Merge pull request #284789 from ecfan/ise

ISE retirement prep: Fix references to integration service environment and naming

Author: v-shils

articles/sentinel/automation/create-playbooks.md

@@ -36,28 +36,28 @@ Azure Logic Apps also supports other types of connectors, such as managed connec
 
 ## Supported logic app types
 
-Microsoft Sentinel supports both *consumption* and *standard* Azure Logic Apps resource types:
+Microsoft Sentinel supports both Consumption and Standard logic apps:
 
-- **Consumption** resources run in multitenant Azure Logic Apps and use the classic, original Azure Logic Apps engine.
+- **Consumption**: Runs in multitenant Azure Logic Apps, and uses the classic, original Azure Logic Apps engine.
 
-- **Standard** resources run in single-tenant Azure Logic Apps and use a more recently designed Azure Logic Apps engine.
+- **Standard**: Runs in single-tenant Azure Logic Apps, and uses a more recently designed Azure Logic Apps engine.
 
-    Standard resources offer higher performance, fixed pricing, multiple workflow capability, easier API connections management, built-in network capabilities and CI/CD features, and more. However, the following playbook functionality differs for Standard resources in Microsoft Sentinel:
+   Standard resources offer higher performance, fixed pricing, multiple workflow capability, easier API connections management, built-in network capabilities and CI/CD features, and more. However, the following playbook functionality differs for Standard logic apps in Microsoft Sentinel:
 
-    |Feature  |Description  |
-    |---------|---------|
-    |**Creating playbooks**  | Playbook templates aren't currently supported for Standard workflows, which means that you can't use a template to create your playbook directly in Microsoft Sentinel. <br><br>Instead, create your workflow manually in Azure Logic Apps to use it as a playbook in Microsoft Sentinel.       |
-    |**Private endpoints**    |   If you're using Standard workflows with private endpoints, Microsoft Sentinel requires you to [define an access restriction policy in Logic apps](../define-playbook-access-restrictions.md) to support those private endpoints in any playbooks based on Standard workflows. <br><br> Without an access restriction policy, workflows with private endpoints might still be visible and selectable in Microsoft Sentinel, but running them will fail. |
-    |**Stateless workflows**    | While Standard workflows support both *stateful* and *stateless* in Azure Logic Apps, Microsoft Sentinel doesn't support stateless workflows. <br><br>For more information, see [Stateful and stateless workflows](/azure/logic-apps/single-tenant-overview-compare#stateful-and-stateless-workflows).
+  | Feature | Description |
+  |---------|-------------|
+  | **Creating playbooks** | Playbook templates aren't currently supported for Standard workflows, which means that you can't use a template to create your playbook directly in Microsoft Sentinel. <br><br>Instead, create your workflow manually in Azure Logic Apps to use it as a playbook in Microsoft Sentinel. |
+  | **Private endpoints** | If you're using Standard workflows with private endpoints, Microsoft Sentinel requires you to [define an access restriction policy in Logic apps](../define-playbook-access-restrictions.md) to support those private endpoints in any playbooks based on Standard workflows. <br><br>Without an access restriction policy, workflows with private endpoints might still be visible and selectable in Microsoft Sentinel, but running them will fail. |
+  | **Stateless workflows** | While Standard workflows support both *stateful* and *stateless* in Azure Logic Apps, Microsoft Sentinel doesn't support stateless workflows. <br><br>For more information, see [Stateful and stateless workflows](/azure/logic-apps/single-tenant-overview-compare#stateful-and-stateless-workflows). |
 
 ## Playbook authentications to Microsoft Sentinel
 
-Azure Logic Apps must connect separately and authenticate independently to each resource, of each type, that it interacts with, including to Microsoft Sentinel itself. Logic Apps uses [specialized connectors](/connectors/connector-reference/) for this purpose, with each resource type having its own connector.
+Azure Logic Apps must connect separately and authenticate independently to each resource, of each type, that it interacts with, including to Microsoft Sentinel itself. Azure Logic Apps uses [specialized connectors](/connectors/connector-reference/) for this purpose, with each resource type having its own connector.
 
 For more information, see [Authenticate playbooks to Microsoft Sentinel](../authenticate-playbooks-to-sentinel.md).
 
