further sanity + metdata

batamig · batamig · commit fed644e5a723 · 2024-03-28T15:34:53.000+02:00
diff --git a/articles/sentinel/surface-custom-details-in-alerts.md b/articles/sentinel/surface-custom-details-in-alerts.md
@@ -5,6 +5,10 @@ author: yelevin
 ms.topic: how-to
 ms.date: 04/26/2022
 ms.author: yelevin
+appliesto:
+    - Microsoft Sentinel in the Azure portal
+    - Microsoft Sentinel in the Microsoft Defender portal
+ms.collection: usx-security
 ---
 
 # Surface custom event details in alerts in Microsoft Sentinel 
diff --git a/articles/sentinel/ueba-reference.md b/articles/sentinel/ueba-reference.md
@@ -5,6 +5,10 @@ author: yelevin
 ms.topic: reference
 ms.date: 06/28/2022
 ms.author: yelevin
+appliesto:
+    - Microsoft Sentinel in the Azure portal
+    - Microsoft Sentinel in the Microsoft Defender portal
+ms.collection: usx-security
 ---
 
 # Microsoft Sentinel UEBA reference
diff --git a/articles/sentinel/watchlists-create.md b/articles/sentinel/watchlists-create.md
@@ -23,7 +23,8 @@ Local file uploads are currently limited to files of up to 3.8 MB in size. A fil
 
 > [!IMPORTANT]
 > The features for watchlist templates and the ability to create a watchlist from a file in Azure Storage are currently in **PREVIEW**. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-> 
+>
+> [!INCLUDE [unified-soc-preview-without-alert](includes/unified-soc-preview-without-alert.md)] 
 
 ## Upload a watchlist from a local folder
 
diff --git a/articles/sentinel/watchlists-manage.md b/articles/sentinel/watchlists-manage.md
@@ -16,6 +16,8 @@ ms.collection: usx-security
 
 We recommend you edit an existing watchlist instead of deleting and recreating a watchlist. Log analytics has a five-minute SLA for data ingestion. If you delete and recreate a watchlist, you might see both the deleted and recreated entries in Log Analytics during this five-minute window. If you see these duplicate entries in Log Analytics for a longer period of time, submit a support ticket.
 
+[!INCLUDE [unified-soc-preview](includes/unified-soc-preview.md)]
+
 ## Edit a watchlist item
 
 Edit a watchlist to edit or add an item to the watchlist.
diff --git a/articles/sentinel/watchlists-queries.md b/articles/sentinel/watchlists-queries.md
@@ -18,6 +18,8 @@ Query data in any table against data from a watchlist by treating the watchlist
 
 For optimal query performance, use **SearchKey** as the key for joins in your queries.
 
+[!INCLUDE [unified-soc-preview](includes/unified-soc-preview.md)]
+
 ## Build queries with watchlists
 
 To use a watchlist in search query, write a Kusto query that uses the _GetWatchlist('watchlist-name') function and uses **SearchKey** as the key for your join.
diff --git a/articles/sentinel/work-with-anomaly-rules.md b/articles/sentinel/work-with-anomaly-rules.md
@@ -5,6 +5,10 @@ author: yelevin
 ms.topic: how-to
 ms.date: 03/17/2024
 ms.author: yelevin
+appliesto:
+    - Microsoft Sentinel in the Azure portal
+    - Microsoft Sentinel in the Microsoft Defender portal
+ms.collection: usx-security
 ---
 
 # Work with anomaly detection analytics rules in Microsoft Sentinel
