Merge pull request #285494 from batamig/cust-intents-cat-ii

Stacyrch140 · web-flow · commit 9e2976c3a498 · 2024-10-13T17:53:37.000-04:00
Adding customer intents - Cat's files no data connectors - needs Cat's review
diff --git a/articles/sentinel/basic-logs-use-cases.md b/articles/sentinel/basic-logs-use-cases.md
@@ -9,6 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to ingest high-volume, verbose logs into a cost-effective storage solution so that I can enhance my threat hunting and incident investigation capabilities.
+
 ---
 # Log sources to use for Auxiliary Logs ingestion
 
diff --git a/articles/sentinel/best-practices.md b/articles/sentinel/best-practices.md
@@ -5,6 +5,10 @@ author: cwatson-cat
 ms.author: cwatson
 ms.topic: conceptual
 ms.date: 06/28/2024
+
+
+#Customer intent: As a security operations center (SOC) analyst, I want to implement best practices for deploying and managing a cloud-based SIEM solution so that I can enhance threat detection, incident response, and overall security posture.
+
 ---
 
 # Best practices for Microsoft Sentinel
diff --git a/articles/sentinel/billing-monitor-costs.md b/articles/sentinel/billing-monitor-costs.md
@@ -10,6 +10,10 @@ ms.collection: usx-security
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
+
+
+#Customer intent: As a cloud administrator, I want to manage and monitor costs for Microsoft Sentinel so that I can optimize spending and prevent budget overruns.
+
 ---
 
 # Manage and monitor costs for Microsoft Sentinel
diff --git a/articles/sentinel/billing-reduce-costs.md b/articles/sentinel/billing-reduce-costs.md
@@ -10,6 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a cloud security administrator, I want to optimize the cost of using Microsoft Sentinel so that I can manage my organization's security operations within budget constraints.
+
 ---
 
 # Reduce costs for Microsoft Sentinel
diff --git a/articles/sentinel/configure-data-connector.md b/articles/sentinel/configure-data-connector.md
@@ -9,7 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As a security architect or SOC analyst, I want to connect my data source so that I can ingest data into Microsoft Sentinel for security monitoring and threat protection.
+
+
+#Customer intent: As a security analyst, I want to install and configure data connectors in my SIEM platform so that I can ingest and analyze data from various sources for threat detection and response.
+
 ---
 
 # Connect your data sources to Microsoft Sentinel by using data connectors
diff --git a/articles/sentinel/configure-data-retention.md b/articles/sentinel/configure-data-retention.md
@@ -7,7 +7,10 @@ ms.service: microsoft-sentinel
 ms.topic: tutorial 
 ms.date: 01/05/2023
 ms.custom: template-tutorial
-#Customer intent: As an Azure account administrator, I want to archive older but less used data to save retention costs.
+
+
+#Customer intent: As a system administrator, I want to configure data retention policies for tables in a Log Analytics workspace so that I can manage Microsoft Sentinel storage costs and ensure compliance with data retention requirements.
+
 ---
 
 # Tutorial: Configure a data retention policy for a table in a Log Analytics workspace
diff --git a/articles/sentinel/data-connectors-reference.md b/articles/sentinel/data-connectors-reference.md
@@ -10,6 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to find and deploy the appropriate data connectors for Microsoft Sentinel so that I can integrate and monitor various security data sources effectively.
+
 ---
 
 # Find your Microsoft Sentinel data connector
diff --git a/articles/sentinel/deploy-overview.md b/articles/sentinel/deploy-overview.md
@@ -6,6 +6,10 @@ ms.author: cwatson
 ms.topic: conceptual
 ms.date: 06/28/2024
 ms.service: microsoft-sentinel
+
+
+#Customer intent: As a SOC architect, I want to deploy Microsoft Sentinel so that I can effectively monitor, detect, and respond to security threats across my organization.
+
 ---
 
 # Deployment guide for Microsoft Sentinel
diff --git a/articles/sentinel/domain-based-essential-solutions.md b/articles/sentinel/domain-based-essential-solutions.md
@@ -9,7 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal.
 ms.collection: usx-security
-#Customer intent: As a security engineer, I want to learn how I can minimize the amount of solution content I have to deploy and manage by using Microsoft essential solutions for Microsoft Sentinel.
+
+
+#Customer intent: As a security analyst, I want to use ASIM-based domain solutions in Microsoft Sentinel so that I can efficiently normalize and analyze security data across multiple products and reduce alert fatigue.
+
 ---
 
 # Advanced Security Information Model (ASIM) based domain solutions for Microsoft Sentinel (preview)
diff --git a/articles/sentinel/enable-sentinel-features-content.md b/articles/sentinel/enable-sentinel-features-content.md
@@ -5,7 +5,10 @@ author: cwatson-cat
 ms.topic: how-to
 ms.date: 06/18/2024
 ms.author: cwatson
-#Customer intent: As a SOC analyst, I want to enable the Microsoft Sentinel service and the key features and content, so I can get started with my deployment.
+
+
+#Customer intent: As a security operations analyst, I want to enable and configure Microsoft Sentinel and its key features so that I can monitor and secure my organization's environment effectively.
+
 ---
 
