Merge pull request #291017 from yelevin/yelevin/incidents-sentinel-only

prmerger-automator[bot] · web-flow · commit f5292f02618c · 2024-11-27T10:07:28.000Z
Updated titles and intros for Sentinel Only
diff --git a/articles/sentinel/audit-track-tasks.md b/articles/sentinel/audit-track-tasks.md
@@ -1,5 +1,5 @@
 ---
-title: Audit and track changes to incident tasks in Microsoft Sentinel
+title: Audit and track changes to incident tasks in Microsoft Sentinel in the Azure portal
 description: This article explains how you, as a SOC manager, can audit the history of Microsoft Sentinel incident tasks, and track changes to them, in order to gauge your task assignments and their contribution to your SOC's efficiency and effectiveness.
 author: yelevin
 ms.author: yelevin
@@ -10,7 +10,7 @@ appliesto:
 #Customer intent: As a SOC manager, I want to audit and track changes to incident tasks so that I can evaluate the effectiveness of task assignments and improve SOC efficiency.
 ---
 
-# Audit and track changes to incident tasks in Microsoft Sentinel
+# Audit and track changes to incident tasks in Microsoft Sentinel in the Azure portal
 
 [Incident tasks](incident-tasks.md) ensure comprehensive and uniform treatment of incidents across all SOC personnel. Task lists are typically defined according to determinations made by senior analysts or SOC managers, and put into practice using automation rules or playbooks.
 
diff --git a/articles/sentinel/collaborate-in-microsoft-teams.md b/articles/sentinel/collaborate-in-microsoft-teams.md
@@ -1,5 +1,5 @@
 ---
-title: Collaborate in Microsoft Teams with a Microsoft Sentinel incident team | Microsoft Docs
+title: Collaborate in Microsoft Teams with a Microsoft Sentinel incident team
 description: Learn how to connect to Microsoft Teams from Microsoft Sentinel to collaborate with others on your team using Microsoft Sentinel data.
 author: yelevin
 ms.topic: how-to
@@ -10,9 +10,9 @@ appliesto:
 #Customer intent: As a security analyst, I want to take advantage of Microsoft Teams' integration with Microsoft Sentinel to collaborate efficiently on incident investigations with my team.
 ---
 
-# Collaborate in Microsoft Teams (Public preview)
+# Collaborate in Microsoft Teams in the Azure portal (Public preview)
 
-Microsoft Sentinel supports a direct integration with [Microsoft Teams](/microsoftteams/), enabling you to jump directly into teamwork on specific incidents.
+Microsoft Sentinel in the Azure portal supports a direct integration with [Microsoft Teams](/microsoftteams/), enabling you to jump directly into teamwork on specific incidents.
 
 
 > [!IMPORTANT]
diff --git a/articles/sentinel/create-incident-manually.md b/articles/sentinel/create-incident-manually.md
@@ -1,5 +1,5 @@
 ---
-title: Create your own incidents manually in Microsoft Sentinel
+title: Create your own incidents manually in Microsoft Sentinel in the Azure portal
 description: Manually create incidents in Microsoft Sentinel based on data or information received by the SOC through alternate means or channels.
 author: yelevin
 ms.author: yelevin
@@ -10,7 +10,7 @@ appliesto:
 #Customer intent: As a security analyst, I want to manually create incidents in Microsoft Sentinel so that I can investigate and respond to threats not automatically detected or ingested from external systems.
 ---
 
-# Create your own incidents manually in Microsoft Sentinel
+# Create your own incidents manually in Microsoft Sentinel in the Azure portal
 
 > [!IMPORTANT]
 >
@@ -28,7 +28,7 @@ With Microsoft Sentinel as your security information and event management (SIEM)
 
 However, threat data can also come from other sources *not ingested into Microsoft Sentinel*, or events not recorded in any log, and yet can justify opening an investigation. For example, an employee might notice an unrecognized person engaging in suspicious activity related to your organization’s information assets. This employee might call or email the security operations center (SOC) to report the activity.
 
-Microsoft Sentinel allows your security analysts to manually create incidents for any type of event, regardless of its source or data, so you don't miss out on investigating these unusual types of threats.
+Microsoft Sentinel in the Azure portal allows your security analysts to manually create incidents for any type of event, regardless of its source or data, so you don't miss out on investigating these unusual types of threats.
 
 ## Common use cases
 
diff --git a/articles/sentinel/delete-incident.md b/articles/sentinel/delete-incident.md
@@ -1,6 +1,6 @@
 ---
-title: Delete incidents in Microsoft Sentinel
-description: Delete incidents in Microsoft Sentinel from the portal, through the API, or using a Logic App.
+title: Delete incidents in Microsoft Sentinel in the Azure portal
+description: Delete incidents in Microsoft Sentinel from the Azure portal, through the API, or using a Logic App.
 author: yelevin
 ms.author: yelevin
 ms.topic: how-to
@@ -10,15 +10,15 @@ appliesto:
 #Customer intent: As a security analyst, I want to delete duplicate or erroneous incidents in my incident management system so that I can maintain an accurate and efficient incident queue.
 ---
 
-# Delete incidents in Microsoft Sentinel
+# Delete incidents in Microsoft Sentinel in the Azure portal
 
 > [!IMPORTANT]
 >
 > Incident deletion using the portal is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 > 
 > Incident deletion is generally available through the API.
 
