MicrosoftDocs
diff --git a/‎articles/sentinel/TOC.yml
Lines changed: 1 addition & 1 deletion b/‎articles/sentinel/TOC.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/sentinel/add-entity-to-threat-intelligence.md
Lines changed: 2 additions & 2 deletions b/‎articles/sentinel/add-entity-to-threat-intelligence.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/sentinel/connect-mdti-data-connector.md
Lines changed: 6 additions & 6 deletions b/‎articles/sentinel/connect-mdti-data-connector.md
Lines changed: 6 additions & 6 deletions
diff --git a/‎articles/sentinel/connect-threat-intelligence-upload-api.md
Lines changed: 1 addition & 1 deletion b/‎articles/sentinel/connect-threat-intelligence-upload-api.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/sentinel/indicators-bulk-file-import.md
Lines changed: 2 additions & 2 deletions b/‎articles/sentinel/indicators-bulk-file-import.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/sentinel/media/connect-threat-intelligence-upload-api/threat-intel-stix-objects-api.png
-19.5 KB b/‎articles/sentinel/media/connect-threat-intelligence-upload-api/threat-intel-stix-objects-api.png
-19.5 KB
diff --git a/‎articles/sentinel/media/connect-threat-intelligence-upload-api/threat-intel-upload-api.png
3.25 KB b/‎articles/sentinel/media/connect-threat-intelligence-upload-api/threat-intel-upload-api.png
3.25 KB
diff --git a/‎articles/sentinel/media/understand-threat-intelligence/advanced-search.png
21.7 KB b/‎articles/sentinel/media/understand-threat-intelligence/advanced-search.png
21.7 KB
diff --git a/‎articles/sentinel/media/understand-threat-intelligence/intel-management-defender-portal.png
117 KB b/‎articles/sentinel/media/understand-threat-intelligence/intel-management-defender-portal.png
117 KB
diff --git a/‎articles/sentinel/media/understand-threat-intelligence/new-object.png
7.99 KB b/‎articles/sentinel/media/understand-threat-intelligence/new-object.png
7.99 KB
@@ -790,7 +790,7 @@
     href: connect-threat-intelligence-taxii.md
   - name: Add threat intelligence in bulk by file
     href: indicators-bulk-file-import.md
-  - name: Work with threat indicators
+  - name: Work with threat intelligence
     href: work-with-threat-indicators.md
   - name: Add entity to threat indicators
     href: add-entity-to-threat-intelligence.md
 
@@ -19,7 +19,7 @@ During an investigation, you examine entities and their context as an important
 
 For example, you might discover an IP address that performs port scans across your network or functions as a command and control node by sending and/or receiving transmissions from large numbers of nodes in your network.
 
-With Microsoft Sentinel, you can flag these types of entities from within your incident investigation and add them to your threat intelligence. You can view the added indicators in **Logs** and **Threat Intelligence** and use them across your Microsoft Sentinel workspace.
+With Microsoft Sentinel, you can flag these types of entities from within your incident investigation and add them to your threat intelligence. You can view the added indicators by querying them or searching for them in the threat intelligence management interface and use them across your Microsoft Sentinel workspace.
 
 ## Add an entity to your threat intelligence
 
@@ -129,7 +129,7 @@ Whichever of the two interfaces you choose, you end up here.
 
 1. When all the fields are filled in to your satisfaction, select **Apply**. A message appears in the upper-right corner to confirm that your indicator was created.
 
-1. The entity is added as a threat indicator in your workspace. You can find it [in the list of indicators on the Threat intelligence page](work-with-threat-indicators.md#find-and-view-your-indicators-on-the-threat-intelligence-page). You can also find it [in the ThreatIntelligenceIndicators table in Logs](work-with-threat-indicators.md#find-and-view-your-indicators-in-logs).
+1. The entity is added as threat intelligence in your workspace. You can find it [in threat intelligence management interface](work-with-threat-indicators.md#view-your-threat-intelligence-in-the-management-interface). You can also query it [using the ThreatIntelligenceIndicators table](work-with-threat-indicators.md#find-and-view-your-indicators-with-queries).
 
 ## Related content
 
 
@@ -13,7 +13,7 @@ appliesto:
 ms.collection: usx-security
 
 
-#Customer intent: As a security administrator, I want to enable the data connector for Microsoft Defender Threat Intelligence so that I can ingest high fidelity indicators of compromise into my Microsoft Sentinel workspace for enhanced threat monitoring and response.
+#Customer intent: As a security administrator, I want to enable the data connector for Microsoft Defender Threat Intelligence so that I can ingest high fidelity threat intelligence into my Microsoft Sentinel workspace for enhanced threat monitoring and response.
 
