Merge pull request #285569 from paulth1/sentinel-threat-intelligence-batch1

[AQ] edit: Sentinel threat intelligence batch1

Author: ShawnJackson

articles/sentinel/connect-mdti-data-connector.md

@@ -2,7 +2,7 @@
 title: Enable data connector for Microsoft's threat intelligence
 titleSuffix: Microsoft Defender Threat Intelligence
 keywords: premium, TI, STIX objects, relationships, threat actor, watchlist, license
-description: Learn how to ingest Microsoft's threat intelligence into your Sentinel workspace to generate high fidelity alerts and incidents.
+description: Learn how to ingest Microsoft's threat intelligence into your Microsoft Sentinel workspace to generate high-fidelity alerts and incidents.
 author: austinmccollum
 ms.topic: how-to
 ms.date: 8/16/2024
@@ -11,56 +11,62 @@ appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
 ms.collection: usx-security
-#customer intent: As a SOC admin, I want to utilize the best threat intelligence from Microsoft, so I can generate high fidelity alerts and incidents.
+#customer intent: As an SOC admin, I want to use the best threat intelligence from Microsoft so that I can generate high-fidelity alerts and incidents.
 ---
 
 # Enable data connector for Microsoft Defender Threat Intelligence
-Bring public, open source and high fidelity indicators of compromise (IOC) generated by Microsoft Defender Threat Intelligence (MDTI) into your Microsoft Sentinel workspace with the MDTI data connectors. With a simple one-click setup, use the TI from the standard and premium MDTI data connectors to monitor, alert and hunt.
+
+Bring public, open-source and high-fidelity indicators of compromise (IOCs) generated by Microsoft Defender Threat Intelligence into your Microsoft Sentinel workspace with the Defender Threat Intelligence data connectors. With a simple one-click setup, use the threat intelligence from the standard and premium Defender Threat Intelligence data connectors to monitor, alert, and hunt.
 
 > [!IMPORTANT]
-> The Microsoft Defender Threat Intelligence data connector and the Premium Microsoft Defender Threat Intelligence data connector are currently in PREVIEW. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+> The Defender Threat Intelligence data connector and the premium Defender Threat Intelligence data connector are currently in preview. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for more legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 > [!INCLUDE [unified-soc-preview-without-alert](includes/unified-soc-preview-without-alert.md)]
 
-For more information about the benefits of the standard and premium MDTI data connectors, see [Understand threat intelligence](understand-threat-intelligence.md#add-threat-indicators-to-microsoft-sentinel-with-the-microsoft-defender-threat-intelligence-data-connector).
+For more information about the benefits of the standard and premium Defender Threat Intelligence data connectors, see [Understand threat intelligence](understand-threat-intelligence.md#add-threat-indicators-to-microsoft-sentinel-with-the-defender-threat-intelligence-data-connector).
 
 ## Prerequisites
-- In order to install, update and delete standalone content or solutions in content hub, you need the **Microsoft Sentinel Contributor** role at the resource group level.
+
+- To install, update, and delete standalone content or solutions in the **Content hub**, you need the Microsoft Sentinel Contributor role at the resource group level.
 - To configure these data connectors, you must have read and write permissions to the Microsoft Sentinel workspace.
 
-## Install the Threat Intelligence solution in Microsoft Sentinel
+## Install the threat intelligence solution in Microsoft Sentinel
 
-To import threat indicators into Microsoft Sentinel from standard and premium MDTI, follow these steps:
+To import threat indicators into Microsoft Sentinel from standard and premium Defender Threat Intelligence, follow these steps:
 
-1. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Content management**, select **Content hub**. <br>For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Content management** > **Content hub**.
+1. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Content management**, select **Content hub**.
+
+   For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Content management** > **Content hub**.
 
 1. Find and select the **Threat Intelligence** solution.
 
 1. Select the :::image type="icon" source="media/connect-mdti-data-connector/install-update-button.png"::: **Install/Update** button.
 
 For more information about how to manage the solution components, see [Discover and deploy out-of-the-box content](sentinel-solutions-deploy.md).
 