 # Enable Microsoft Sentinel and initial features and content
diff --git a/articles/sentinel/forward-syslog-monitor-agent.md b/articles/sentinel/forward-syslog-monitor-agent.md
@@ -7,7 +7,10 @@ ms.service: microsoft-sentinel
 ms.topic: tutorial
 ms.date: 05/16/2024
 ms.custom: template-tutorial, linux-related-content
-#Customer intent: As a security engineer, I want to get Syslog data into Microsoft Sentinel so that I can do attack detection, threat visibility, proactive hunting, and threat response. As an IT administrator, I want to get Syslog data into my Log Analytics workspace to monitor my Linux-based devices.
+
+
+#Customer intent: As a security engineer or system administrator, I want to forward Syslog data from Linux-based devices to a Log Analytics workspace so that I can detect attacks, view, hunt, and respond to threats, or monitor my Linux-based devices.
+
 ---
 
 # Tutorial: Forward Syslog data to a Log Analytics workspace with Microsoft Sentinel by using Azure Monitor Agent
diff --git a/articles/sentinel/investigate-large-datasets.md b/articles/sentinel/investigate-large-datasets.md
@@ -9,6 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to search and restore archived log data so that I can conduct thorough investigations on historical events.
+
 ---
 
 # Start an investigation by searching for events in large datasets
diff --git a/articles/sentinel/microsoft-sentinel-defender-portal.md b/articles/sentinel/microsoft-sentinel-defender-portal.md
@@ -8,6 +8,10 @@ ms.date: 08/16/2024
 appliesto: 
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security operations analyst, I want to understand the integration of Microsoft Sentinel within the Microsoft Defender portal so that I can effectively navigate and utilize the new and improved security capabilities.
+
 ---
 
 # Microsoft Sentinel in the Microsoft Defender portal
diff --git a/articles/sentinel/migration-convert-dashboards.md b/articles/sentinel/migration-convert-dashboards.md
@@ -8,6 +8,10 @@ ms.date: 06/12/2024
 appliesto:
 - Microsoft Sentinel in the Azure portal and the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to convert my SIEM dashboards to Azure Workbooks so that I can use advanced visualization and interactivity features in Microsoft Sentinel.
+
 ---
 
 # Convert dashboards to Azure Workbooks 
diff --git a/articles/sentinel/migration-track.md b/articles/sentinel/migration-track.md
@@ -8,6 +8,10 @@ ms.date: 06/14/2024
 appliesto:
 - Microsoft Sentinel in the Azure portal and the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security operations center (SOC) manager, I want to manage the migration to Microsoft Sentinel so that I can ensure a smooth transition and maintain security monitoring effectiveness.
+
 ---
 
 # Track your Microsoft Sentinel migration with a workbook
diff --git a/articles/sentinel/notebooks-hunt.md b/articles/sentinel/notebooks-hunt.md
@@ -10,6 +10,9 @@ appliesto:
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
 #Customer intent: As a security analyst, I want to deploy and launch a Jupyter notebook to hunt for security threats.
+
+
+
 ---
 
 # Hunt for security threats with Jupyter notebooks
diff --git a/articles/sentinel/notebooks.md b/articles/sentinel/notebooks.md
@@ -10,6 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to understand the capabilities of Jupyter notebooks so that I can decide if they'll enhance my threat hunting and investigation processes.
+
 ---
 
 # Jupyter notebooks with Microsoft Sentinel hunting capabilities
diff --git a/articles/sentinel/offboard.md b/articles/sentinel/offboard.md
@@ -5,6 +5,10 @@ author: cwatson-cat
 ms.topic: how-to
 ms.date: 03/06/2024
 ms.author: cwatson
+
+
+#Customer intent: As an IT admin, I want to remove Microsoft Sentinel from my Log Analytics workspace so that I can discontinue its use and manage associated costs and configurations.
+
 ---
 
 # Remove Microsoft Sentinel from your workspace
diff --git a/articles/sentinel/overview.md b/articles/sentinel/overview.md
@@ -6,7 +6,10 @@ ms.author: cwatson
 ms.topic: overview
 ms.service: microsoft-sentinel
 ms.date: 05/13/2024
-#customer intent: As a business decision maker, I want to understand what Microsoft Sentinel offers to determine whether the service meets my organization's requirements.
+
+
+#CustomerIntent: As a business decision maker, I want to understand what Microsoft Sentinel offers so that I can determine whether the service meets my organization's requirements.
+
 ---
 
 # What is Microsoft Sentinel?
diff --git a/articles/sentinel/prerequisites.md b/articles/sentinel/prerequisites.md
@@ -5,6 +5,10 @@ author: cwatson
 ms.author: cwatson
 ms.topic: conceptual
 ms.date: 03/05/2024
+
+
+#Customer intent: As a security administrator, I want to understand the prerequisites for deploying Microsoft Sentinel so that I can ensure my environment is properly configured and compliant.
+
 ---
 
