Merge pull request #105589 from memildin/asc-melvyn-vmva

Minor tweaks for issues flagged by reviewer

Author: PMEds28

.vscode/settings.json

@@ -54,5 +54,8 @@
         "XAML",
         "XML",
         "YAML"
+    ],
+    "cSpell.words": [
+        "auditd"
     ]
 }

articles/security-center/advanced-threat-protection-key-vault.md

@@ -16,9 +16,9 @@ Advanced threat protection for Azure Key Vault provides an additional layer of s
 
 When Security Center detects anomalous activity, it displays alerts. It also emails the subscription administrator with details of the suspicious activity and recommendations for how to investigate and remediate the identified threats.
 
-## Enabling and disabling threat protection from Azure Security Center
+## Configuring threat protection from Security Center
 
-By default, advanced threat protection is enabled for all of your Key Vault accounts when you subscribe to the Security Center Standard tier. For more information, see [Pricing](security-center-pricing.md).
+By default, advanced threat protection is enabled for all of your Key Vault accounts when you subscribe to Security Center's standard pricing tier. For more information, see [Pricing](security-center-pricing.md).
 
 To enable or disable the protection for a specific subscription:
 
@@ -39,6 +39,7 @@ To enable or disable the protection for a specific subscription:
 
 In this article, you learned how to enable and disable advanced threat protection for Azure Key Vault. 
 
-For related material, see the following article:
+For related material, see the following articles:
 
 - [Threat protection in Azure Security Center](threat-protection.md)--This article describes the sources of security alerts in Azure Security Center.
+- [Key Vault security alerts](alerts-reference.md#alerts-azurekv)--The Key Vault section of the reference table for all Azure Security Center alerts

articles/security-center/alerts-reference.md

@@ -414,6 +414,7 @@ Security Center's supported kill chain intents are based on the [MITRE ATT&CK™
 ## Next steps
 To learn more about alerts, see the following:
 
+* [Threat protection in Azure Security Center](threat-protection.md)
 * [Security alerts in Azure Security Center](security-center-alerts-overview.md)
 * [Manage and respond to security alerts in Azure Security Center](security-center-managing-and-responding-alerts.md)
 * [Export security alerts and recommendations (Preview)](continuous-export.md)

articles/security-center/threat-protection.md

@@ -18,14 +18,16 @@ This page briefly describes the sources of the security alerts displayed by Azur
 
 When Security Center detects a threat in any of the areas of your environment listed below, it generates an alert. These alerts describe details of the affected resources, suggested remediation steps, and in some cases an option to trigger a logic app in response.
 
-Whether an alert is generated by Security Center, or received by Security Center from a different security product, you can export it to Azure Sentinel (or another SIEM) or other external location using the instructions in [Exporting alerts and recommendations](continuous-export.md). 
+Whether an alert is generated by Security Center, or received by Security Center from a different security product, you can export it. To export your alerts to Azure Sentinel (or a third-party SIEM) or any other external locations, follow the instructions in [Exporting alerts and recommendations](continuous-export.md). 
+
+
 
 
 ## Threat protection for Windows machines <a name="windows-machines"></a>
 
 Azure Security Center integrates with Azure services to monitor and protect your Windows-based machines. Security Center presents the alerts and remediation suggestions from all of these services in an easy-to-use format.
 
-* **Microsoft Defender ATP** <a name="windows-atp"></a> - Security Center extends its cloud workload protection platforms by integrating with Microsoft Defender Advanced Threat Protection (ATP). This provides comprehensive endpoint detection and response (EDR) capabilities.
+* **Microsoft Defender ATP** <a name="windows-atp"></a> - Security Center extends its cloud workload protection platforms by integrating with Microsoft Defender Advanced Threat Protection (ATP). Together, they provide comprehensive endpoint detection and response (EDR) capabilities.
 
     > [!IMPORTANT]
     > The Microsoft Defender ATP sensor is automatically enabled on Windows servers that use Security Center.
@@ -62,11 +64,11 @@ Security Center collects audit records from Linux machines by using **auditd**,
 
 * **Linux auditd alerts and Microsoft Monitoring Agent (MMA) integration** <a name="linux-auditd"></a> - The auditd system consists of a kernel-level subsystem, which is responsible for monitoring system calls. It filters them by a specified rule set, and writes messages for them to a socket. Security Center integrates functionalities from the auditd package within the Microsoft Monitoring Agent (MMA). This integration enables collection of auditd events in all supported Linux distributions, without any prerequisites.  
 