-## Enable the Microsoft Defender Threat Intelligence data connector
+## Enable the Defender Threat Intelligence data connector
+
+1. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Configuration**, select **Data connectors**.
 
-1. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Configuration**, select **Data connectors**.<br> For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Configuration** > **Data connectors**.
+   For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Configuration** > **Data connectors**.
 
-1. Find and select the Microsoft Defender Threat Intelligence data connector > **Open connector page** button.
+1. Find and select the Defender Threat Intelligence data connector **Open connector page** button.
 
-    :::image type="content" source="media/connect-mdti-data-connector/premium-microsoft-defender-threat-intelligence-data-connector-config.png" alt-text="Screenshot displaying the data connectors page with the MDTI data connector listed." lightbox="media/connect-mdti-data-connector/premium-microsoft-defender-threat-intelligence-data-connector-config.png"::: 
+    :::image type="content" source="media/connect-mdti-data-connector/premium-microsoft-defender-threat-intelligence-data-connector-config.png" alt-text="Screenshot that shows the Data connectors page with the Defender Threat Intelligence data connector listed." lightbox="media/connect-mdti-data-connector/premium-microsoft-defender-threat-intelligence-data-connector-config.png"::: 
 
-1. Enable the feed by selecting the **Connect** button
+1. Enable the feed by selecting **Connect**.
 
-    :::image type="content" source="media/connect-mdti-data-connector/microsoft-defender-threat-intelligence-data-connector-connect.png" alt-text="Screenshot displaying the MDTI data connector page and the connect button." lightbox="media/connect-mdti-data-connector/microsoft-defender-threat-intelligence-data-connector-connect.png"::: 
+    :::image type="content" source="media/connect-mdti-data-connector/microsoft-defender-threat-intelligence-data-connector-connect.png" alt-text="Screenshot that shows the Defender Threat Intelligence Data connector page and the Connect button." lightbox="media/connect-mdti-data-connector/microsoft-defender-threat-intelligence-data-connector-connect.png"::: 
 
-1. When MDTI indicators start populating the Microsoft Sentinel workspace, the connector status displays **Connected**.
+1. When Defender Threat Intelligence indicators start populating the Microsoft Sentinel workspace, the connector status displays **Connected**.
 
-At this point, the ingested indicators are now available for use in the *TI map...* analytics rules. For more information, see [Use threat indicators in analytics rules](use-threat-indicators-in-analytics-rules.md). 
+At this point, the ingested indicators are now available for use in the `TI map...` analytics rules. For more information, see [Use threat indicators in analytics rules](use-threat-indicators-in-analytics-rules.md). 
 
-Find the new indicators in the **Threat intelligence** blade or directly in **Logs** by querying the **ThreatIntelligenceIndicator** table. For more information, see [Work with threat indicators](work-with-threat-indicators.md).
+Find the new indicators on the **Threat intelligence** pane or directly in **Logs** by querying the `ThreatIntelligenceIndicator` table. For more information, see [Work with threat indicators](work-with-threat-indicators.md).
 
 ## Related content
 
-In this document, you learned how to connect Microsoft Sentinel to Microsoft's threat intelligence feed with the MDTI data connector. To learn more about Microsoft Defender for Threat Intelligence see the following articles.
+In this article, you learned how to connect Microsoft Sentinel to the Microsoft threat intelligence feed with the Defender Threat Intelligence data connector. To learn more about Defender Threat Intelligence, see the following articles:
 
-- Learn about [What is Microsoft Defender Threat Intelligence?](/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti).
-- Get started with the MDTI portal [MDTI portal](/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal).
-- Use MDTI in analytics [Use matching analytics to detect threats](use-matching-analytics-to-detect-threats.md).
+- Learn about [What is Defender Threat Intelligence?](/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti).
+- Get started with the [Defender Threat Intelligence portal](/defender/threat-intelligence/learn-how-to-access-microsoft-defender-threat-intelligence-and-make-customizations-in-your-portal).
+- Use Defender Threat Intelligence in analytics [by using matching analytics to detect threats](use-matching-analytics-to-detect-threats.md).