-The ability to create incidents from scratch in Microsoft Sentinel opens the possibility that you'll create an incident that you later decide you shouldn't have. For example, you may have created an incident based on an employee report, before having received any evidence (such as alerts), and soon afterward you receive alerts that automatically generate the incident in question. But now, you have a duplicate incident with no data in it. In this scenario, you can delete your duplicate incident right from the incident queue in the portal.
+The ability to create incidents from scratch in Microsoft Sentinel in the Azure portal opens the possibility that you'll create an incident that you later decide you shouldn't have. For example, you may have created an incident based on an employee report, before having received any evidence (such as alerts), and soon afterward you receive alerts that automatically generate the incident in question. But now, you have a duplicate incident with no data in it. In this scenario, you can delete your duplicate incident right from the incident queue in the Azure portal.
 
 **Deleting an incident is not a substitute for closing an incident!** Deleting an incident should only be done when at least one of the following conditions is met:
 - The incident was created manually by mistake.
diff --git a/articles/sentinel/incident-investigation.md b/articles/sentinel/incident-investigation.md
@@ -1,6 +1,6 @@
 ---
-title: Understand Microsoft Sentinel's incident investigation and case management capabilities
-description: This article describes Microsoft Sentinel's incident investigation and case management capabilities and features, taking you through the phases of a typical incident investigation while presenting all the displays and tools available to you to help you along.
+title: Incident investigation with Microsoft Sentinel in the Azure portal
+description: This article describes Microsoft Sentinel's incident investigation and case management capabilities and features in the Azure portal, taking you through the phases of a typical incident investigation while presenting all the displays and tools available to you to help you along.
 author: yelevin
 ms.author: yelevin
 ms.topic: conceptual
@@ -10,7 +10,7 @@ appliesto:
 #Customer intent: As a security analyst, I want to use Microsoft Sentinel for incident investigation so that I can efficiently manage and resolve security threats.
 ---
 
-# Understand Microsoft Sentinel's incident investigation and case management capabilities
+# Incident investigation with Microsoft Sentinel in the Azure portal
 
 Microsoft Sentinel gives you a complete, full-featured case management platform for investigating and managing security incidents. **Incidents** are Microsoft Sentinel’s name for case files that contain a complete and constantly updated chronology of a security threat, whether it’s individual pieces of evidence (alerts), suspects and parties of interest (entities), insights collected and curated by security experts and AI/machine learning models, or comments and logs of all the actions taken in the course of the investigation.
 
diff --git a/articles/sentinel/incident-tasks.md b/articles/sentinel/incident-tasks.md
@@ -1,5 +1,5 @@
 ---
-title: Use tasks to manage incidents in Microsoft Sentinel
+title: Use tasks to manage incidents in Microsoft Sentinel in the Azure portal
 description: This article describes incident tasks and how to work with them to ensure all required steps are taken in triaging, investigating, and responding to incidents in Microsoft Sentinel.
 author: yelevin
 ms.author: yelevin
@@ -10,7 +10,7 @@ appliesto:
 #Customer intent: As a security operations manager, I want to standardize incident response tasks using automation rules and playbooks so that my team can handle incidents consistently and efficiently.
 ---
 
-# Use tasks to manage incidents in Microsoft Sentinel
+# Use tasks to manage incidents in Microsoft Sentinel in the Azure portal
 
 One of the most important factors in running your security operations (SecOps) effectively and efficiently is the **standardization of processes**. SecOps analysts are expected to perform a list of steps, or tasks, in the process of triaging, investigating, or remediating an incident. Standardizing and formalizing the list of tasks can help keep your SOC running smoothly, ensuring the same requirements apply to all analysts. This way, regardless of who is on-shift, an incident will always get the same treatment and SLAs. Analysts won't need to spend time thinking about what to do, or worry about missing a critical step. Those steps are defined by the SOC manager or senior analysts (tier 2/3) based on common security knowledge (such as NIST), their experience with past incidents, or recommendations provided by the security vendor that detected the incident. 
 
diff --git a/articles/sentinel/investigate-incidents.md b/articles/sentinel/investigate-incidents.md
@@ -1,6 +1,6 @@
 ---
-title: Navigate and investigate incidents in Microsoft Sentinel
-description: This article takes you through all the panels and options available on the incident details page, helping you navigate and investigate your incidents more quickly, effectively, and efficiently, and reducing your mean time to resolve (MTTR).
+title: Navigate and investigate incidents in Microsoft Sentinel in the Azure portal
+description: This article takes you through all the panels and options available on the incident details page in the Azure portal, helping you navigate and investigate your incidents more quickly, effectively, and efficiently, and reducing your mean time to resolve (MTTR).
 author: yelevin
 ms.author: yelevin
 ms.topic: how-to
@@ -10,11 +10,11 @@ appliesto:
 #Customer intent: As a security analyst, I want to efficiently investigate security incidents using a comprehensive case management platform so that I can reduce the mean time to resolve (MTTR) and ensure effective incident response.
 ---
 
-# Navigate and investigate incidents in Microsoft Sentinel
+# Navigate and investigate incidents in Microsoft Sentinel in the Azure portal
 
-Microsoft Sentinel gives you a complete, full-featured case management platform for investigating security incidents. The **Incident details** page is your central location from which to run your investigation, collecting all the relevant information and all the applicable tools and tasks in one screen.
+Microsoft Sentinel gives you a complete, full-featured case management platform in the Azure portal for investigating security incidents. The **Incident details** page is your central location from which to run your investigation, collecting all the relevant information and all the applicable tools and tasks in one screen.
 
