Merge pull request #201972 from cwatson-cat/6-17-22-toc-3-sent

Sentinel - reorg TOC for content model alignment & accessibility

Author: v-stsavell

articles/sentinel/TOC.yml

@@ -17,95 +17,95 @@
     href: investigate-with-ueba.md
   - name: Use automation to respond to threats
     href: tutorial-respond-threats-playbook.md
-  - name: Write your first query with Kusto Query Language (Learn module)
-    href: /learn/modules/write-first-query-kusto-query-language/
   - name: Get started with notebooks and MSTICPy
     href: notebook-get-started.md
   - name: Create a Power BI report from Microsoft Sentinel
     href: powerbi.md
   - name: Deploy and monitor decoy honeytokens
     href: monitor-key-vault-honeytokens.md
   - name: Build and monitor Zero Trust
-    href: /security/zero-trust/integrate/sentinel-solution
+    href: /security/zero-trust/integrate/sentinel-solution?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json
   - name: Integrate with Microsoft Defender for IoT
     href: iot-solution.md
   - name: Integrate with Microsoft Purview
     href: purview-solution.md
 - name: Concepts
   items:
-  - name: Microsoft Sentinel prerequisites
-    href: prerequisites.md
-  - name: Costs and billing
+  - name: Plan
     items:
-    - name: Plan costs
-      href: billing.md
-    - name: Monitor costs
-      href: billing-monitor-costs.md
-    - name: Reduce costs
-      href: billing-reduce-costs.md
-  - name: Best practices
-    items:
-    - name: Overview
-      href: best-practices.md
-    - name: Workspace architecture
-      href: best-practices-workspace-architecture.md
-    - name: Data collection
-      href: best-practices-data.md
-    - name: Partner integrations
-      href: partner-integrations.md
-    - name: Basic Logs
-      href: basic-logs-use-cases.md
-  - name: Architecture
-    items:
-    - name: Roles and permissions
-      href: roles.md
-    - name: Extend Microsoft Sentinel across workspaces and tenants
-      href: extend-sentinel-across-workspaces-tenants.md
-    - name: Security baseline
-      href: /security/benchmark/azure/baselines/sentinel-security-baseline?toc=%2fazure%2fsentinel%2fTOC.json
-  - name: Microsoft Sentinel content
+    - name: Prerequisites
+      href: prerequisites.md
+    - name: Costs and billing
+      items:
+      - name: Plan costs
+        href: billing.md
+      - name: Monitor costs
+        href: billing-monitor-costs.md
+      - name: Reduce costs
+        href: billing-reduce-costs.md
+    - name: Best practices
+      items:
+      - name: Overview
+        href: best-practices.md
+      - name: Workspace architecture
+        href: best-practices-workspace-architecture.md
+      - name: Data collection
+        href: best-practices-data.md
+      - name: Partner integrations
+        href: partner-integrations.md
+      - name: Basic Logs
+        href: basic-logs-use-cases.md
+    - name: Architecture
+      items:
+      - name: Roles and permissions
+        href: roles.md
+      - name: Extend Microsoft Sentinel across workspaces and tenants
+        href: extend-sentinel-across-workspaces-tenants.md
+      - name: Security baseline
+        href: /security/benchmark/azure/baselines/sentinel-security-baseline?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json
+  - name: Find solutions and content
     items:
     - name: About Sentinel content
       href: sentinel-solutions.md
     - name: Content hub catalog
       href: sentinel-solutions-catalog.md
-  - name: Data collection and analysis
+  - name: Collect data
     items:
     - name: Data collection methods
       href: connect-data-sources.md
     - name: Classifying data with entities
       href: entities.md
     - name: Ingestion-time data transformation
       href: data-transformation.md
-  - name: Normalization with ASIM
+    - name: Write queries with Kusto Query Language
+      items:
+      - name: Overview
+        href: kusto-overview.md