-    auditd records are collected, enriched, and aggregated into events by using the Linux MMA agent. Security Center continuously adds new analytics that use Linux signals to detect malicious behaviors on cloud and on-premises Linux machines. Similar to Windows capabilities, these analytics span across suspicious processes, dubious sign-in attempts, kernel module loading, and other activities. These activities can indicate a machine is either under attack or has been breached.  
+    auditd records are collected, enriched, and aggregated into events by using the Linux MMA agent. Security Center continuously adds new analytics that use Linux signals to detect malicious behaviors on cloud and on-premises Linux machines. Similar to Windows capabilities, these analytics span across suspicious processes, dubious sign in attempts, kernel module loading, and other activities. These activities can indicate a machine is either under attack or has been breached.  
 
     For a list of the Linux alerts, see the [Reference table of alerts](alerts-reference.md#alerts-linux).
 
-> [!NOTE]
+> [!TIP]
 > You can simulate Linux alerts by downloading [Azure Security Center Playbook: Linux Detections](https://gallery.technet.microsoft.com/Azure-Security-Center-0ac8a5ef).
 
 
@@ -105,7 +107,7 @@ Security Center provides threat protection at different levels:
 
     For a deeper insight into the security of your containerized environment, the agent monitors container-specific analytics. It will trigger alerts for events such as privileged container creation, suspicious access to API servers, and Secure Shell (SSH) servers running inside a Docker container.
 
-    >[!NOTE]
+    >[!IMPORTANT]
     > If you choose not to install the agents on your hosts, you will only receive a subset of the threat detection benefits and alerts. You'll still receive alerts related to network analysis and communications with malicious servers.
 
     For a list of the host level alerts, see the [Reference table of alerts](alerts-reference.md#alerts-containerhost).
@@ -135,7 +137,7 @@ Some network configurations may restrict Security Center from generating alerts
 
 - Your virtual machine's network egress traffic isn't blocked by an external IDS solution.
 
-- Your virtual machine has been assigned the same IP address for the entire hour during which the suspicious communication occurred. This also applies to VMs created as part of a managed service (e.g. AKS, Databricks).
+- Your virtual machine has been assigned the same IP address for the entire hour during which the suspicious communication occurred. This also applies to VMs created as part of a managed service (for example, AKS, Databricks).
 
 For a list of the Azure network layer alerts, see the [Reference table of alerts](alerts-reference.md#alerts-azurenetlayer).
 
@@ -171,7 +173,7 @@ For a list of the Azure Key Vault alerts, see the [Reference table of alerts](al
 
 Advanced Threat Protection for Azure SQL Database detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.
 
-You'll see alerts when there are suspicious database activities, potential vulnerabilities, or SQL injection attacks, as well as anomalous database access and query patterns.
+You'll see alerts when there are suspicious database activities, potential vulnerabilities, or SQL injection attacks, and anomalous database access and query patterns.
 
 Advanced Threat Protection for Azure SQL Database and SQL is part of the [Advanced Data Security (ADS)](https://docs.microsoft.com/azure/sql-database/sql-database-advanced-data-security) unified package for advanced SQL security capabilities, covering Azure SQL Databases, Azure SQL Database managed instances, Azure SQL Data Warehouse databases, and SQL servers on Azure Virtual Machines.
 
@@ -257,10 +259,19 @@ If you have a license for Azure WAF, your WAF alerts are streamed to Security Ce
 
 ### Threat protection for Azure DDoS Protection <a name="azure-ddos"></a>
 
-Distributed denial of service (DDoS) attacks are known to be easy to execute. They have become a great security concern, particularly if you are moving your applications to the cloud. 
+Distributed denial of service (DDoS) attacks are known to be easy to execute. They've become a great security concern, particularly if you're moving your applications to the cloud. 
 
 A DDoS attack attempts to exhaust an application’s resources, making the application unavailable to legitimate users. DDoS attacks can target any endpoint that can be reached through the internet.
 
-To defend against DDoS attacks, purchase a license for Azure DDoS Protection and ensure you are following application design best practices. DDoS Protection provides different service tiers. For more information, see [Azure DDoS Protection overview](https://docs.microsoft.com/azure/virtual-network/ddos-protection-overview).
+To defend against DDoS attacks, purchase a license for Azure DDoS Protection and ensure you're following application design best practices. DDoS Protection provides different service tiers. For more information, see [Azure DDoS Protection overview](https://docs.microsoft.com/azure/virtual-network/ddos-protection-overview).
+
+For a list of the Azure DDoS Protection alerts, see the [Reference table of alerts](alerts-reference.md#alerts-azureddos).
+
+
+## Next steps
+To learn more about the security alerts from these threat protection features, see the following articles:
 
-For a list of the Azure DDoS Protection alerts, see the [Reference table of alerts](alerts-reference.md#alerts-azureddos).
+* [Reference table for all Azure Security Center alerts](alerts-reference.md)
+* [Security alerts in Azure Security Center](security-center-alerts-overview.md)
+* [Manage and respond to security alerts in Azure Security Center](security-center-managing-and-responding-alerts.md)
+* [Export security alerts and recommendations (Preview)](continuous-export.md)