-This article takes you through all the panels and options available on the incident details page, helping you navigate and investigate your incidents more quickly, effectively, and efficiently, and reducing your mean time to resolve (MTTR).
+This article takes you through all the panels and options available on the incident details page in the Azure portal, helping you navigate and investigate your incidents more quickly, effectively, and efficiently, and reducing your mean time to resolve (MTTR).
 
 See instructions for the [previous version of incident investigation](investigate-cases.md).
 
diff --git a/articles/sentinel/relate-alerts-to-incidents.md b/articles/sentinel/relate-alerts-to-incidents.md
@@ -1,6 +1,6 @@
 ---
-title: Relate alerts to incidents in Microsoft Sentinel | Microsoft Docs
-description: This article shows you how to relate alerts to your incidents in Microsoft Sentinel.
+title: Relate alerts to incidents in Microsoft Sentinel in the Azure portal
+description: This article shows you how to relate alerts to your incidents in Microsoft Sentinel in the Azure portal.
 author: yelevin
 ms.author: yelevin
 ms.topic: how-to
@@ -10,9 +10,9 @@ appliesto:
 #Customer intent: As a security analyst, I want to relate alerts to incidents in Microsoft Sentinel so that I can refine and expand the scope of my investigations efficiently.
 ---
 
-# Relate alerts to incidents in Microsoft Sentinel
+# Relate alerts to incidents in Microsoft Sentinel in the Azure portal
 
-This article shows you how to relate alerts to your incidents in Microsoft Sentinel. This feature allows you to manually or automatically add alerts to, or remove them from, existing incidents as part of your investigation processes, refining the incident scope as the investigation unfolds. 
+This article shows you how to relate alerts to your incidents in Microsoft Sentinel. This feature allows you to manually or automatically add alerts to, or remove them from, existing incidents in the Azure portal as part of your investigation processes, refining the incident scope as the investigation unfolds. 
 
 > [!IMPORTANT]
 > Incident expansion is currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
diff --git a/articles/sentinel/respond-threats-during-investigation.md b/articles/sentinel/respond-threats-during-investigation.md
@@ -1,5 +1,5 @@
 ---
-title: Respond to threat actors while investigating or threat hunting in Microsoft Sentinel
+title: Respond to threat actors while investigating or threat hunting in Microsoft Sentinel in the Azure portal
 description: This article shows you how to take response actions against threat actors on the spot, during the course of an incident investigation or threat hunt, without pivoting or context switching out of the investigation or hunt. You accomplish this using playbooks based on the new entity trigger.
 author: batamig
 ms.author: bagol
@@ -10,7 +10,7 @@ appliesto:
 #Customer intent: As a security analyst, I want to run playbooks on identified threats during investigations or threat hunts so that I can take immediate remediation actions without disrupting my workflow.
 ---
 
-# Respond to threat actors while investigating or threat hunting in Microsoft Sentinel
+# Respond to threat actors while investigating or threat hunting in Microsoft Sentinel in the Azure portal
 
 This article shows you how to take response actions against threat actors on the spot, during the course of an incident investigation or threat hunt, without pivoting or context switching out of the investigation or hunt. You accomplish this using playbooks based on the new entity trigger.
 
diff --git a/articles/sentinel/work-with-tasks.md b/articles/sentinel/work-with-tasks.md
@@ -1,5 +1,5 @@
 ---
-title: Work with incident tasks in Microsoft Sentinel
+title: Work with incident tasks in Microsoft Sentinel in the Azure portal
 description: This article explains how SOC analysts can use incident tasks to manage their incident-handling workflow processes in Microsoft Sentinel.
 author: yelevin
 ms.author: yelevin
@@ -10,9 +10,9 @@ appliesto:
 #Customer intent: As a security analyst, I want to manage and track incident tasks so that I can efficiently handle incident workflows and ensure thorough investigations.
 ---
 
-# Work with incident tasks in Microsoft Sentinel
+# Work with incident tasks in Microsoft Sentinel in the Azure portal
 
-This article explains how SOC analysts can use incident tasks to manage their incident-handling workflow processes in Microsoft Sentinel.
+This article explains how SOC analysts can use incident tasks to manage their incident-handling workflow processes in Microsoft Sentinel in the Azure portal.
 
 [Incident tasks](incident-tasks.md) are typically created automatically by either automation rules or playbooks set up by senior analysts or SOC managers, but lower-tier analysts can create their own tasks on the spot, manually, right from within the incident.
 
