Adding optimization stuff

Author: schmurky

defender-xdr/advanced-hunting-best-practices.md

@@ -18,18 +18,26 @@ ms.custom:
 - cx-ti
 - cx-ah
 ms.topic: best-practice
-ms.date: 04/22/2024
+appliesto:
+    - Microsoft Defender XDR
+    - Microsoft Sentinel in the Microsoft Defender portal
+ms.date: 02/24/2025
 ---
 
 # Advanced hunting query best practices
 
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
 
 
-**Applies to:**
-- Microsoft Defender XDR
+Get results faster and avoid timeouts while running complex queries by optimizing your queries. For guidance on improving query performance:
+- [General optimization tips](#understand-cpu-resource-quotas) - in this article
+- [Optimize the `join` operator](#optimize-the-join-operator) - in this article
+- [Optimize the `summarize` operator](#optimize-the-summarize-operator) - in this article
+- [Query scenarios](#query-scenarios) - in this article
+- [Kusto query best practices](/azure/kusto/query/best-practices) - includes several scenarios for making your query  more efficient
+- [Optimize log queries in Azure Monitor](/azure/azure-monitor/logs/query-optimization#early-filtering-of-records-prior-to-using-high-cpu-functions) - contains additional guidance for query optimization
+- [Optimizing KQL queries](https://www.youtube.com/watch?v=ceYvRuPp5D8) (video) - most common ways to improve your query
 
-Apply these recommendations to get results faster and avoid timeouts while running complex queries. For more guidance on improving query performance, read [Kusto query best practices](/azure/kusto/query/best-practices).
 
 ## Understand CPU resource quotas
 Depending on its size, each tenant has access to a set amount of CPU resources allocated for running advanced hunting queries. For detailed information about various usage parameters, [read about advanced hunting quotas and usage parameters](advanced-hunting-limits.md).
@@ -40,7 +48,6 @@ After running your query, you can see the execution time and its resource usage
 
 Customers who run multiple queries regularly should track consumption and apply the optimization guidance in this article to minimize disruption resulting from exceeding quotas or usage parameters.
 
-Watch [Optimizing KQL queries](https://www.youtube.com/watch?v=ceYvRuPp5D8) to see some of the most common ways to improve your queries.  
 
 ## General optimization tips
 

defender-xdr/custom-detection-rules.md

@@ -265,7 +265,7 @@ Only data from devices in the scope will be queried. Also, actions are taken onl
 After reviewing the rule, select **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions.
 
 > [!IMPORTANT]
-> Custom detections should be regularly reviewed for efficiency and effectiveness. To make sure you're creating detections that trigger true alerts, take time to review your existing custom detections by following the steps in [Manage existing custom detection rules](#manage-existing-custom-detection-rules).
+> Custom detections should be regularly reviewed for efficiency and effectiveness. For guidance on how to optimize your queries, follow the **[Advanced hunting query best practices](advanced-hunting-best-practices.md)**. To make sure you're creating detections that trigger true alerts, take time to review your existing custom detections by following the steps in **[Manage existing custom detection rules](#manage-existing-custom-detection-rules)**.
 >
 > You maintain control over the broadness or specificity of your custom detections so any false alerts generated by custom detections might indicate a need to modify certain parameters of the rules.