Merge pull request #4634 from MicrosoftDocs/main

[AutoPublish] main to live - 07/31 13:33 PDT | 08/01 02:03 IST

Author: m365-skilling-repo-management[bot]

.openpublishing.redirection.ata-atp.json

@@ -140,6 +140,31 @@
       "redirect_url": "manage-security-alerts",
       "redirect_document_id": false
     },
+    {
+      "source_path": "ATPDocs/credential-access-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/persistence-privilege-escalation-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/reconnaissance-discovery-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/lateral-movement-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "ATPDocs/other-alerts.md",
+      "redirect_url": "alerts-overview",
+      "redirect_document_id": false
+    },
     {
       "source_path": "ATPDocs/classic-activities-filtering-mcas.md",
       "redirect_url": "/previous-versions/defender-for-identity/classic-activities-filtering-mcas",

ATPDocs/alerts-mdi-classic.md

@@ -40,14 +40,14 @@ The cs2 field identifies if the alert is new or updated.
 The cs3 field identifies the fully qualified domain name of the source computer name.
 
 > [!NOTE]
-> If you plan to create automation or scripts for Defender for Identity SIEM logs, we recommend using the **externalId** field to identify the alert type instead of using the alert name for this purpose. Alert names may occasionally be modified, while the **externalId** of each alert is permanent. For a list of external IDs, see [Security alert name mapping and unique external IDs](alerts-overview.md#map-security-alerts-to-unique-external-id-and-mitre-attck-matrix-tactics).
+> If you plan to create automation or scripts for Defender for Identity SIEM logs, we recommend using the **externalId** field to identify the alert type instead of using the alert name for this purpose. Alert names may occasionally be modified, while the **externalId** of each alert is permanent. For a list of external IDs, see [Security alerts](alerts-overview.md).
 
 ## Sample logs
 
 The log examples comply with RFC 5424, but Defender for Identity also supports RFC 3164.
 
 >[!NOTE]
->The list below is a sample of logs sent to a SIEM. For a full list of alert details, see [Security alert name mapping and unique external IDs](alerts-overview.md#map-security-alerts-to-unique-external-id-and-mitre-attck-matrix-tactics).
+>The list below is a sample of logs sent to a SIEM. For a full list of alert details, see [Security alerts](alerts-overview.md).
 
 Priorities:
 
@@ -197,7 +197,7 @@ Priorities:
 
 ## See Also
 
-- [Security alert name mapping and unique external IDs](alerts-overview.md#map-security-alerts-to-unique-external-id-and-mitre-attck-matrix-tactics).
+- [Security alerts](alerts-overview.md).
 - [Configure event collection](deploy/configure-event-collection.md)
 - [Configuring Windows event forwarding](deploy/configure-event-forwarding.md)
 - [Check out the Defender for Identity forum](https://aka.ms/MDIcommunity)