+      - name: Query best practices
+        href: /azure/data-explorer/kusto/query/best-practices?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json
+      - name: SQL to KQL cheat sheet
+        href: /azure/data-explorer/kusto/query/sqlcheatsheet?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json
+      - name: Splunk to KQL cheat sheet
+        href: /azure/data-explorer/kusto/query/splunk-cheat-sheet?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json
+      - name: KQL quick reference
+        href: /azure/data-explorer/kql-quick-reference?toc=%2Fazure%2Fsentinel%2FTOC.json&bc=%2Fazure%2Fsentinel%2Fbreadcrumb%2Ftoc.json
+      - name: Other KQL resources
+        href: kusto-resources.md
+  - name: Normalize data
     items:
     - name: ASIM overview
       href: normalization.md
     - name: ASIM schemas
       href: normalization-about-schemas.md
     - name: ASIM parsers
       href: normalization-parsers-overview.md
-  - name: Kusto Query Language in Microsoft Sentinel
-    items:
-    - name: Overview
-      href: kusto-overview.md
-    - name: Query best practices
-      href: /azure/data-explorer/kusto/query/best-practices
-    - name: SQL to KQL cheat sheet
-      href: /azure/data-explorer/kusto/query/sqlcheatsheet
-    - name: Splunk to KQL cheat sheet
-      href: /azure/data-explorer/kusto/query/splunk-cheat-sheet
-    - name: KQL quick reference
-      href: /azure/data-explorer/kql-quick-reference
-    - name: Other KQL resources
-      href: kusto-resources.md
-  - name: Threat intelligence
+  - name: Integrate threat intelligence
     items:
     - name: Understand threat intelligence in Microsoft Sentinel
       href: understand-threat-intelligence.md
     - name: Threat intelligence integrations
       href: threat-intelligence-integration.md
-  - name: Threat detection
+  - name: Detect threats and analyze data
     items:
     - name: Built-in threat detection rules
       href: detect-threats-built-in.md
@@ -119,17 +119,17 @@
       href: fusion.md
     - name: Watchlists
       href: watchlists.md
-  - name: Threat hunting
+  - name: Hunt for threats
     items:
     - name: Overview
       href: hunting.md
     - name: Jupyter Notebooks
       href: notebooks.md
-  - name: Investigate
+  - name: Investigate incidents
     items:
     - name: Investigate large datasets
       href: investigate-large-datasets.md
-  - name: SOAR
+  - name: Automate responses
     items:
     - name: Orchestration, automation, and response
       href: automation.md
@@ -139,18 +139,22 @@
       href: automate-responses-with-playbooks.md
     - name: Bring your own machine learning
       href: bring-your-own-ml.md
-  - name: Microsoft 365 Defender integration
+  - name: Integrate Microsoft 365 Defender
     href: microsoft-365-defender-sentinel-integration.md
+  - name: Integrate SAP
+    items:
+    - name: Deployment overview
+      href: sap/deployment-overview.md
+    - name: Deployment prerequisites
+      href: sap/prerequisites-for-deploying-sap-continuous-threat-monitoring.md
 - name: How-tos
   items:
-  - name: Design your workspace architecture
+  - name: Plan architecture
     items:
     - name: Overview
       href: design-your-workspace-architecture.md
     - name: Sample workspace designs
       href: sample-workspace-designs.md
-    - name: Plan and manage costs
-      href: billing.md
     - name: Manage workspace access
       href: resource-context-rbac.md
   - name: Migrate to Microsoft Sentinel
@@ -199,9 +203,7 @@
       href: migration-security-operations-center-processes.md
   - name: Deploy side-by-side
     href: deploy-side-by-side.md
-  - name: Understand MITRE ATT&CK coverage
-    href: mitre-coverage.md
-  - name: Manage Microsoft Sentinel content
+  - name: Find solutions and content
     items:
     - name: Discover and deploy out-of-the-box content
       href: sentinel-solutions-deploy.md
@@ -211,7 +213,7 @@