 # Prerequisites to deploy Microsoft Sentinel
diff --git a/articles/sentinel/restore.md b/articles/sentinel/restore.md
@@ -9,6 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to restore archived log data so that I can perform high-performance queries and analytics on historical data.
+
 ---
 
 # Restore archived logs from search
diff --git a/articles/sentinel/sentinel-solutions-catalog.md b/articles/sentinel/sentinel-solutions-catalog.md
@@ -8,6 +8,10 @@ ms.author: cwatson
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal.
+
+
+#Customer intent: As a security operations analyst, I want to deploy domain-specific security solutions in Microsoft Sentinel so that I can enhance threat detection and compliance capabilities efficiently.
+
 ---
 
 # Microsoft Sentinel content hub catalog
diff --git a/articles/sentinel/sentinel-solutions-delete.md b/articles/sentinel/sentinel-solutions-delete.md
@@ -8,6 +8,10 @@ ms.author: cwatson
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal.
+
+
+#Customer intent: As a security operations center (SOC) analyst, I want to delete Microsoft Sentinel out-of-the-box content and solutions so that I can manage and customize my security monitoring environment effectively.
+
 ---
 
 # Delete installed Microsoft Sentinel out-of-the-box content and solutions
diff --git a/articles/sentinel/sentinel-solutions.md b/articles/sentinel/sentinel-solutions.md
@@ -8,6 +8,10 @@ ms.author: cwatson
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal.
+
+
+#Customer intent: As a security operations center (SOC) analyst, I want to understand the types of SIEM content and solutions available so that I can determine whether Microsoft Sentinel meets my organization's requirements.
+
 ---
 
 # About Microsoft Sentinel content and solutions
diff --git a/articles/sentinel/unified-connector-cef-device.md b/articles/sentinel/unified-connector-cef-device.md
@@ -6,6 +6,10 @@ ms.author: cwatson
 ms.topic: reference
 ms.custom: linux-related-content
 ms.date: 06/27/2024
+
+
+#Customer intent: As a security administrator, I want to configure various security appliances to forward syslog messages in CEF format to Microsoft Sentinel, so that I can ensure comprehensive security event management and analysis.
+
 ---
 
 #  CEF via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion
diff --git a/articles/sentinel/unified-connector-syslog-device.md b/articles/sentinel/unified-connector-syslog-device.md
@@ -6,6 +6,10 @@ ms.author: cwatson
 ms.topic: reference
 ms.custom: linux-related-content
 ms.date: 06/27/2024
+
+
+#Customer intent: As a security administrator, I want to configure various security appliances and devices to forward logs via Syslog to Microsoft Sentinel so that I can ensure comprehensive security event monitoring and analysis.
+
 ---
 
 # Syslog via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion
diff --git a/articles/sentinel/watchlist-schemas.md b/articles/sentinel/watchlist-schemas.md
@@ -5,6 +5,10 @@ author: cwatson-cat
 ms.author: cwatson
 ms.topic: reference
 ms.date: 12/15/2023
+
+
+#Customer intent: As a security analyst, I want to understand the schema of built-in watchlist templates in Microsoft Sentinel so that I can effectively manage and monitor high-value assets, VIP users, and service accounts.
+
 ---
 
 # Microsoft Sentinel built-in watchlist template schemas (preview)
diff --git a/articles/sentinel/watchlists-create.md b/articles/sentinel/watchlists-create.md
@@ -10,7 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As a SOC analyst, I want to correlate data from meaningful data sources I provide with events so I can watch for more relationships with better visibility.
+
+
+#Customer intent: As a security analyst, I want to manage watchlists in my SIEM platform so that I can correlate critical data with security events and enhance threat detection.
+
 ---
 
 # Create watchlists in Microsoft Sentinel
diff --git a/articles/sentinel/watchlists-manage.md b/articles/sentinel/watchlists-manage.md
@@ -9,7 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As a security analyst, I want to edit or bulk edit my watchlists so I can keep them up to date.
+
+
+#Customer intent: As a security analyst, I want to manage Microsoft Sentinel watchlists so that I can efficiently monitor and respond to potential threats.
+
 ---
 
 # Manage watchlists in Microsoft Sentinel
diff --git a/articles/sentinel/watchlists-queries.md b/articles/sentinel/watchlists-queries.md
@@ -9,7 +9,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#Customer intent: As a SOC analyst, I want to incorporate my watchlists with advanced hunting or detection rules so I can use data I provide in meaningful ways for my security monitoring.
+
+
+#Customer intent: As a security analyst, I want to use watchlists in my queries and detection rules so that I can efficiently correlate and analyze data to detect potential threats.
+
 ---
 
 # Build queries or detection rules with watchlists in Microsoft Sentinel
diff --git a/articles/sentinel/watchlists.md b/articles/sentinel/watchlists.md
@@ -10,6 +10,10 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
+
+
+#Customer intent: As a security analyst, I want to understand how to use watchlists in Microsoft Sentinel so that I can efficiently correlate and enrich event data, reduce alert fatigue, and quickly respond to threats.
+
 ---
 
 # Watchlists in Microsoft Sentinel
