data-connectors/azure-event-hub.md
     - name: Azure Firewall
       href: data-connectors/azure-firewall.md
diff --git a/articles/sentinel/connect-defender-for-cloud.md b/articles/sentinel/connect-defender-for-cloud.md
@@ -23,7 +23,7 @@ appliesto:
 
     - When you connect Microsoft Defender for Cloud to Microsoft Sentinel, the status of security alerts that get ingested into Microsoft Sentinel is synchronized between the two services. So, for example, when an alert is closed in Defender for Cloud, that alert displays as closed in Microsoft Sentinel as well.
 
-    - Changing the status of an alert in Defender for Cloud won't* affect the status of any Microsoft Sentinel **incidents** that contain the Microsoft Sentinel alert, only that of the alert itself.
+    - Changing the status of an alert in Defender for Cloud won't affect the status of any Microsoft Sentinel **incidents** that contain the Microsoft Sentinel alert, only that of the alert itself.
 
 - **Bi-directional alert synchronization**: Enabling **bi-directional sync** automatically syncs the status of original security alerts with that of the Microsoft Sentinel incidents that contain those alerts. So, for example, when a Microsoft Sentinel incident containing a security alerts is closed, the corresponding original alert is closed in Microsoft Defender for Cloud automatically.
 
@@ -33,7 +33,7 @@ appliesto:
 
 - You must be using Microsoft Sentinel in the Azure portal. If you're onboarded to Microsoft's unified security operations (SecOps) platform, Defender for Cloud alerts are already ingested into Microsoft Defender XDR, and the **Tenant-based Microsoft Defender for Cloud (Preview)** data connector isn't listed in the **Data connectors** page in the Defender portal. For more information, see [Microsoft Sentinel in the Microsoft Defender portal](microsoft-sentinel-defender-portal.md).
 
-    If you're onboarded to Microsoft's unifed SecOps platform, you'll still want to install the **Microsoft Defender for Cloud** solution to use built-in security content with Microsoft Sentinel.
+    If you're onboarded to Microsoft's unified SecOps platform, you'll still want to install the **Microsoft Defender for Cloud** solution to use built-in security content with Microsoft Sentinel.
 
     If you're using Microsoft Sentinel in the Defender portal without Microsoft Defender XDR, this procedure is still relevant for you. 
 
diff --git a/articles/sentinel/fusion.md b/articles/sentinel/fusion.md
@@ -25,7 +25,7 @@ Fusion is enabled by default in Microsoft Sentinel, as an [analytics rule](detec
 > [!NOTE]
 > Microsoft Sentinel currently uses 30 days of historical data to train the Fusion engine's machine learning algorithms. This data is always encrypted using Microsoft’s keys as it passes through the machine learning pipeline. However, the training data is not encrypted using [Customer-Managed Keys (CMK)](customer-managed-keys.md) if you enabled CMK in your Microsoft Sentinel workspace. To opt out of Fusion, navigate to **Microsoft Sentinel** \> **Configuration** \> **Analytics \> Active rules**, right-click on the **Advanced Multistage Attack Detection** rule, and select **Disable.**
 
-For Microsoft Sentinel workspaces that are onboarded to the Microsoft Defender portal, Fusion is disabled.Its functionality is replaced by the Microsoft Defender XDR correlation engine.
+For Microsoft Sentinel workspaces that are onboarded to the Microsoft Defender portal, Fusion is disabled. Its functionality is replaced by the Microsoft Defender XDR correlation engine.
 
 ## Fusion for emerging threats
 
@@ -70,7 +70,7 @@ The Fusion engine's ML algorithms constantly learn from existing attacks and app
 
 You don't need to have connected all the data sources listed above in order to make Fusion for emerging threats work. However, the more data sources you have connected, the broader the coverage, and the more threats Fusion will find.
 
-When the Fusion engine's correlations result in the detection of an emerging threat, Microsoft Sentinel generats a high-severity incident titled **Possible multistage attack activities detected by Fusion**.
+When the Fusion engine's correlations result in the detection of an emerging threat, Microsoft Sentinel generates a high-severity incident titled **Possible multistage attack activities detected by Fusion**.
 
 ## Fusion for ransomware
 
diff --git a/articles/sentinel/investigate-cases.md b/articles/sentinel/investigate-cases.md
@@ -12,7 +12,7 @@ appliesto:
 
 # Investigate incidents with Microsoft Sentinel (legacy)
 
-This article hels you use Microsoft Sentinel's legacy incident investigation experience. If you're using the newer version of the interface, use the newer set of instructions to match. For more information, see [Navigate and investigate incidents in Microsoft Sentinel](investigate-incidents.md).
+This article helps you use Microsoft Sentinel's legacy incident investigation experience. If you're using the newer version of the interface, use the newer set of instructions to match. For more information, see [Navigate and investigate incidents in Microsoft Sentinel](investigate-incidents.md).
 
 After connecting your data sources to Microsoft Sentinel, you want to be notified when something suspicious happens. To enable you to do this, Microsoft Sentinel lets you create advanced analytics rules that generate incidents that you can assign and investigate.
 
