fix links

austinmccollum · austinmccollum · commit 924469182d64 · 2025-01-29T02:51:19.000-06:00
diff --git a/articles/sentinel/add-entity-to-threat-intelligence.md b/articles/sentinel/add-entity-to-threat-intelligence.md
@@ -19,7 +19,7 @@ During an investigation, you examine entities and their context as an important
 
 For example, you might discover an IP address that performs port scans across your network or functions as a command and control node by sending and/or receiving transmissions from large numbers of nodes in your network.
 
-With Microsoft Sentinel, you can flag these types of entities from within your incident investigation and add them to your threat intelligence. You can view the added indicators in **Logs** and **Threat Intelligence** and use them across your Microsoft Sentinel workspace.
+With Microsoft Sentinel, you can flag these types of entities from within your incident investigation and add them to your threat intelligence. You can view the added indicators by querying them or searching for them in the threat intelligence management interface and use them across your Microsoft Sentinel workspace.
 
 ## Add an entity to your threat intelligence
 
@@ -129,7 +129,7 @@ Whichever of the two interfaces you choose, you end up here.
 
 1. When all the fields are filled in to your satisfaction, select **Apply**. A message appears in the upper-right corner to confirm that your indicator was created.
 
-1. The entity is added as a threat indicator in your workspace. You can find it [in the list of indicators on the Threat intelligence page](work-with-threat-indicators.md#find-and-view-your-indicators-on-the-threat-intelligence-page). You can also find it [in the ThreatIntelligenceIndicators table in Logs](work-with-threat-indicators.md#find-and-view-your-indicators-in-logs).
+1. The entity is added as threat intelligence in your workspace. You can find it [in threat intelligence management interface](work-with-threat-indicators.md#view-your-threat-intelligence-in-the-management-interface). You can also query it [using the ThreatIntelligenceIndicators table](work-with-threat-indicators.md#find-and-view-your-indicators-with-queries).
 
 ## Related content
 
diff --git a/articles/sentinel/indicators-bulk-file-import.md b/articles/sentinel/indicators-bulk-file-import.md
@@ -69,7 +69,7 @@ The templates provide all the fields you need to create a single valid indicator
 
 1. Drag your bulk threat intelligence file to the **Upload a file** section, or browse for the file by using the link.
 
-1. Enter a source for the threat intelligence in the **Source** text box. This value is stamped on all the indicators included in that file. View this property as the `SourceSystem` field. The source is also displayed in the **Manage file imports** pane. For more information, see [Work with threat indicators](work-with-threat-indicators.md#find-and-view-your-indicators-in-logs). 
+1. Enter a source for the threat intelligence in the **Source** text box. This value is stamped on all the indicators included in that file. View this property as the `SourceSystem` field. The source is also displayed in the **Manage file imports** pane. For more information, see [Work with threat indicators](work-with-threat-indicators.md#find-and-view-your-indicators-with-queries). 
 
 1. Choose how you want Microsoft Sentinel to handle invalid entries by selecting one of the buttons at the bottom of the **Import using a file** pane:
 
@@ -153,7 +153,7 @@ Here's an example `ipv4-addr` indicator and `attack-pattern` using the JSON file
       "name": "Sample IPv4 indicator",
       "description": "This indicator implements an observation expression.",
       "indicator_types": [
-	    "anonymization",
+        "anonymization",
         "malicious-activity"
       ],
       "kill_chain_phases": [
diff --git a/articles/sentinel/understand-threat-intelligence.md b/articles/sentinel/understand-threat-intelligence.md
@@ -196,7 +196,7 @@ Threat intelligence indicators are ingested into the `ThreatIntelligenceIndicato
 
 The `IndicatorId` property is generated using the STIX indicator ID. When indicators are imported or created from non-STIX sources, `IndicatorId` is generated from the source and pattern of the indicator.
 
-For more information, see [Work with threat intelligence in Microsoft Sentinel](work-with-threat-indicators.md#find-and-view-your-indicators).
+For more information, see [Work with threat intelligence in Microsoft Sentinel](work-with-threat-indicators.md#find-and-view-your-indicators-with-queries).
 
 ### View your GeoLocation and WhoIs data enrichments (public preview)
 