 ---
 
@@ -23,7 +23,7 @@ Bring public, open-source and high-fidelity indicators of compromise (IOCs) gene
 
 > [!INCLUDE [unified-soc-preview-without-alert](includes/unified-soc-preview-without-alert.md)]
 
-For more information about the benefits of the standard and premium Defender Threat Intelligence data connectors, see [Understand threat intelligence](understand-threat-intelligence.md#add-threat-indicators-to-microsoft-sentinel-with-the-defender-threat-intelligence-data-connector).
+For more information about the benefits of the standard and premium Defender Threat Intelligence data connectors, see [Understand threat intelligence](understand-threat-intelligence.md#add-threat-intelligence-to-microsoft-sentinel-with-the-defender-threat-intelligence-data-connector).
 
 ## Prerequisites
 
@@ -35,7 +35,7 @@ For more information on how to get a premium license and explore all the differe
 
 ## Install the threat intelligence solution in Microsoft Sentinel
 
-To import threat indicators into Microsoft Sentinel from standard and premium Defender Threat Intelligence, follow these steps:
+To import threat intelligence into Microsoft Sentinel from standard and premium Defender Threat Intelligence, follow these steps:
 
 1. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Content management**, select **Content hub**.
 
@@ -59,11 +59,11 @@ For more information about how to manage the solution components, see [Discover
 
     :::image type="content" source="media/connect-mdti-data-connector/premium-connect.png" alt-text="Screenshot that shows the Defender Threat Intelligence Data connector page and the Connect button." lightbox="media/connect-mdti-data-connector/premium-connect.png"::: 
 
-1. When Defender Threat Intelligence indicators start populating the Microsoft Sentinel workspace, the connector status displays **Connected**.
+1. When Defender Threat Intelligence starts populating the Microsoft Sentinel workspace, the connector status displays **Connected**.
 
-At this point, the ingested indicators are now available for use in the `TI map...` analytics rules. For more information, see [Use threat indicators in analytics rules](use-threat-indicators-in-analytics-rules.md). 
+At this point, the ingested intelligence is now available for use in the `TI map...` analytics rules. For more information, see [Use threat indicators in analytics rules](use-threat-indicators-in-analytics-rules.md). 
 
-Find the new indicators on the **Threat intelligence** pane or directly in **Logs** by querying the `ThreatIntelligenceIndicator` table. For more information, see [Work with threat indicators](work-with-threat-indicators.md).
+Find the new intelligence in the management interface or directly in **Logs** by querying the `ThreatIntelligenceIndicator` table. For more information, see [Work with threat intelligence](work-with-threat-indicators.md).
 
 ## Related content
 
 
@@ -20,7 +20,7 @@ Many organizations use threat intelligence platform (TIP) solutions to aggregate
 
 The upload API ingests threat intelligence into Microsoft Sentinel without the need for a data connector. This article describes what you need to connect. For more information on the API details, see the reference document [Microsoft Sentinel upload API](stix-objects-api.md).
 
-:::image type="content" source="media/connect-threat-intelligence-upload-api/threat-intel-stix-objects-api.png" alt-text="Screenshot that shows the threat intelligence import path.":::
+:::image type="content" source="media/connect-threat-intelligence-upload-api/threat-intel-upload-api.png" alt-text="Screenshot that shows the threat intelligence import path.":::
 
 For more information about threat intelligence, see [Threat intelligence](understand-threat-intelligence.md).
 
 
@@ -69,7 +69,7 @@ The templates provide all the fields you need to create a single valid indicator
 
 1. Drag your bulk threat intelligence file to the **Upload a file** section, or browse for the file by using the link.
 
-1. Enter a source for the threat intelligence in the **Source** text box. This value is stamped on all the indicators included in that file. View this property as the `SourceSystem` field. The source is also displayed in the **Manage file imports** pane. For more information, see [Work with threat indicators](work-with-threat-indicators.md#find-and-view-your-indicators-in-logs). 
+1. Enter a source for the threat intelligence in the **Source** text box. This value is stamped on all the indicators included in that file. View this property as the `SourceSystem` field. The source is also displayed in the **Manage file imports** pane. For more information, see [Work with threat indicators](work-with-threat-indicators.md#find-and-view-your-indicators-with-queries). 
 
 1. Choose how you want Microsoft Sentinel to handle invalid entries by selecting one of the buttons at the bottom of the **Import using a file** pane:
 
@@ -153,7 +153,7 @@ Here's an example `ipv4-addr` indicator and `attack-pattern` using the JSON file
       "name": "Sample IPv4 indicator",
       "description": "This indicator implements an observation expression.",
       "indicator_types": [
-	    "anonymization",
+        "anonymization",
         "malicious-activity"
       ],
       "kill_chain_phases": [