Renamed web-schema

oshezaf · oshezaf · commit 9a8ef924d809 · 2023-01-24T17:49:10.000+02:00
diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
@@ -18384,6 +18384,11 @@
             "redirect_url": "/azure/sentinel/enable-monitoring",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/sentinel/web-normalization-schema.md",
+            "redirect_url": "/azure/sentinel/normalization-schema-web",
+            "redirect_document_id": true
+        },
         {
             "source_path_from_root": "/articles/sentinel/dns-normalization-schema.md",
             "redirect_url": "/azure/sentinel/normalization-schema-dns",
diff --git a/articles/sentinel/TOC.yml b/articles/sentinel/TOC.yml
@@ -576,7 +576,7 @@
         - name: ASIM user management schema
           href: user-management-normalization-schema.md
         - name: ASIM web session schema
-          href: web-normalization-schema.md
+          href: normalization-schema-web.md
         - name: Legacy network normalization schema
           href: normalization-schema-v1.md
   - name: Data collection references
diff --git a/articles/sentinel/normalization-about-parsers.md b/articles/sentinel/normalization-about-parsers.md
@@ -65,7 +65,7 @@ Each schema has a standard set of filtering parameters documented in the relevan
 - [Authentication](authentication-normalization-schema.md)
 - [DNS](normalization-schema-dns.md#filtering-parser-parameters)
 - [Network Session](network-normalization-schema.md#filtering-parser-parameters)
-- [Web Session](web-normalization-schema.md#filtering-parser-parameters)
+- [Web Session](normalization-schema-web.md#filtering-parser-parameters)
 
 Every schema that supports filtering parameters supports at least the `starttime` and `endtime` parameters and using them is often critical for optimizing performance.
 
diff --git a/articles/sentinel/normalization-about-schemas.md b/articles/sentinel/normalization-about-schemas.md
@@ -26,7 +26,7 @@ Schema references outline the fields that comprise each schema. ASIM currently d
 | [Process Event](process-events-normalization-schema.md) | 0.1.4 | Preview |
 | [Registry Event](registry-event-normalization-schema.md) | 0.1.2 | Preview |
 | [User Management](user-management-normalization-schema.md) | 0.1 | Preview |
-| [Web Session](web-normalization-schema.md) | 0.2.5 | Preview |
+| [Web Session](normalization-schema-web.md) | 0.2.5 | Preview |
 
 
 > [!IMPORTANT]
diff --git a/articles/sentinel/normalization-schema-web.md b/articles/sentinel/normalization-schema-web.md
@@ -41,7 +41,7 @@ The most important fields in a Web Session schema are:
 
 - [Url](#url), which reports the url that the client requested from the server.
 - The [SrcIpAddr](network-normalization-schema.md#srcipaddr) (aliased to [IpAddr](network-normalization-schema.md#ipaddr)), which represents the IP address from which the request was generated. 
-- [EventResultDetails](#eventresultdetails) field, which reports the HTTP Status Code.
+- [EventResultDetails](#eventresultdetails) field, which typically reports the HTTP Status Code.
 
 Web Session events may also include [User](network-normalization-schema.md#user) and [Process](process-events-normalization-schema.md) information for the user and process initiating the request. 
 
@@ -119,7 +119,7 @@ The following list mentions fields that have specific guidelines for Web Session
 |---------------------|-------------|------------|--------------------|
 | **EventType** | Mandatory | Enumerated | Describes the operation reported by the record and should be set to `HTTPsession`. |
 | **EventResult** | Mandatory | Enumerated | Describes the event result, normalized to one of the following values: <br> - `Success` <br> - `Partial` <br> - `Failure` <br> - `NA` (not applicable) <br><br>For an HTTP session, `Success` is defined as a status code lower than `400`, and `Failure` is defined as a status code higher than `400`. For a list of HTTP status codes, refer to [W3 Org](https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html).<br><br>The source may provide only a value for the [EventResultDetails](#eventresultdetails)  field, which must be analyzed to get the  **EventResult**  value. |
-| <a name="eventresultdetails"></a>**EventResultDetails** | Mandatory | String | For HTTP sessions, the value should be the HTTP status code. <br><br>**Note**: The value may be provided in the source record using different terms, which should be normalized to these values. The original value should be stored in the **EventOriginalResultDetails** field.|
+| <a name="eventresultdetails"></a>**EventResultDetails** | Recommended | String | The HTTP status code.<br><br>**Note**: The value may be provided in the source record using different terms, which should be normalized to these values. The original value should be stored in the **EventOriginalResultDetails** field.|
 | **EventSchema** | Mandatory | String | The name of the schema documented here is `WebSession`. |
 | **EventSchemaVersion**  | Mandatory   | String     | The version of the schema. The version of the schema documented here is `0.2.5`         |
 | **Dvc** fields|        |      | For Web Session events,  device fields refer to the system reporting the Web Session event.  |
diff --git a/articles/sentinel/normalization.md b/articles/sentinel/normalization.md
@@ -70,7 +70,7 @@ ASIM currently defines the following schemas:
 - [Process Event](process-events-normalization-schema.md)
 - [Registry Event](registry-event-normalization-schema.md)
 - [User Management](user-management-normalization-schema.md)
-- [Web Session](web-normalization-schema.md)
+- [Web Session](normalization-schema-web.md)
 
 For more information, see [ASIM schemas](normalization-about-schemas.md).
 
