Incorp Preeti's changes

cwatson-cat · cwatson-cat · commit f6d8fc551553 · 2023-03-17T16:25:05.000-07:00
diff --git a/articles/sentinel/domain-based-essential-solutions.md b/articles/sentinel/domain-based-essential-solutions.md
@@ -10,7 +10,7 @@ ms.author: cwatson
 
 # Advanced Security Information Model (ASIM) based domain solutions for Microsoft Sentinel (preview)
 
-Microsoft essential solutions are solutions in Microsoft Sentinel that help you reduce the amount of content you manage for specific domains like "Security - Network". Essential solutions use the normalization technique Advanced Security Information Model (ASIM) to normalize the data at query time or ingestion time.
+Microsoft essential solutions are domain solutions published by Microsoft for Microsoft Sentinel. These solutions have out-of-the-box content which can operate across multiple products for specific categories like networking. Some of these essential solutions use the normalization technique Advanced Security Information Model (ASIM) to normalize the data at query time or ingestion time.
 
 > [!IMPORTANT]
 > Microsoft essential solutions and the network session essentials solution are currently in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
@@ -55,26 +55,22 @@ The ingestion time normalization results can be ingested into following normaliz
 
 For more information, see [Ingest time normalization](/azure/sentinel/normalization-ingest-time).
 
-## Connectors not included
+## Content available with ASIM-based domain essential solutions
 
-The essential solutions don't have a connector of their own. They depend on the source specific connectors to pull in the logs. Then the solutions use the ASIM parsers in their built in analytic rules, hunting queries, and workbooks to identify anomalies. The ASIM parsers provide a consolidated report or dashboard view for all the source specific solutions that were part of prerequisite lists.
-
-## Content available with essential solutions
-
-The following table describes the type of content available with each essential solution. For some specific use cases, you might want to also use the content available with the source solution.
+The following table describes the type of content available with each essential solution. For some specific use cases, you might want to also use the content available with the Microsoft Sentinel product solution.
 
 |Content type |description |
 |---------|---------|
-|Analytical Rule    |  The analytical rules available in the ASIM-based essential solutions are generic and a good fit for any of the dependent source solutions for that domain. The source specific solution might have a source specific use case covered as part of the analytical rule. Enable source specific rules as needed for your environment.        |
-|Hunting query     |   The hunting queries available in the ASIM-based essential solutions are generic and a good fit to hunt for threats from any of the dependent source solutions for that domain. The source specific solution might have a source specific hunting query available out-of-the-box. Use the hunting queries from the source solution as needed for your environment.      |
+|Analytical Rule    |  The analytical rules available in the ASIM-based essential solutions are generic and a good fit for any of the dependent Microsoft Sentinel product solutions for that domain. The Microsoft Sentinel product solution might have a source specific use case covered as part of the analytical rule. Enable Microsoft Sentinel product solution rules as needed for your environment.        |
+|Hunting query     |   The hunting queries available in the ASIM-based essential solutions are generic and a good fit to hunt for threats from any of the dependent Microsoft Sentinel product solutions for that domain. The Microsoft Sentinel product solution might have a source specific hunting query available out-of-the-box. Use the hunting queries from the Microsoft Sentinel product solution as needed for your environment.      |
 |Playbook     |  The ASIM-based essential solutions are expected to handle data with very high events per seconds. When you have content that's using that volume of data, you might experience some performance impact that can cause slow loading of workbooks or query results. To solve this problem, the summarization playbook summarizes the source logs and stores the information into a predefined table. Enable the summarization playbook to allow the essential solutions to query this table.<br><br> Because playbooks in Microsoft Sentinel are based on workflows built in Azure Logic Apps which create separate resources, additional charges might apply. For more information, see the [Azure Logic Apps pricing page](https://azure.microsoft.com/pricing/details/logic-apps/). Additional charges might also apply for storage of the summarized data. |
 |Watchlist    | The ASIM-based essential solutions use a watchlist that includes multiple sets of conditions for analytic rule detection and hunting queries. The watchlist allows you to do the following tasks:<br><br>- Do focused monitoring with data filtration. <br>- Switch between hunting and detection for each list item. <br>- Keep **Threshold type** set to **Static** to leverage threshold-based alerting while anomaly-based alerts would learn from the last few days of data (maximum 14 days). <br>- Modify **Alert Name**, **Description**, **Tactic** and **Severity** by using this watchlist for individual list items.<br>- Disable detection by setting **Severity** as **Disabled**.        |
 |Workbook     | The workbook available with the ASIM-based essential solutions give a consolidated view of different events and activity happening in the dependent domain. Because this workbook fetches results from a very high volume of data, there might be some performance lag. If you experience performance issues, use the summarization playbook.|
 
