rewording and reordering

Shereen-Bhar · Shereen-Bhar · commit c3d5f0649e53 · 2022-12-04T11:01:18.000+02:00
diff --git a/articles/defender-for-iot/organizations/how-to-activate-and-set-up-your-sensor.md b/articles/defender-for-iot/organizations/how-to-activate-and-set-up-your-sensor.md
@@ -242,7 +242,7 @@ You can access console tools from the side menu.  Tools help you:
 | Data mining | Generate comprehensive and granular information about your network's devices at various layers. For more information, see [Sensor data mining queries](how-to-create-data-mining-queries.md).|
 | Trends and Statistics |  View trends and statistics about an extensive range of network traffic and activity.  As a small example, display charts and graphs showing top traffic by port, connectivity drops by hours, S7 traffic by control function, number of devices per VLAN, SRTP errors by day, or Modbus traffic by function. For more information, see [Sensor trends and statistics reports](how-to-create-trends-and-statistics-reports.md).
 | Risk Assessment | Proactively address vulnerabilities,  identify risks such as missing patches or unauthorized applications. Detect changes to device configurations, controller logic, and firmware. Prioritize fixes based on risk scoring and automated threat modeling.  For more information, see [Risk assessment reporting](how-to-create-risk-assessment-reports.md#create-risk-assessment-reports).|
-| Attack Vector |  Display a graphical representation of a vulnerability chain of exploitable devices. These vulnerabilities can give an attacker access to key network devices. The Attack Vector Simulator calculates attack vectors in real time and analyzes all attack vectors for a specific target. For more information, see [Attack vector reporting](how-to-create-attack-vector-reports.md#attack-vector-reporting).|
+| Attack Vector |  Display a graphical representation of a vulnerability chain of exploitable devices. These vulnerabilities can give an attacker access to key network devices. The Attack Vector Simulator calculates attack vectors in real time and analyzes all attack vectors for a specific target. For more information, see [Attack vector reporting](how-to-create-attack-vector-reports.md#create-attack-vector-reports).|
 
 ### Manage
 
diff --git a/articles/defender-for-iot/organizations/how-to-create-attack-vector-reports.md b/articles/defender-for-iot/organizations/how-to-create-attack-vector-reports.md
@@ -48,6 +48,6 @@ You can use the report that is saved from the Attack vector page to review:
 
 ## Next steps
 
-Working with the attack vector lets you evaluate the effect of mitigation activities in the attack sequence. You can now determine, for example, if a system upgrade disrupts the attacker's path by breaking the attack chain, or if an alternate attack path remains. This information helps you prioritize remediation and mitigation activities. 
+Working with the attack vector lets you evaluate the effect of mitigation activities in the attack sequence. You can now determine, for example, if a system upgrade disrupts the attacker's path by breaking the attack chain, or if an alternate attack path remains. This information helps you prioritize remediation and mitigation activities.
 
-For more information, see [fill this in](not-sure-yet.md).
+For more information, see [fill this in](not-sure-yet).
diff --git a/articles/defender-for-iot/organizations/how-to-create-data-mining-queries.md b/articles/defender-for-iot/organizations/how-to-create-data-mining-queries.md
@@ -7,28 +7,14 @@ ms.topic: how-to
 
 # Create data mining queries
 
-Running data mining queries provides dynamic, detailed information about your network devices. This includes information for specific time periods, internet connectivity, ports and protocols, firmware versions, programming commands, and device state.
+Running data mining queries provides dynamic and detailed information about your network devices. This includes information for specific time periods, internet connectivity, ports and protocols, firmware versions, programming commands, and device state.
 
 Data mining information is saved and stored continuously, except for when a device is deleted. Data mining results can be exported and stored externally to a secure server. In addition, the sensor performs automatic daily backups to ensure system continuity and preservation of data.
 
 ## Prerequisites
 
 You must be an **Admin** or **Security Analyst** user to access predefined data mining reports.
 
-## Predefined data mining reports
-
-The following predefined reports are available in **Analyze** > **Data Mining**. These queries are generated in real time.
-
-| Report | Description |
-|---------|---------|
-| **Programming commands** | Devices that send industrial programming. |
-| **Remote access** | Devices that communicate through remote session protocols. |
-| **Internet activity** | Devices that are connected to the internet. |
-| **CVEs** | A list of devices detected with known vulnerabilities, along with CVSSv2 risk scores. |
-| **Excluded CVEs** | A list of all the CVEs that were manually excluded. It's possible to customize the CVE list manually so that the VA reports and attack vectors more accurately reflect your network by excluding or including particular CVEs and updating the CVSSv2 score accordingly. |
-| **Nonactive devices** | Devices that haven't communicated for the past seven days. |
-| **Active devices** | Active network devices within the last 24 hours. |
-
 ## Create a report
 
