pre-review fixes

batamig · batamig · commit 9065a1928522 · 2022-02-18T10:23:23.000+02:00
diff --git a/articles/sentinel/TOC.yml b/articles/sentinel/TOC.yml
@@ -11,7 +11,6 @@
   items:
   - name: Onboard to Microsoft Sentinel
     href: quickstart-onboard.md
-  - name: Understand MITRE ATT&CK coverage
 - name: Tutorials
   items:
   - name: Investigate with UEBA
@@ -136,6 +135,8 @@
       href: resource-context-rbac.md
   - name: Migrate to Microsoft Sentinel
     href: migration.md
+  - name: Understand MITRE ATT&CK coverage
+    href: mitre-coverage.md
   - name: Manage Microsoft Sentinel content
     items:
     - name: Discover and deploy out-of-the-box content
diff --git a/articles/sentinel/media/whats-new/mitre-coverage.png b/articles/sentinel/media/whats-new/mitre-coverage.png
diff --git a/articles/sentinel/mitre-coverage.md b/articles/sentinel/mitre-coverage.md
@@ -15,7 +15,7 @@ ms.author: bagol
 
 [MITRE ATT&CK](https://attack.mitre.org/#) is a publicly accessible knowledge base of tactics and techniques that are commonly used by attackers, and is created and maintained by observing real-world observations. Many organizations use the MITRE ATT&CK knowledge base to develop specific threat models and methodologies that are used to verify security status in their environments.
 
-Microsoft Sentinel analyzes ingested data, not only to [detect threats](detect-threats-built-in.md) help you [investigate](investigate-cases.md), but also to visualize the nature and coverage of your organization's security status.
+Microsoft Sentinel analyzes ingested data, not only to [detect threats](detect-threats-built-in.md) and help you [investigate](investigate-cases.md), but also to visualize the nature and coverage of your organization's security status.
 
 This article describes how to use the **MITRE** page in Microsoft Sentinel to view the detections already active in your workspace, and those available for you to configure, to understand your organization's security coverage, based on the tactics and techniques from the MITRE ATT&CK® framework.
 
@@ -25,7 +25,7 @@ Microsoft Sentinel is currently aligned to The MITRE ATT&CK framework, version 9
 
 ##  View current MITRE coverage
 
-In Microsoft Sentinel, in the **General** menu on the left, select **MITRE**. By default, both currently active scheduled query and NRT rules are indicated in the coverage matrix.
+In Microsoft Sentinel, in the **Threat management** menu on the left, select **MITRE**. By default, both currently active scheduled query and near real-time (NRT) rules are indicated in the coverage matrix.
 
 - **Use the legend at the top-right** to understand how many detections are currently active in your workspace for specific technique.
 
@@ -36,11 +36,7 @@ In Microsoft Sentinel, in the **General** menu on the left, select **MITRE**. By
     - Select **View technique details** for more information about the selected technique in the MITRE ATT&CK framework knowledge base.
 
     - Select links to any of the active items to jump to the relevant area in Microsoft Sentinel.
-<!--
-> [!NOTE]
-> When you have the [Microsoft Defender for IoT](data-connectors-reference.md#microsoft-defender-for-iot) data connector connected, two additional columns are displayed, for for *Inhibit Response Function* and *Impair Process Control*.
->
--->
+
 ## Simulate possible coverage with available detections
 
 In the MITRE coverage matrix, *simulated* coverage refers to detections that are available, but not currently configured, in your Microsoft Sentinel workspace. View your simulated coverage to understand your organization's possible security status, were you to configure all detections available to you.
@@ -61,11 +57,6 @@ Select items in the **Simulate** menu to simulate your organization's possible s
 
     For example, select **Hunting queries** to jump to the **Hunting** page. There, you'll see a filtered list of the hunting queries that are associated with the selected technique, and available for you to configure in your workspace.
 
-<!--
-> [!NOTE]
-> When you have the [Microsoft Defender for IoT](data-connectors-reference.md#microsoft-defender-for-iot) data connector connected, two additional columns are displayed, for for *Inhibit Response Function* and *Impair Process Control*.
->
--->
 ## Use the MITRE ATT&CK framework in analytics rules and incidents
 
 Having a scheduled rule with MITRE techniques applied running regularly in your Microsoft Sentinel workspace enhances the security status shown for your organization in the MITRE coverage matrix.
@@ -91,7 +82,6 @@ Having a scheduled rule with MITRE techniques applied running regularly in your
 
     For more information, see [Hunt for threats with Microsoft Sentinel](hunting.md) and [Keep track of data during hunting with Microsoft Sentinel](bookmarks.md).
 
-
 ## Next steps
 
 For more information, see:
