Merge branch 'cust-intents-austin' of https://github.com/batamig/azure-docs-pr into cust-intents-austin

batamig · batamig · commit 9b954dd2dfa5 · 2024-10-13T16:00:36.000+03:00
diff --git a/articles/sentinel/billing.md b/articles/sentinel/billing.md
@@ -11,7 +11,6 @@ ms.collection: usx-security
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
-#Customer intent: As a SOC manager, plan Microsoft Sentinel costs so I can understand and optimize the costs of my SIEM.
 
 
 #Customer intent: As a financial planner for cloud security solutions, I want to understand Microsoft Sentinel's pricing and billing models so that I can optimize costs and accurately forecast expenses.
diff --git a/articles/sentinel/ci-cd-custom-content.md b/articles/sentinel/ci-cd-custom-content.md
@@ -8,10 +8,9 @@ ms.service: microsoft-sentinel
 ms.topic: conceptual
 ms.date: 8/24/2022
 ms.custom: template-concept
-#Customer intent: As a SOC collaborator or MSSP analyst, I want to manage dynamic Sentinel workspace content based on source control repositories for continuous integration and continuous delivery (CI/CD). Specifically as an MSSP content manager, I want to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
 
 
-#Customer intent: As a security operations engineer, I want to manage and deploy Microsoft Sentinel content as code using CI/CD pipelines so that I can automate updates and ensure consistent configurations across workspaces.
+#Customer intent: As a SOC collaborator or MSSP analyst, I want to manage dynamic Microsoft Sentinel content as code based on source control repositories using CI/CD pipelines so that I can automate updates and ensure consistent configurations across workspaces. As an MSSP content manager, I want to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
 
 ---
 
diff --git a/articles/sentinel/ci-cd-custom-deploy.md b/articles/sentinel/ci-cd-custom-deploy.md
@@ -6,10 +6,9 @@ author: austinmccollum
 ms.topic: how-to
 ms.date: 3/13/2024
 ms.author: austinmc
-#Customer intent: As a SOC collaborator or MSSP analyst, I want to know how to optimize my source control repositories for continuous integration and continuous delivery (CI/CD). Specifically as an MSSP content manager, I want to know how to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
 
 
-#Customer intent: As a DevOps engineer, I want to customize repository deployment workflows and pipelines so that I can control deployment triggers, paths, and parameter mappings for efficient and tailored content deployment to cloud workspaces.
+#Customer intent: As a SOC collaborator or MSSP analyst, I want to customize repository deployment workflows and pipelines so that I can control deployment triggers, paths, and parameter mappings for efficient and tailored content deployment to cloud workspaces.
 
 ---
 
diff --git a/articles/sentinel/ci-cd.md b/articles/sentinel/ci-cd.md
@@ -10,10 +10,9 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As a SOC collaborator or MSSP analyst, I want to know how to connect my source control repositories for continuous integration and continuous delivery (CI/CD). Specifically as an MSSP content manager, I want to know how to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
 
 
-#Customer intent: As a security operations analyst, I want to deploy and manage custom content from my source control repository to my SIEM platform so that I can streamline updates and maintain consistency across my security monitoring environment.
+#Customer intent: As a security administrator or MSSP analyst, I want to manage dynamic Microsoft Sentinel content as code based on source control repositories using CI/CD pipelines. I want to automate updates and ensure consistent configurations across workspaces in my security monitoring environment. As an MSSP content manager, I want to deploy one solution to many customer workspaces and still be able to tailor custom content for their environments.
 
 ---
 
diff --git a/articles/sentinel/connect-mdti-data-connector.md b/articles/sentinel/connect-mdti-data-connector.md
@@ -11,7 +11,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As an SOC admin, I want to use the best threat intelligence from Microsoft so that I can generate high-fidelity alerts and incidents.
+
+
+#Customer intent: As a security administrator, I want to enable the data connector for Microsoft Defender Threat Intelligence so that I can ingest high fidelity indicators of compromise into my Microsoft Sentinel workspace for enhanced threat monitoring and response.
+
 ---
 
 # Enable data connector for Microsoft Defender Threat Intelligence
diff --git a/articles/sentinel/connect-threat-intelligence-taxii.md b/articles/sentinel/connect-threat-intelligence-taxii.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As an SOC admin, I want to connect Microsoft Sentinel to a STIX/TAXII feed to ingest threat intelligence so that I can generate alert incidents.
+
+
+#Customer intent: As a security admin, I want to integrate STIX/TAXII feeds into Microsoft Sentinel to ingest threat intelligence, generating alerts and incidents to enhance threat detection and response capabilities.
+
 ---
 
 # Connect Microsoft Sentinel to STIX/TAXII threat intelligence feeds
diff --git a/articles/sentinel/connect-threat-intelligence-tip.md b/articles/sentinel/connect-threat-intelligence-tip.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As an SOC admin, I want to use a threat intelligence platform solution to ingest threat intelligence so that I can generate alerts incidents.
+
+
+#Customer intent: As a security admin, I want to integrate my threat intelligence platform with Microsoft Sentinel to ingest threat intelligence, generating alerts and incidents so that I can centralize and enhance threat detection and response.
+
 ---
 
 # Connect your threat intelligence platform to Microsoft Sentinel
diff --git a/articles/sentinel/connect-threat-intelligence-upload-api.md b/articles/sentinel/connect-threat-intelligence-upload-api.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As a security engineer, I want to connect a threat intelligence platform with the Upload Indicators API to ingest threat intelligence that so I can use the benefits of this updated API.
+
+
+#Customer intent: As a security admin, I want to connect my threat intelligence platform with Microsoft Sentinel using the appropriate API so that I can centralize and enhance threat detection and response capabilities.
+
 ---
 
 # Connect your threat intelligence platform to Microsoft Sentinel with the Upload Indicators API
diff --git a/articles/sentinel/create-codeless-connector.md b/articles/sentinel/create-codeless-connector.md
@@ -7,7 +7,7 @@ ms.topic: how-to
 ms.date: 09/26/2024
 
 
-#Customer intent: As a security analyst, I want to create custom data connectors for my SIEM platform so that I can ingest and analyze data from various sources without writing code.
+#Customer intent: As a security engineer, I want to create custom data connectors for Microsoft Sentinel so that I can ingest and analyze data from various sources without writing code.
 
 ---
 # Create a codeless connector for Microsoft Sentinel
diff --git a/articles/sentinel/data-connector-connection-rules-reference.md b/articles/sentinel/data-connector-connection-rules-reference.md
@@ -10,7 +10,7 @@ ms.author: austinmc
 
 
 
-#Customer intent: As a security engineer, I want to create and configure data connectors using the Codeless Connector Platform so that I can integrate various data sources into my security monitoring system without writing custom code.
+#Customer intent: As a security engineer, I want to reference paging, authentication and payload options to create and configure RestApiPoller data connectors using the Codeless Connector Platform so that I can integrate a specific data source into Microsoft Sentinel without writing custom code.
 
 ---
 
diff --git a/articles/sentinel/data-connector-ui-definitions-reference.md b/articles/sentinel/data-connector-ui-definitions-reference.md
@@ -10,7 +10,7 @@ ms.author: austinmc
 
 
 
-#Customer intent: As a developer, I want to create and customize data connectors using a codeless platform so that I can integrate various data sources into my monitoring and analytics environment efficiently.
+#Customer intent: As a developer, I want to reference user interface options to create and customize data connectors using a codeless platform so that I can integrate various data sources into Microsoft Sentinel without writing custom code.
 
 ---
 
diff --git a/articles/sentinel/enroll-simplified-pricing-tier.md b/articles/sentinel/enroll-simplified-pricing-tier.md
@@ -5,10 +5,9 @@ author: austinmccollum
 ms.topic: how-to
 ms.date: 04/25/2024
 ms.author: austinmc
-#customerintent: As a SOC administrator or a billing specialist, I want to know how to switch to simplified pricing and whether it will benefit us financially or simplify our administration of Microsoft Sentinel and log analytics workspaces.
 
 
-#Customer intent: As a cloud administrator, I want to switch to simplified pricing tiers for Microsoft Sentinel so that I can streamline billing and potentially reduce costs.
+#Customer intent: As a billing administrator, I want to switch to simplified pricing tiers for Microsoft Sentinel so that I can streamline billing and potentially reduce costs.
 
 ---
 
diff --git a/articles/sentinel/hunts-custom-queries.md b/articles/sentinel/hunts-custom-queries.md
@@ -12,7 +12,7 @@ appliesto:
 ms.collection: usx-security
 
 
-#Customer intent: As a security analyst, I want to create and edit custom hunting queries in my SIEM platform so that I can proactively identify and mitigate security threats specific to my organization's environment.
+#Customer intent: As a security analyst, I want to create and edit custom hunting queries so that I can proactively identify and mitigate security threats specific to my organization's environment.
 
 ---
 
diff --git a/articles/sentinel/hunts.md b/articles/sentinel/hunts.md
@@ -12,7 +12,7 @@ appliesto:
 ms.collection: usx-security
 
 
-#Customer intent: As a security analyst, I want to conduct end-to-end proactive threat hunting so that I can identify and mitigate undetected threats and malicious behaviors in my environment.
+#Customer intent: As a security analyst, I want to conduct end-to-end threat hunting so that I can identify and mitigate undetected threats and malicious behaviors in my environment while managing all components of the hunting process.
 