 Reports are dynamically updated each time you open them, meaning that the report will show information that's accurate for the date of viewing the report, rather than the date of creating the report.
@@ -57,22 +43,29 @@ You can use data mining queries for:
 |---------|---------|
 | **SOC incident response** | Generate a report in real time to help deal with immediate incident response. For example, Data Mining can generate a report for a list of devices that might require patching. |
 | **Forensics** | Generate a report based on historical data for investigative reports. |
-| **Network security** | Generate a report that helps improve overall network security. For example, generate a report can be generated that lists devices with weak authentication credentials. |
+| **Network security** | Generate a report that helps improve overall network security. For example, generate a report that lists devices with weak authentication credentials. |
 | **Visibility** | Generate a report that covers all query items to view all baseline parameters of your network. |
-| **PLC security** | Improve security by detecting PLCs in unsecure states, for example,  Program and Remote states. |
+| **PLC security** | Improve security by detecting PLCs in unsecure states, such as Program and Remote states. |
 
-## View reports in on-premises management console
+## Predefined data mining reports
 
-The on-premises management console lets you generate reports for each sensor that's connected to it. Reports are based on sensor data-mining queries that are performed, and include:
+The following predefined reports are available in **Analyze** > **Data Mining**. These queries are generated in real time.
 
-| Information  | Description  |
+| Report | Description |
 |---------|---------|
-| **Active Devices (Last 24 Hours)** | Presents a list of devices that show network activity within a period of 24 hours. |
-| **Non-Active Devices (Last 7 Days)** | Presents a list of devices that show no network activity in the last seven days. |
-| **Programming Commands** | Presents a list of devices that sent programming commands within the last 24 hours. |
-| **Remote Access** | Presents a list of devices that remote sources accessed within the last 24 hours. |
+| **Programming commands** | Devices that send industrial programming. |
+| **Remote access** | Devices that communicate through remote session protocols. |
+| **Internet activity** | Devices that are connected to the internet. |
+| **CVEs** | A list of devices detected with known vulnerabilities, along with CVSSv2 risk scores. |
+| **Excluded CVEs** | A list of all the CVEs that were manually excluded. Customize the CVE list manually if you want the VA reports and attack vectors to reflect your network more accurately by excluding or including particular CVEs and updating the CVSSv2 score accordingly. |
+| **Nonactive devices** | Devices that haven't communicated for the past seven days. |
+| **Active devices** | Active network devices within the last 24 hours. |
+
+## View reports in on-premises management console
 
-When you choose the sensor from the on-premises management console, all the custom reports configured on that sensor appear in the list of reports. For each sensor, you can generate a default report or a custom report configured on that sensor.
+The on-premises management console lets you generate reports for each sensor that's connected to it. When you choose a sensor from the on-premises management console, all the custom reports configured on that sensor appear in the list of reports.
+
+For each sensor, you can generate a default report or a custom report configured on that sensor.
 
 **To generate a report**:
 
@@ -86,6 +79,15 @@ When you choose the sensor from the on-premises management console, all the cust
 
 4. To create a PDF of the report results, select :::image type="icon" source="media/how-to-generate-reports/pdf-report-icon.png" border="false":::.
 
+Reports are based on sensor data-mining queries that are performed, and include:
+
+| Information  | Description  |
+|---------|---------|
+| **Active Devices (Last 24 Hours)** | Presents a list of devices that show network activity within a period of 24 hours. |
+| **Non-Active Devices (Last 7 Days)** | Presents a list of devices that show no network activity in the last seven days. |
+| **Programming Commands** | Presents a list of devices that sent programming commands within the last 24 hours. |
+| **Remote Access** | Presents a list of devices that remote sources accessed within the last 24 hours. |
+
 ## Next steps
 
 Reports can be viewed in the **Data Mining** page. You can refresh a report, edit report parameters, and export to a CSV file or PDF. You can also take a snapshot of a report.
diff --git a/articles/defender-for-iot/organizations/how-to-create-trends-and-statistics-reports.md b/articles/defender-for-iot/organizations/how-to-create-trends-and-statistics-reports.md
@@ -23,14 +23,17 @@ You can create many different types of dashboards, based on traffic, device stat
 
 1. In the **Create Dashboard** pane that appears  on the right:
 
-    - In the **Dashboard name** field, enter a meaningful name for your dashboard.
-    - (Optional) Filter the widgets displayed by selecting a category or protocol from the **Dashboard widget type** menu.
-    - Scroll down as needed and select the widget you want to add. Each widget has a short description and indicates whether it focuses on operations, security, or traffic.
-    - Select **Save** to start your new dashboard.
+    |Parameter  |Description  |
+    |---------|---------|
+    | **Dashboard name** | Enter a meaningful name for your dashboard. |
+    | **Dashboard widget type** (Optional) | Filter the widgets displayed by selecting a category or protocol from the  menu. |
+    | **Widget** | Scroll down as needed and select the widget you want to add. Each widget has a short description and indicates whether it focuses on operations, security, or traffic. |
+
+1. Select **Save** to start your new dashboard.
 
