Learn Editor: Update data-connections.md

Author: elaineriq

articles/external-attack-surface-management/data-connections.md

@@ -37,7 +37,8 @@ To accurately present the infrastructure that matters most to your organization,
 The Asset Data option will send data about all your inventory assets to the tool of your choice. This option is best for use cases where the granular underlying metadata is key to the operationalization of your Defender EASM integration (e.g. Sentinel, customized reporting in Data Explorer).  Users can export high-level context on every asset in inventory as well as granular details specific to the particular asset type. This option does not provide any pre-determined insights about the assets; instead, it offers an expansive amount of data so users can surface the customized insights they care about most.  
 
 
-**Attack surface insights**  
+**Attack surface insights**
+
 Attack Surface Insights provide an actionable set of results based on the key insights delivered through dashboards in Defender EASM. This option provides less granular metadata on each asset; instead, it categorizes assets based on the corresponding insight(s) and provides the high-level context required to investigate further. This option is ideal for those who want to integrate these pre-determined insights into custom reporting workflows in conjunction with data from other tools.
 
 ## **Configuring data connections**
@@ -46,8 +47,7 @@ Attack Surface Insights provide an actionable set of results based on the key in
 **Accessing data connections**
 Users can access Data Connections from the **Manage** section of the left-hand navigation pane within their Defender EASM resource blade. This page displays the data connectors for both Log Analytics and Azure Data Explorer, listing any current connections and providing the option to add, edit or remove connections. 
 
-![Screenshot of Data Connector.](media/data-connections/dataconnector-1.png)
-
+![Screenshot of data connector.](media/data-connections/data-connector-1.png)
 
 
 **Connection prerequisites**
@@ -57,13 +57,13 @@ To successfully create a data connection, users must first ensure that they have
 
 1. Open the Log Analytics workspace that will ingest your Defender EASM data, or [create a new workspace](/azure/azure-monitor/logs/quick-create-workspace?tabs=azure-portal). 
 1. Select **Access control (IAM)** from the left-hand navigation pane. For more information on access control, see [identity documentation](/azure/cloud-adoption-framework/decision-guides/identity/).
-   ![Screenshot of Log Analytics.](media/data-connections/dataconnector-2.png)
+   ![Screenshot of Log Analytics Access control.](media/data-connections/data-connector-2.png)
 
 1. On this page, select **+Add** to create a new role assignment. 
 1. 1. From the **Role** tab, select **Contributor**. Click **Next**. 
 1. Open the **Members** tab. Click **+ Select members** to open a configuration pane. Search for **“EASM API”** and click on the value in the members list. Once done, click **Select**, then **Review + assign.** 
 1. Once the role assignment has been created, select **Agents** from the **Settings** section of the left-hand navigation menu.
-   ![Screenshot of Log Analytics Agents.](media/data-connections/dataconnector-3.png)
+   ![Screenshot of Log Analytics agents.](media/data-connections/data-connector-3.png)
 
 1. Expand the **Log Analytics agent instructions** section to view your Workspace ID and Primary key. These values will be used to set up your data connection. Save the values in the following format: *WorkspaceId=XXX;ApiKey=YYY*
 
@@ -72,14 +72,14 @@ To successfully create a data connection, users must first ensure that they have
 1. Open the Data Explorer cluster that will ingest your Defender EASM data or [create a new cluster](/azure/data-explorer/create-cluster-database-portal). 
 1. Select **Databases** in the Data section of the left-hand navigation menu.
 1. Select **+ Add Database** to create a database to house your Defender EASM data.
-   ![Screenshot of Add Database.](media/data-connections/dataconnector-4.png)
+   ![Screenshot of Azure Data Explorer Add database.](media/data-connections/data-connector-4.png)
 
 1. Name your database, configure retention and cache periods, then select **Create**.
-   ![Screenshot of Azure Data Explorer Database.](media/data-connections/dataconnector-5.png)
+   ![Screenshot of add database.](media/data-connections/data-connector-5.png)
 
 1. Once your Defender EASM database has been created, click on the database name to open the details page. Select **Permissions** from the Overview section of the left-hand navigation menu.
-   To successfully export Defender EASM data to Data Explorer, users must create two new permissions for the EASM API: **user** and **ingestor**. 
-   ![Screenshot of Azure Data Explorer Permissions.](media/data-connections/dataconnector-6.png)
+   To successfully export Defender EASM data to Data Explorer, users must create two new permissions for the EASM API: **user** and **ingestor**.
+   ![Screenshot of Azure Data Explorer permissions.](media/data-connections/data-connector-6.png)
 
 1. First, select **+ Add** and create a user.  Search for “**EASM API**”, select the value then click **Select**. 
 1. Select **+ Add** to create an ingestor.  Follow the same steps outlined above to add the **"EASM API"** as an ingestor. 
@@ -95,11 +95,7 @@ A configuration pane will open on the right-hand side of the Data Connections sc
 - **Name**: enter a name for this data connection.
 - **Connection String**: enter the details required to connect your Defender EASM resource to another tool.  For Log Analytics, users enter the workspaceID and coinciding API key associated to their account. For Azure Data Explorer, users enter the cluster name, region and database name associated to their account. Both values must be entered in the format shown when the field is blank.
 - **Content**: users can select to integrate asset data, attack surface insights or both datasets. 
-- - **Frequency**: select the frequency that the Defender EASM connection sends updated data to the tool of your choice. Available options are daily, weekly and monthly.
-
-   ![Screenshot of Add data connection.](media/data-connections/dataconnector-7.png)
-
-   
+- **Frequency**: select the frequency that the Defender EASM connection sends updated data to the tool of your choice. Available options are daily, weekly and monthly.
 Once all four fields are configured, select **Add** to create the data connection. At this point, the Data Connections page will display a banner that indicates the resource has been successfully created and data will begin populating within 30 minutes. Once connections are created, they will be listed under the applicable tool on the main Data Connections page. 
 
 
@@ -110,13 +106,13 @@ Users can edit or delete a data connection. For example, you may notice that a c
 To edit or delete a data connection: 
 
 1. Select the appropriate connection from the list on the main Data Connections page.
-   ![Screenshot of Disconnected data connections.](media/data-connections/dataconnector-8.png)
+   ![Screenshot of disconnected data connections.](media/data-connections/data-connector-8.png)
 
 1. This action will open a page that provides additional data about the connection. This page displays the configurations you elected when creating the connection, as well as any error messages. Users will also see the following additional data:
    •	**Recurring on**: the day of the week or month that Defender EASM sends updated data to the connected tool.
    •	**Created**: the date and time that the data connection was created.
    •	**Updated**: the date and time that the data connection was last updated.
-   ![Screenshot of Test connections.](media/data-connections/dataconnector-9.png)
+   ![Screenshot of test connections.](media/data-connections/data-connector-9.png)
 
 1. From this page, users can elect to reconnect, edit or delete their data connection.
    •	**Reconnect**: this option attempts to validate the data connection without any changes to the configuration. This option is best for those who have validated the authentication credentials used for the data connection.
@@ -127,3 +123,4 @@ To edit or delete a data connection:
 
 
 
+