fixing TOC also moving section

batamig · batamig · commit dd19cc6d457e · 2025-01-14T14:49:11.000+02:00
diff --git a/articles/sentinel/TOC.yml b/articles/sentinel/TOC.yml
@@ -912,13 +912,13 @@
     - name: Overview
       href: kusto-overview.md
     - name: Query best practices
-      href: /kusto/query/best-practices?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
+      href: /kusto/query/best-practices?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json&view=microsoft-sentinel
     - name: SQL to KQL cheat sheet
-      href: /kusto/query/sql-cheat-sheet?view=microsoft-fabric
+      href: /kusto/query/sql-cheat-sheet?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json&view=microsoft-sentinel
     - name: Splunk to KQL cheat sheet
-      href: /kusto/query/splunk-cheat-sheet?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
+      href: /kusto/query/splunk-cheat-sheet?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json&view=microsoft-sentinel
     - name: KQL quick reference
-      href: /kusto/query/kql-quick-reference?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
+      href: /kusto/query/kql-quick-reference?toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json&view=microsoft-sentinel
     - name: Other KQL resources
       href: kusto-resources.md 
   - name: Create custom query
diff --git a/articles/sentinel/incident-investigation.md b/articles/sentinel/incident-investigation.md
@@ -66,7 +66,7 @@ Search the list of alerts and bookmarks, or filter the list by severity, tactics
 - The **alert provider**, in the second part of the subtitle. For bookmarks, the **creator** of the bookmark.
 - The MITRE ATT&CK **tactics** associated with the alert, indicated by icons and ToolTips, in the third part of the subtitle.
 
-For more information, see [Reconstruct the timeline of attacker activity](investigate-incidents.md#reconstruct-the-timeline-of-attacker-activity).
+For more information, see [Reconstruct the timeline of the attack story](investigate-incidents.md#reconstruct-the-timeline-of-the-attack-story).
 
 ### Lists of similar incidents
 
diff --git a/articles/sentinel/investigate-incidents.md b/articles/sentinel/investigate-incidents.md
@@ -77,7 +77,7 @@ The **Overview** tab contains the following widgets, each of which represents an
 
 | **Widget**           | **Description**    |
 |---------------------------|----------------------------------------------------|
-|**Incident timeline** | The **Incident timeline** widget shows you the timeline of alerts and [bookmarks](bookmarks.md) in the incident, which can help you reconstruct the timeline of attacker activity. Select an individual item to see all of its details, enabling you to drill down further. For more information, see [Reconstruct the timeline of attacker activity](#reconstruct-the-timeline-of-attacker-activity). |
+|**Incident timeline** | The **Incident timeline** widget shows you the timeline of alerts and [bookmarks](bookmarks.md) in the incident, which can help you reconstruct the timeline of attacker activity. Select an individual item to see all of its details, enabling you to drill down further. For more information, see [Reconstruct the timeline of the attack story](#reconstruct-the-timeline-of-the-attack-story). |
 | **Similar incidents** |  In the **Similar incidents** widget, you see a collection of up to 20 other incidents that most closely resemble the current incident. This allows you to view the incident in a larger context and helps direct your investigation.  For more information, see [Check for similar incidents in your environment](#check-for-similar-incidents-in-your-environment). |
 | **Entities** | The **Entities** widget shows you all the [entities](entities.md) that have been identified in the alerts. These are the objects that played a role in the incident, whether they be users, devices, addresses, files, or [any other types](./entities-reference.md). Select an entity to see its full details, which are displayed in the **Entities tab**. For more information, see [Explore the incident's entities](#explore-the-incidents-entities).|
 | **Top insights** | In the **Top insights** widget, you see a collection of results of queries defined by Microsoft security researchers that provide valuable and contextual security information on all the entities in the incident, based on data from a collection of sources. For more information, see [Get the top insights into your incident](#get-the-top-insights-into-your-incident).|