 1. Your widget is added to the new dashboard. Use the toolbar at the top of page to continue modifying your dashboard.
 
-By default, results are displayed for detections for over the last seven days. Select the **Filter** button at the top left of each widget to change this range.
+By default, results display detections for over the last seven days. Select the **Filter** button at the top left of each widget to change this range.
 
 > [!NOTE]
 > The time shown in the widget is set according to the sensor machine's time.
@@ -40,19 +43,19 @@ By default, results are displayed for detections for over the last seven days. S
 
 The following table summarizes common use cases for dashboard widgets.
 
-Widget name | Sample use case
---- | ---
-Busy devices | Lists the five busiest devices. In **Edit** mode, you can filter by known protocols.
-Total bandwidth | Tracks the bandwidth in Mbps (megabits per second). The bandwidth is indicated on the y-axis, with the date appearing on the x-axis. **Edit** mode allows you to filter results.
-Channels bandwidth | Displays the top five traffic channels. You can filter by Address, and set the number of Presented Results. Select the down arrow to show more channels.
-Traffic by port | Displays the traffic by port, which is indicated by a pie chart with each port designated by a different color. The amount of traffic in each port is proportional to the size of its part of the pie.
-New devices | Displays the new devices bar chart, which indicates how many new devices were discovered on a particular date.
-Protocol dissection | Displays a pie chart that provides you with a look at the traffic per protocol, dissected by function codes, and services. The size of each slice of the pie is proportional to the amount of traffic relative to the other slices.
-Active TCP connections | Displays a chart that shows the number of active TCP connections in the system.
-Incident by type | Displays a pie chart that shows the number of incidents by type. This is the number of alerts generated by each engine over a predefined time period.
-Devices by vendor | Displays a pie chart that shows the number of devices by vendor. The number of devices for a specific vendor is proportional to the size of that device’s vendor part of the disk relative to other device vendors.
-Number of devices per VLAN | Displays a pie chart that shows the number of discovered devices per VLAN. The size of each slice of the pie is proportional to the number of discovered devices relative to the other slices. Each VLAN appears with the VLAN tag assigned by the sensor or name that you've manually added.
-Top bandwidth by VLAN | Displays the bandwidth consumption by VLAN. By default, the widget shows five VLANs with the highest bandwidth usage. You can filter the data by the period presented in the widget. Select the down arrow to show more results.
+| Widget name | Sample use case |
+| --- | --- |
+| **Busy devices** | Lists the five busiest devices. In **Edit** mode, you can filter by known protocols. |
+| **Total bandwidth** | Tracks the bandwidth in Mbps (megabits per second). The bandwidth is indicated on the y-axis, with the date appearing on the x-axis. **Edit** mode allows you to filter results. |
+| **Channels bandwidth** | Displays the top five traffic channels. You can filter by Address, and set the number of Presented Results. Select the down arrow to show more channels. |
+| **Traffic by port** | Displays the traffic by port using a pie chart where each port is a different color. For each port, the size of its slice of the pie reflects the amount of traffic in it. |
+| **New devices** | Displays the new devices bar chart, showing how many new devices were discovered on a particular date. |
+| **Protocol dissection** | Displays a pie chart showing the traffic per protocol, dissected by function codes and services. The size of each slice of the pie reflects the relative amount of traffic in it compared to the other slices. |
+| **Active TCP connections** | Displays a chart showing the number of active TCP connections in the system. |
+| **Incident by type** | Displays a pie chart showing the number of incidents by type. This is the number of alerts generated by each engine over a predefined time period. |
+| **Devices by vendor** | Displays a pie chart showing the number of devices by vendor. For each vendor, the size of their slice of the pie reflects the number of their devices. |
+| **Number of devices per VLAN** | Displays a pie chart showing the number of discovered devices per VLAN. The size of each slice of the pie reflects the relative number of discovered device in it compared to the other slices. Each VLAN appears with the VLAN tag assigned by the sensor or the name that you've manually added. |
+| **Top bandwidth by VLAN** | Displays the bandwidth consumption by VLAN. By default, the widget shows five VLANs with the highest bandwidth usage. You can filter the data by the period presented in the widget. Select the down arrow to show more results. |
 
 ## Next steps
 