       href: sentinel-solutions-delete.md
   - name: Collect data
     items:
-    - name: Connect your data source
+    - name: Find data connector
       href: data-connectors-reference.md
     - name: Top connectors
       expanded: true
@@ -262,7 +264,7 @@
       href: monitor-data-connector-health.md
     - name: Integrate Azure Data Explorer
       href: store-logs-in-azure-data-explorer.md
-  - name: Use ASIM to normalize data
+  - name: Normalize data
     items:
     - name: Use ASIM
       href: normalization-about-parsers.md
@@ -272,7 +274,7 @@
       href: normalization-manage-parsers.md
     - name: Modify content to use ASIM
       href: normalization-modify-content.md
-  - name: Use threat intelligence
+  - name: Integrate threat intelligence
     items:
     - name: Connect threat intelligence platforms
       href: connect-threat-intelligence-tip.md
@@ -288,6 +290,8 @@
       href: ./monitor-your-data.md
   - name: Detect threats and analyze data
     items:
+    - name: MITRE ATT&CK coverage
+      href: mitre-coverage.md
     - name: Create threat detection rules
       items:
       - name: Create a scheduled query rule
@@ -386,14 +390,10 @@
       href: audit-sentinel-data.md
     - name: Remove Microsoft Sentinel from your workspaces
       href: offboard.md
-- name: Integrate SAP and Microsoft Sentinel
-  items:
+  - name: Integrate SAP
+    items: 
     - name: Deployment guide
       items: 
-      - name: Deployment overview
-        href: sap/deployment-overview.md
-      - name: Deployment prerequisites
-        href: sap/prerequisites-for-deploying-sap-continuous-threat-monitoring.md
       - name: Prepare SAP environment
         href: sap/preparing-sap.md
       - name: Deploy data connector agent
@@ -412,24 +412,24 @@
         href: sap/sap-solution-deploy-alternate.md
     - name: Troubleshooting
       items:
-        - name: Troubleshooting SAP solution deployment
-          href: sap/sap-deploy-troubleshoot.md
-        - name: Configure Transport Management System
-          href: sap/configure-transport.md
-    - name: Reference
-      items:
-      - name: SAP solution data reference
-        href: sap/sap-solution-log-reference.md
-      - name: SAP solution content overview
-        href: sap/sap-solution-security-content.md
-      - name: Kickstart script reference
-        href: sap/reference-kickstart.md
-      - name: Container update script reference
-        href: sap/reference-update.md
-      - name: Systemconfig.ini file reference
-        href: sap/reference-systemconfig.md
+      - name: Troubleshooting SAP solution deployment
+        href: sap/sap-deploy-troubleshoot.md
+      - name: Configure Transport Management System
+        href: sap/configure-transport.md
 - name: Reference
   items:
+  - name: SAP solution
+    items:
+    - name: SAP solution data reference
+      href: sap/sap-solution-log-reference.md
+    - name: SAP solution content overview
+      href: sap/sap-solution-security-content.md
+    - name: Kickstart script reference
+      href: sap/reference-kickstart.md
+    - name: Container update script reference
+      href: sap/reference-update.md
+    - name: Systemconfig.ini file reference
+      href: sap/reference-systemconfig.md
   - name: Service limits
     href: sentinel-service-limits.md
   - name: Microsoft Sentinel REST-API
@@ -528,5 +528,11 @@
     href: https://azure.microsoft.com/pricing/details/azure-sentinel/
   - name: Feature availability for US Government clouds
     href: ../security/fundamentals/feature-availability.md
+  - name: Build your skills with Microsoft Learn training
+    items: 
+    - name: Microsoft Sentinel training 
+      href: /learn/browse/?expanded=azure&products=azure-sentinel
+    - name: Kusto Query Language (KQL) training 
+      href: /learn/browse/?expanded=azure&terms=kusto%20query%20language
   - name: Archived what's new (older than six months)
     href: whats-new-archive.md