-## Network session essentials solution
+These essential solutions like other Microsoft Sentinel domain solutions don't have a connector of their own. They depend on the source specific connectors in Microsoft Sentinel product solutions to pull in the logs. To understand the products the domain solution supports, refer to the prerequisite list of product solutions each of the ASIM domain essentials solutions lists. Install one or more of the product solutions. Configure the data connectors to meet the underlying product dependency needs and to enable better usage of this domain solution content.  
 
-One of the first solutions available in the essentials series is the network session essential solution. This solution doesn't have a connector of its own. Instead, it uses the ASIM parsers for query time parsing. For more information about this solution, see the solution listing in the Azure Marketplace.
 
 ## Next steps
 
+- [Find ASIM-based domain essential solutions like the Network Session Essential Solution](sentinel-solutions-catalog.md)
 - [Using the Advanced Security Information Model (ASIM)](/azure/sentinel/normalization-about-parsers)
diff --git a/articles/sentinel/sentinel-solutions-catalog.md b/articles/sentinel/sentinel-solutions-catalog.md
@@ -25,7 +25,7 @@ When you deploy a solution, the security content included with the solution, suc
 |---------|---------|---------|---------|
 |**[Apache Log4j Vulnerability Detection](https://azuremarketplace.microsoft.com/marketplace/apps/azuresentinel.azure-sentinel-solution-apachelog4jvulnerability?tab=Overview)** | Analytics rules, hunting queries, workbooks, playbooks, watchlist | Application, Security - Threat Protection, Security - Vulnerability Management | Microsoft|
 |**[Cybersecurity Maturity Model Certification (CMMC)](https://azuremarketplace.microsoft.com/marketplace/apps/azuresentinel.azure-sentinel-solution-cmmcv2?tab=Overview)** | [Analytics rules, workbook, playbook](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-cybersecurity-maturity-model-certification-cmmc/ba-p/2111184) | Compliance | Microsoft|
-| **[Deception Honey Tokens](https://azuremarketplace.microsoft.com/marketplace/apps/azuresentinelhoneytokens.azuresentinelhoneytokens?tab=Overview)** | [Workbooks, analytics rules, playbooks](monitor-key-vault-honeytokens.md)  | Security - Threat Protection  |Microsoft |
+| **[Deception Honey Tokens](https://azuremarketplace.microsoft.com/marketplace/apps/azuresentinelhoneytokens.azuresentinelhoneytokens?tab=Overview)** | [Workbooks, analytics rules, playbooks](monitor-key-vault-honeytokens.md)  | Security - Threat Protection  |Microsoft Sentinel community |
 |**[Dev-0537 Detection and Hunting](https://azuremarketplace.microsoft.com/marketplace/apps/azuresentinel.azure-sentinel-solution-dev0537detectionandhunting?tab=Overview)**||Security - Threat Protection|Microsoft|
 | **[Microsoft Defender for IoT](https://azuremarketplace.microsoft.com/marketplace/apps/azuresentinel.azure-sentinel-solution-unifiedmicrosoftsocforot?tab=Overview)** | [Analytics rules, playbooks, workbook](iot-advanced-threat-monitoring.md) | Internet of Things (IoT), Security - Threat Protection | Microsoft |
 |**[Maturity Model for Event Log Management M2131](https://azuremarketplace.microsoft.com/marketplace/apps/azuresentinel.azure-sentinel-solution-maturitymodelforeventlogma?tab=Overview)** | [Analytics rules, hunting queries, playbooks, workbook](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/modernize-log-management-with-the-maturity-model-for-event-log/ba-p/3072842) | Compliance | Microsoft|