 ---
 
diff --git a/articles/sentinel/indicators-bulk-file-import.md b/articles/sentinel/indicators-bulk-file-import.md
@@ -11,7 +11,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As a security analyst, I want to bulk import indicators from common file types to my threat intelligence so that I can more effectively share TI during an investigation.
+
+
+#Customer intent: As a security analyst, I want to import threat indicators in bulk from CSV or JSON files so that I can quickly integrate and analyze emerging threats within my threat intelligence platform.
+
 ---
 
 # Add indicators in bulk to Microsoft Sentinel threat intelligence from a CSV or JSON file
diff --git a/articles/sentinel/mitre-coverage.md b/articles/sentinel/mitre-coverage.md
@@ -7,7 +7,7 @@ ms.date: 12/21/2021
 ms.author: austinmc
 
 
-#Customer intent: As a security analyst, I want to use the MITRE ATT&CK framework in my SIEM tool so that I can assess and enhance my organization's threat detection and response capabilities.
+#Customer intent: As a security analyst, I want to use the MITRE ATT&CK framework in Microsoft Sentinel so that I can assess and enhance my organization's threat detection and response capabilities.
 
 ---
 
diff --git a/articles/sentinel/notebook-get-started.md b/articles/sentinel/notebook-get-started.md
@@ -11,7 +11,7 @@ appliesto:
 ms.collection: usx-security
 
 
-#Customer intent: As a cybersecurity analyst, I want to use Jupyter notebooks with MSTICPy in Microsoft Sentinel so that I can efficiently perform threat hunting and data analysis with minimal coding.
+#Customer intent: As a security analyst, I want to use Jupyter notebooks with MSTICPy in Microsoft Sentinel so that I can efficiently perform threat hunting and data analysis with minimal coding.
 
 ---
 
diff --git a/articles/sentinel/search-jobs.md b/articles/sentinel/search-jobs.md
@@ -11,7 +11,7 @@ appliesto:
 ms.collection: usx-security
 
 
-#Customer intent: As a security analyst, I want to search and analyze historical log data across large datasets so that I can investigate and identify specific events from up to seven years ago.
+#Customer intent: As a security analyst, I want to search and analyze historical log data across large datasets so that I can investigate and identify specific events.
 
 ---
 
diff --git a/articles/sentinel/sentinel-content-centralize.md b/articles/sentinel/sentinel-content-centralize.md
@@ -6,10 +6,9 @@ author: austinmccollum
 ms.topic: conceptual
 ms.date: 06/22/2023
 ms.author: austinmc
-#Customer intent: As a SIEM decision maker or implementer, I want to know about changes to out-of-the-box content, and how to centralize the management, discovery, and inventory of content in Microsoft Sentinel.
 
 
-#Customer intent: As a security operations center (SOC) analyst, I want to centralize and update out-of-the-box (OOTB) content in Microsoft Sentinel so that I can ensure all security tools and templates are current and managed efficiently.
+#Customer intent: As a security operations center (SOC) admin, I want to centralize and update out-of-the-box (OOTB) content in Microsoft Sentinel so that I can ensure all security tools and templates are current and centrally manage content efficiently.
 
 ---
 
diff --git a/articles/sentinel/sentinel-security-copilot.md b/articles/sentinel/sentinel-security-copilot.md
@@ -14,10 +14,9 @@ appliesto:
     - Microsoft Sentinel
     - Copilot for Security
 ms.date: 07/04/2024
-#Customer intent: As a SOC administer or analyst, understand how to use Microsoft Sentinel data with Copilot for Security.
 
 
-#Customer intent: As a security analyst, I want to integrate Microsoft Sentinel with Copilot for Security so that I can efficiently investigate incidents and generate advanced hunting queries.
+#Customer intent: As a security analyst, I want to integrate Copilot for Security with Microsoft Sentinel data so that I can investigate incidents and generate advanced hunting queries at machine speed and scale.
 
 ---
 
diff --git a/articles/sentinel/sentinel-solution.md b/articles/sentinel/sentinel-solution.md
@@ -9,7 +9,7 @@ ms.collection:
   -       zerotrust-services
 
 
-#Customer intent: As a security governance professional, I want to monitor and respond to Zero Trust (TIC 3.0) requirements using automated tools, so that I can ensure compliance and improve our security posture.
+#Customer intent: As a security analyst, I want to monitor and respond to Zero Trust (TIC 3.0) requirements using automated tools, so that I can ensure compliance and improve our security posture.
 
 ---
 
diff --git a/articles/sentinel/sentinel-solutions-deploy.md b/articles/sentinel/sentinel-solutions-deploy.md
@@ -10,7 +10,7 @@ appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal.
 
