Bookmark fixes

Author: yelevin

defender-xdr/manage-incidents.md

@@ -53,7 +53,7 @@ This article shows you how to perform various incident management tasks associat
 **[Incident logging and reporting:](#incident-logging-and-reporting)**
 
 - [Edit the incident name](#edit-the-incident-name).
-- Assess the activity audit and add comments in the [Activity log](#activity-log).
+- Assess the activity audit and add comments in the [Activity log](#view-the-activity-log-of-an-incident).
 - [Export incident data to PDF](#export-incident-data-to-pdf).
 
 ## Access the *Manage incident* pane
@@ -296,7 +296,7 @@ The incident data exported includes the following information:
 - The [attack story](investigate-incidents.md#attack-story) graph and threat categories
 - The impacted [assets](investigate-incidents.md#assets), covering up to 10 assets for each asset type
 - The [evidence list](investigate-incidents.md#evidence-and-response) covering up to 100 items
-- Supporting data, including all [related alerts](investigate-incidents.md#alerts) and activities recorded in the [activity log](#activity-log)
+- Supporting data, including all [related alerts](investigate-incidents.md#alerts) and activities recorded in the [activity log](#view-the-activity-log-of-an-incident)
 
 Here's an example of the exported PDF:
 

defender-xdr/respond-first-incident-365-defender.md

@@ -79,7 +79,7 @@ You might assign a high priority to the incident using the information above. Yo
 
 You can contribute to [incident management](manage-incidents.md) efficiency by providing essential information in incidents and alerts. When you add information to the following filters from when you triage and analyze each incident, you provide further context to that incident that other responders can take advantage of:
 
-- [Classifying incidents and alerts](manage-incidents.md#specify-the-classification)
+- [Classifying incidents and alerts](manage-incidents.md#specify-the-incidents-classification)
 - Naming incidents
 - Adding tags
 - Providing comments

defender-xdr/security-copilot-m365d-create-incident-report.md

@@ -62,7 +62,7 @@ Copilot in Defender creates an incident report containing the following informat
   - Incident creation and closure
   - First and last logs, whether the log was analyst-driven or automated, captured in the incident
 - The analysts involved in incident response
-- [Incident classification](manage-incidents.md#specify-the-classification), including the analyst's reason for classification that Copilot summarizes
+- [Incident classification](manage-incidents.md#specify-the-incidents-classification), including the analyst's reason for classification that Copilot summarizes
 - Investigation and remediation actions
 - Follow up actions like recommendations, open issues, or next steps noted by the analysts in the incident logs
 
@@ -103,9 +103,9 @@ You can follow the steps in [export incident data to PDF](manage-incidents.md#ex
 Here are some recommendations to consider to ensure that Copilot generates a comprehensive and complete incident report:
 
 - Classify and resolve the incident before generating the incident report.
-- Ensure that you write and save comments in the Microsoft Sentinel activity log or in the [Microsoft Defender XDR incident activity log](manage-incidents.md#activity-log) to include the comments in the incident report.
+- Ensure that you write and save comments in the Microsoft Sentinel activity log or in the [Microsoft Defender XDR incident activity log](manage-incidents.md#view-the-activity-log-of-an-incident) to include the comments in the incident report.
 - Write comments using comprehensive and clear language. In-depth and clear comments provide better context about the response actions. See the following steps to know how to access the comments field:
-  - [Add comments to incidents in the Microsoft Defender portal](manage-incidents.md#add-comments)
+  - [Add comments to incidents in the Microsoft Defender portal](manage-incidents.md#add-comments-to-an-incident)
   - Add comments to incidents in Microsoft Sentinel
 - For ServiceNow users, [enable the Microsoft Sentinel and ServiceNow bi-directional sync](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/what-s-new-introducing-microsoft-sentinel-solution-for/ba-p/3692840) to get more robust incident data.
 - Copy the generated incident report and post it to the activity log in the Microsoft Defender portal to ensure that the incident report is saved in the incident page.

defender-xdr/whats-new.md

@@ -131,7 +131,7 @@ You can also get product updates and important notifications through the [messag
 
 - (GA) **Dark mode** is now available in the Microsoft Defender portal. In the Defender portal, on the top right-hand side of the homepage, select **Dark mode**. Select **Light mode** to change the color mode back to the default.
 
-- (GA) **Assigning severity to incidents**, **assigning an incident to a group**, and the ***go hunt*** option from the attack story graph are now generally available. Guides to learn how to [assign or change incident severity](manage-incidents.md#assign-or-change-incident-severity) and [assign an incident to a group](manage-incidents.md#assign-an-incident) are in the [Manage incidents](manage-incidents.md) page. Learn how you can use the *go hunt* option by exploring [attack story](investigate-incidents.md#attack-story).
+- (GA) **Assigning severity to incidents**, **assigning an incident to a group**, and the ***go hunt*** option from the attack story graph are now generally available. Guides to learn how to [assign or change incident severity](manage-incidents.md#assign-or-change-incident-severity) and [assign an incident to a group](manage-incidents.md#assign-an-owner) are in the [Manage incidents](manage-incidents.md) page. Learn how you can use the *go hunt* option by exploring [attack story](investigate-incidents.md#attack-story).
 
 - (Preview) **[Custom detection rules in Microsoft Graph security API](/graph/api/resources/security-api-overview?view=graph-rest-beta&preserve-view=true#custom-detections)** are now available. Create advanced hunting custom detection rules specific to your org to proactively monitor for threats and take action.
 
@@ -153,7 +153,7 @@ You can also get product updates and important notifications through the [messag
 
 - (GA) Microsoft Defender for Cloud alerts integration with Microsoft Defender XDR is now generally available. Learn more about the integration in [Microsoft Defender for Cloud in Microsoft Defender XDR](microsoft-365-security-center-defender-cloud.md).
 
-- (GA) **Activity log** is now available within an incident page. Use the activity log to view all audits and comments, and add comments to the log of an incident. For details, see [Activity log](manage-incidents.md#activity-log).
+- (GA) **Activity log** is now available within an incident page. Use the activity log to view all audits and comments, and add comments to the log of an incident. For details, see [Activity log](manage-incidents.md#view-the-activity-log-of-an-incident).
 
 - (Preview) **[Query history](advanced-hunting-query-history.md) in advanced hunting** is now available. You can now rerun or refine queries you have run recently. Up to 30 queries in the past 28 days can be loaded in the query history pane.
 
@@ -167,7 +167,7 @@ You can also get product updates and important notifications through the [messag
 
 - The Microsoft Defender portal's incident queue has updated filters, search, and added a new function where you can create your own filter sets. For details, see [Available filters](incident-queue.md#available-filters).
 
-- You can now assign incidents to a user group or another user. For details, see [Assign an incident](manage-incidents.md#assign-an-incident).
+- You can now assign incidents to a user group or another user. For details, see [Assign an incident](manage-incidents.md#assign-an-owner).
 
 ## November 2023