@@ -209,7 +209,7 @@ For more information about false positives and benign positives, see [Handle fal
 
 After choosing the appropriate classification, add some descriptive text in the **Comment** field. This is useful in the event you need to refer back to this incident. Select **Apply** when you’re done, and the incident is closed.
 
-:::image type="content" source="media/investigate-cases/closing-reasons-comment-apply.png" alt-text="{alt-text}":::
+:::image type="content" source="media/investigate-cases/closing-reasons-comment-apply.png" alt-text="Screenshot of closing an incident.":::
 
 ## Search for incidents
 
diff --git a/articles/sentinel/investigate-incidents.md b/articles/sentinel/investigate-incidents.md
@@ -432,7 +432,7 @@ For more information about false positives and benign positives, see [Handle fal
 
 After choosing the appropriate classification, add some descriptive text in the **Comment** field. This is useful in the event you need to refer back to this incident. Select **Apply** when you’re done, and the incident is closed.
 
-:::image type="content" source="media/investigate-incidents/closing-reasons-comment-apply.png" alt-text="{alt-text}":::
+:::image type="content" source="media/investigate-incidents/closing-reasons-comment-apply.png" alt-text="Screenshot of closing an incident.":::
 
 ## Search for incidents
 
diff --git a/articles/sentinel/kusto-overview.md b/articles/sentinel/kusto-overview.md
@@ -58,7 +58,7 @@ Explore the demo environment. Like Log Analytics in your production environment,
 
 Like in this demo environment, you can query and filter data in the Microsoft Sentinel **Logs** page. You can select a table and drill down to see columns. You can modify the default columns shown using the **Column chooser**, and you can set the default time range for queries. If the time range is explicitly defined in the query, the time filter is unavailable (grayed out). For more information, see 
 
-If your onboarded to [Microsoft's unified security operations platform](microsoft-sentinel-defender-portal.md), you can also query and filter data in the Microsoft Defender **Advanced hunting** page. For more information, see [Advanced hunting with Microsoft Sentinel data in Microsoft Defender portal](/defender-xdr/advanced-hunting-microsoft-defender?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json&branch=main).
+If you're onboarded to [Microsoft's unified security operations platform](microsoft-sentinel-defender-portal.md), you can also query and filter data in the Microsoft Defender **Advanced hunting** page. For more information, see [Advanced hunting with Microsoft Sentinel data in Microsoft Defender portal](/defender-xdr/advanced-hunting-microsoft-defender?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json&branch=main).
 
 ## Query structure
 
@@ -86,7 +86,7 @@ SigninLogs                              // Get data
 Because the output of every step serves as the input for the following step, the order of the steps can determine the query's results and affect its performance. It's crucial that you order the steps according to what you want to get out of the query.
 
 > [!TIP]
-> - A good rule of thumb is to filter your data early, so you are only passing relevant data down the pipeline. This greatly increases performance and ensure that you aren't accidentally including irrelevant data in summarization steps.
+> - A good rule of thumb is to filter your data early, so you are only passing relevant data down the pipeline. This greatly increases performance and ensures that you aren't accidentally including irrelevant data in summarization steps.
 > - This article points out some other best practices to keep in mind. For a more complete list, see [query best practices](/azure/data-explorer/kusto/query/best-practices).
 
 Hopefully, you now have an appreciation for the overall structure of a query in Kusto Query Language. Now let's look at the actual query operators themselves, which are used to create a query.
@@ -144,7 +144,7 @@ While most of the data types are standard, you might be less familiar with types
 | `Tick` | nanoseconds |
 
 
-***Guid*** is a datatype representing a 128-bit, globally-unique identifier, which follows the standard format of [8]-[4]-[4]-[4]-[12], where each [number] represents the number of characters and each character can range from 0-9 or a-f.
+***Guid*** is a datatype representing a 128-bit, globally unique identifier, which follows the standard format of [8]-[4]-[4]-[4]-[12], where each [number] represents the number of characters and each character can range from 0-9 or a-f.
 
 > [!NOTE]
 > Kusto Query Language has both tabular and scalar operators. Throughout the rest of this article, if you simply see the word "operator," you can assume it means tabular operator, unless otherwise noted.
diff --git a/articles/sentinel/multiple-tenants-service-providers.md b/articles/sentinel/multiple-tenants-service-providers.md
@@ -33,7 +33,7 @@ If you have registered Microsoft Sentinel in your tenant, and your customers in
 
 1. From the ***subscription name* | Resource providers** screen, search for and select *Microsoft.OperationalInsights* and *Microsoft.SecurityInsights*, and check the **Status** column. If the provider's status is *NotRegistered*, select **Register**.
 
-    :::image type="content" source="media/multiple-tenants-service-providers/check-resource-provider.png" alt-text="Check resource providers":::
+    :::image type="content" source="media/multiple-tenants-service-providers/check-resource-provider.png" alt-text="Screenshot of checking resource providers.":::
 
 ## Access Microsoft Sentinel in managed tenants
 