 
-#Customer intent: As a security operations analyst, I want to discover, install, and manage out-of-the-box content in a centralized hub so that I can efficiently enhance and maintain my security monitoring capabilities.
+#Customer intent: As a security operations administrator, I want to discover, install, and centrally manage out-of-the-box content so that I can efficiently enhance and maintain my security monitoring capabilities.
 
 ---
 
diff --git a/articles/sentinel/siem-migration.md b/articles/sentinel/siem-migration.md
@@ -8,11 +8,9 @@ ms.date: 9/23/2024
 ms.author: austinmc
 appliesto: 
 - Microsoft Sentinel in the Azure portal
-- Microsoft Sentinel in the Defender portal
-#customer intent: As an SOC administrator, I want to use the SIEM migration experience so I can migrate to Microsoft Sentinel.
+#Customer intent: As an security operations administrator, I want to use the SIEM migration experience so I can streamline a migration to Microsoft Sentinel to enhance my security monitoring capabilities.
 
 
-#Customer intent: As a security operations manager, I want to migrate my SIEM from Splunk to Microsoft Sentinel so that I can streamline and enhance my security monitoring capabilities.
 
 ---
 
diff --git a/articles/sentinel/threat-intelligence-integration.md b/articles/sentinel/threat-intelligence-integration.md
@@ -11,7 +11,7 @@ appliesto:
 ms.collection: usx-security
 
 
-#Customer intent: As a security analyst, I want to integrate various threat intelligence feeds into my SIEM platform so that I can enhance threat detection, investigation, and response capabilities.
+#Customer intent: As a security analyst, I want to integrate various threat intelligence feeds into Microsoft Sentinel so that I can enhance threat detection, investigation, and response capabilities.
 
 ---
 
diff --git a/articles/sentinel/understand-threat-intelligence.md b/articles/sentinel/understand-threat-intelligence.md
@@ -12,7 +12,7 @@ appliesto:
 ms.collection: usx-security
 
 
-#Customer intent: As a security analyst, I want to integrate and manage threat intelligence in my SIEM solution so that I can detect, investigate, and respond to potential security threats effectively.
+#Customer intent: As a security analyst, I want to integrate threat intelligence into Microsoft Sentinel so that I can detect, investigate, and respond to potential security threats effectively.
 
 ---
 
diff --git a/articles/sentinel/upload-indicators-api.md b/articles/sentinel/upload-indicators-api.md
@@ -8,7 +8,7 @@ ms.date: 05/23/2023
 ms.author: austinmc
 
 
-#Customer intent: As a security analyst, I want to use the upload indicators API to import threat intelligence data into my SIEM system so that I can enhance threat detection and response capabilities.
+#Customer intent: As a security analyst, I want to use the upload indicators API reference to customize the threat intelligence data from my source into Microsoft Sentinel.
 
 ---
 
diff --git a/articles/sentinel/use-matching-analytics-to-detect-threats.md b/articles/sentinel/use-matching-analytics-to-detect-threats.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As an SOC analyst, I want to match my security data with Microsoft threat intelligence so that I can generate high-fidelity alerts and incidents.
+
+
+#Customer intent: As a security operations analyst, I want to match my security data with Microsoft threat intelligence so I can generate high fidelity alerts and incidents.
+
 ---
 
 # Use matching analytics to detect threats
diff --git a/articles/sentinel/use-threat-indicators-in-analytics-rules.md b/articles/sentinel/use-threat-indicators-in-analytics-rules.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As an SOC analyst, I want to connect the threat intelligence available to analytics rules so that I can generate alerts and incidents.
+
+
+#Customer intent: As a security analyst, I want to configure analytics rules using threat indicators so that I can automatically generate and investigate security alerts based on integrated threat intelligence from various data sources.
+
 ---
 
 # Use threat indicators in analytics rules
diff --git a/articles/sentinel/work-with-threat-indicators.md b/articles/sentinel/work-with-threat-indicators.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As a security analyst, I want to use threat intelligence so that I can power my threat detections.
+
+
+#Customer intent: As a security analyst, I want to use threat intelligence in Microsoft Sentinel so that I can detect and respond to security threats more effectively.
+
 ---
 
 # Work with threat indicators in Microsoft Sentinel

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ ms.author: austinmc`
`10`	`10`
`11`	`11`
`12`	`12`
`13`		`-#Customer intent: As a security engineer, I want to create and configure data connectors using the Codeless Connector Platform so that I can integrate various data sources into my security monitoring system without writing custom code.`
	`13`	`+#Customer intent: As a security engineer, I want to reference paging, authentication and payload options to create and configure RestApiPoller data connectors using the Codeless Connector Platform so that I can integrate a specific data source into Microsoft Sentinel without writing custom code.`
`14`	`14`
`15`	`15`	`---`
`16`	`16`