 ## Related content
 
 - [Resource type and host environment differences](/azure/logic-apps/logic-apps-overview#resource-environment-differences) in the Azure Logic Apps documentation
-- [Microsoft Sentinel Logic Apps connector](/connectors/azuresentinel/) in the Azure Logic Apps documentation
+- [Microsoft Sentinel connector for Azure Logic Apps](/connectors/azuresentinel/) in the Azure Logic Apps documentation
 - [Create and manage Microsoft Sentinel playbooks](create-playbooks.md)

articles/sentinel/automation/logic-apps-playbooks.md

@@ -108,10 +108,10 @@ This section lists recommended playbooks, and other similar playbooks are availa
 
 | Playbook | Folder in<br>GitHub&nbsp;repository |Solution in Content hub/<br>Azure Marketplace |
 | -------- | ----------------------------------- |--------------------------------------------- |
-| **Post a message in a Microsoft Teamschannel** | [Post-Message-Teams](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SentinelSOARessentials/Playbooks/Post-Message-Teams) | [Sentinel SOAR Essentialssolution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-sentinelsoaressentials?tab=Overview) |
-| **Send an Outlook email notification** | [Send-basic-email](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SentinelSOARessentials/Playbooks/Send-basic-email) | [Sentinel SOAR Essentialssolution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-sentinelsoaressentials?tab=Overview) |
-| **Post a message in a Slack channel** | [Post-Message-Slack](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SentinelSOARessentials/Playbooks/Post-Message-Slack) | [Sentinel SOAR Essentialssolution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-sentinelsoaressentials?tab=Overview) |
-| **Send Microsoft Teams adaptive card on incident creation** | [Send-Teams-adaptive-card-on-incident-creation](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Teams/Playbooks/Send-Teams-adaptive-card-on-incident-creation) |[Sentinel SOAR Essentials solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-sentinelsoaressentials?tab=Overview) |
+| **Post a message in a Microsoft Teams channel** | [Post-Message-Teams](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SentinelSOARessentials/Playbooks/Post-Message-Teams) | [Sentinel SOAR Essentials Solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-sentinelsoaressentials?tab=Overview) |
+| **Send an Outlook email notification** | [Send-basic-email](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SentinelSOARessentials/Playbooks/Send-basic-email) | [Sentinel SOAR Essentials Solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-sentinelsoaressentials?tab=Overview) |
+| **Post a message in a Slack channel** | [Post-Message-Slack](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SentinelSOARessentials/Playbooks/Post-Message-Slack) | [Sentinel SOAR Essentials Solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-sentinelsoaressentials?tab=Overview) |
+| **Send Microsoft Teams adaptive card on incident creation** | [Send-Teams-adaptive-card-on-incident-creation](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Teams/Playbooks/Send-Teams-adaptive-card-on-incident-creation) |[Sentinel SOAR Essentials Solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-sentinelsoaressentials?tab=Overview) |
 
 ### Blocking playbook templates
 
@@ -132,7 +132,7 @@ This section lists recommended playbooks, and other similar playbooks are availa
 | -------- | ----------------------------------- | --------------------------------------------- |
 | **Create an incident using Microsoft Forms** | [CreateIncident-MicrosoftForms](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SentinelSOARessentials/Playbooks/CreateIncident-MicrosoftForms) | [Sentinel SOAR Essentials solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-sentinelsoaressentials?tab=Overview) |
 | **Relate alerts to incidents** | [relateAlertsToIncident-basedOnIP](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SentinelSOARessentials/Playbooks/relateAlertsToIncident-basedOnIP) | [Sentinel SOAR Essentials solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-sentinelsoaressentials?tab=Overview) |
-| **Create a ServiceNow incident** | [Create-SNOW-record](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Servicenow/Playbooks/Create-SNOW-record) | [ServiceNow solution](https://azuremarketplace.microsoft.com/en-US/marketplace/apps/azuresentinel.azure-sentinel-solution-servicenow?tab=Overview) |
+| **Create a Service Now incident** | [Create-SNOW-record](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Servicenow/Playbooks/Create-SNOW-record) | [ServiceNow solution](https://azuremarketplace.microsoft.com/en-US/marketplace/apps/azuresentinel.azure-sentinel-solution-servicenow?tab=Overview) |
 
 ## Commonly used playbook configurations
 
@@ -144,41 +144,41 @@ This section provides sample screenshots of how you might use a playbook to upda
 
 **Update an incident based on a new incident** (incident trigger):
 
-![Screenshot of an incident trigger simple update flow example.](../media/playbook-triggers-actions/incident-simple-flow.png)
+![Screenshot of an incident trigger simple update flow example.](../media/playbook-recommendations/incident-simple-flow.png)
 
 **Update an incident based on a new alert** (alert trigger):
 
-![Screenshot of an alert trigger simple update incident flow example.](../media/playbook-triggers-actions/alert-update-flow.png)
+![Screenshot of an alert trigger simple update incident flow example.](../media/playbook-recommendations/alert-update-flow.png)
 
 ### Use incident details in your flow
 
 This section provides sample screenshots of how you might use your playbook to use incident details elsewhere in your flow:
 
 **Send incident details by mail, using a playbook triggered by a new incident**: 
 
-![Screenshot of an incident trigger simple get flow example.](../media/playbook-triggers-actions/incident-simple-mail-flow.png)
+![Screenshot of an incident trigger simple get flow example.](../media/playbook-recommendations/incident-simple-mail-flow.png)
 
 **Send incident details by mail, using a playbook triggered by a new alert**:
 
-![Screenshot of an alert trigger simple get incident flow example.](../media/playbook-triggers-actions/alert-simple-mail-flow.png)
+![Screenshot of an alert trigger simple get incident flow example.](../media/playbook-recommendations/alert-simple-mail-flow.png)
 
 ### Add a comment to an incident
 
 This section provides sample screenshots of how you might use your playbook to add comments to an incident:
 
 **Add a comment to an incident, using a playbook triggered by a new incident**:
 
-![Screenshot of an incident trigger simple add comment example.](../media/playbook-triggers-actions/incident-comment.png)
+![Screenshot of an incident trigger simple add comment example.](../media/playbook-recommendations/incident-comment.png)
 
 **Add a comment to an incident, using a playbook triggered by a new alert**:
 
-![Screenshot of an alert trigger simple add comment example.](../media/playbook-triggers-actions/alert-comment.png)
+![Screenshot of an alert trigger simple add comment example.](../media/playbook-recommendations/alert-comment.png)
 
 ### Disable a user
 
 The following screenshot shows an example of how you might use your playbook to disable a user account, based on a Microsoft Sentinel entity trigger:
 
-:::image type="content" source="../media/playbook-triggers-actions/entity-trigger-actions.png" alt-text="Screenshot showing actions to take in an entity-trigger playbook to disable a user.":::
+:::image type="content" source="../media/playbook-recommendations/entity-trigger-actions.png" alt-text="Screenshot showing actions to take in an entity-trigger playbook to disable a user.":::
 
 ## Related content
 

articles/sentinel/automation/playbook-recommendations.md

@@ -54,7 +54,7 @@ In a multitenant deployment, if the playbook you want to run is in a different t
 1. Select the **Configure permissions** button to open the **Manage permissions** panel.
 1. Mark the check boxes of the resource groups containing the playbooks you want to run, and select **Apply**. For example:
 
-    :::image type="content" source="../media/tutorial-respond-threats-playbook/manage-permissions.png" alt-text="Screenshot that shows the actions section with run playbook selected.":::
+    :::image type="content" source="../media/run-playbooks/manage-permissions.png" alt-text="Screenshot that shows the actions section with run playbook selected.":::
 
 You yourself must have **Owner** permissions on any resource group to which you want to grant Microsoft Sentinel permissions, and you must have the **Microsoft Sentinel Playbook Operator** role on any resource group containing playbooks you want to run.
 
@@ -88,17 +88,17 @@ To respond automatically to entire incidents or individual alerts with a playboo
 
 1. From the **Automation** page in the Microsoft Sentinel navigation menu, select **Create** from the top menu and then **Automation rule**. For example:
 
-   :::image type="content" source="../media/tutorial-respond-threats-playbook/add-new-rule.png" alt-text="Screenshot showing how to add a new automation rule.":::
+   :::image type="content" source="../media/run-playbooks/add-new-rule.png" alt-text="Screenshot showing how to add a new automation rule.":::
 
 1. The **Create new automation rule** panel opens. Enter a name for your rule. Your options differ depending on whether your workspace is onboarded to the unified security operations platform. For example:
 
     ### [Onboarded workspaces](#tab/after-onboarding)
 
-    :::image type="content" source="../media/tutorial-respond-threats-playbook/create-automation-rule-onboarded.png" alt-text="Screenshot showing the automation rule creation wizard.":::
+    :::image type="content" source="../media/run-playbooks/create-automation-rule-onboarded.png" alt-text="Screenshot showing the automation rule creation wizard.":::
 
     ### [Workspaces that aren't onboarded](#tab/before-onboarding)
 
-   :::image type="content" source="../media/tutorial-respond-threats-playbook/create-automation-rule.png" alt-text="Screenshot showing the automation rule creation wizard.":::
+   :::image type="content" source="../media/run-playbooks/create-automation-rule.png" alt-text="Screenshot showing the automation rule creation wizard.":::
 
     ---
 
@@ -127,7 +127,7 @@ To respond automatically to entire incidents or individual alerts with a playboo
 
        In the **Manage permissions** panel that opens up, mark the check boxes of the resource groups containing the playbooks you want to run, and select **Apply**. For example:
 
-       :::image type="content" source="../media/tutorial-respond-threats-playbook/manage-permissions.png" alt-text="Screenshot that shows the actions section with run playbook selected.":::
+       :::image type="content" source="../media/run-playbooks/manage-permissions.png" alt-text="Screenshot that shows the actions section with run playbook selected.":::
 
         You yourself must have **Owner** permissions on any resource group to which you want to grant Microsoft Sentinel permissions, and you must have the **Microsoft Sentinel Playbook Operator** role on any resource group containing playbooks you want to run.