Merge pull request #685 from MicrosoftDocs/aditi-copyedit

Copyedits

Author: American-Dipper

defender-xdr/security-copilot-m365d-guided-response.md

@@ -54,25 +54,25 @@ Each card contains information about the recommended action, including the entit
 
 The guided response cards can be sorted based on the available status for each card. You can select a specific status when viewing the guided responses by clicking on **Status** and selecting the appropriate status you want to view. All guided response cards regardless of status are shown by default.
 
-:::image type="content" source="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-status-small.png" alt-text="Screenshot highlighting the status of responses in the Copilot pane in the Microsoft Defender incident page." lightbox="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-status.png":::
+:::image type="content" source="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-status-small.png" alt-text="Screenshot that shows the status of responses in the Copilot pane in the Microsoft Defender incident page." lightbox="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-status.png":::
 
 To use guided responses, perform the following steps:
 
 1. Open an incident page. Copilot automatically generates guided responses upon opening an incident page. The Copilot pane appears on the right side of the incident page, showing the guided response cards.
 
-   :::image type="content" source="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-small.png" alt-text="Screenshot highlighting the Copilot pane with the guided responses in the Microsoft Defender incident page." lightbox="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response.png":::
+   :::image type="content" source="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-small.png" alt-text="Screenshot that shows the Copilot pane with the guided responses in the Microsoft Defender incident page." lightbox="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response.png":::
 
 2. Review each card before applying the recommendations. Select the More actions ellipsis (...) on top of a response card to view the options available for each recommendation. Here are some examples.
 
-   ![Screenshot highlighting the options available to users in a guided response card in the Copilot side panel.](/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-more-actions1.png)
+   ![Screenshot that shows the options available to users in a guided response card in the Copilot side panel.](/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-more-actions1.png)
 
-   ![Screenshot highlighting the options available to users in an automation response card in the Copilot pane in Microsoft Defender XDR.](/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-more-actions2.png)
+   ![Screenshot that shows the options available to users in an automation response card in the Copilot pane in Microsoft Defender XDR.](/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-more-actions2.png)
 
 3. To apply an action, select the desired action found on each card. The guided response action on each card is tailored to the type of incident and the specific entity involved.
 
-   :::image type="content" source="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-actions-small.png" alt-text="Screenshot of the guided response cards in the Copilot pane in Microsoft Defender." lightbox="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-actions.png":::
+   :::image type="content" source="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-actions-small.png" alt-text="Screenshot that shows the guided response cards in the Copilot pane in Microsoft Defender." lightbox="/defender/media/copilot-in-defender/guided-response/copilot-defender-guided-response-actions.png":::
 
-4. You can provide feedback to each response card to continuously enhance future responses from Copilot. To provide feedback, select the feedback icon ![Screenshot of the feedback icon for Copilot in Defender cards](/defender/media/copilot-in-defender/copilot-defender-feedback.png) found on the bottom right of each card.
+4. You can provide feedback to each response card to continuously enhance future responses from Copilot. To provide feedback, select the feedback icon ![Screenshot that shows the feedback icon for Copilot in Defender cards](/defender/media/copilot-in-defender/copilot-defender-feedback.png) found on the bottom right of each card.
 
 > [!NOTE]
 > Grayed out action buttons mean these actions are limited by your permission. [Refer to the unified role-based access (RBAC) permissions](manage-rbac.md) page for more information.

defender-xdr/security-copilot-m365d-incident-summary.md

@@ -33,7 +33,7 @@ ms.date: 04/01/2024
 - Microsoft Defender XDR
 - Microsoft Defender unified security operations center (SOC) platform
 
-Microsoft Defender XDR applies the capabilities of [Copilot for Security](/security-copilot/microsoft-security-copilot) to summarize incidents, delivering impactful information and insights to simplify investigation tasks. Attack investigation is a crucial step for incident response teams to successfully defend an organization against further damage from a cyber threat. Investigations can oftentimes be time-consuming as it involves numerous steps. Incident response teams need to understand how the attack happened: sort through numerous alerts, identify which assets and entities are involved, and assess the scope and impact of an attack.
+Microsoft Defender XDR applies the capabilities of [Copilot for Security](/security-copilot/microsoft-security-copilot) to summarize incidents, delivering impactful information and insights to simplify investigation tasks. Attack investigation is a crucial step for incident response teams to successfully defend an organization against further damage from a cyber threat. Investigations can often be time-consuming as it involves numerous steps. Incident response teams need to understand how the attack happened: sort through numerous alerts, identify which assets and entities are involved, and assess the scope and impact of an attack.
 
 Incident responders can easily gain the right context to investigate and remediate incidents through Defender XDR's correlation capabilities and Copilot for Security's AI-powered data processing and contextualization. With an incident summary, responders can quickly get important information to help in their investigation.
 
@@ -57,12 +57,17 @@ To summarize an incident, perform the following steps:
 1. Open an incident page. Copilot automatically creates an incident summary upon opening the page. You can stop the summary creation by selecting **Cancel** or restart creation by selecting **Regenerate**.
 
 2. The incident summary card loads on the Copilot pane. Review the generated summary on the card.
-   :::image type="content" source="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary-small.png" alt-text="Screenshot of the incident summary card on the Copilot pane as seen in the Microsoft Defender incident page." lightbox="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary.png":::
+ 
+   :::image type="content" source="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary-small.png" alt-text="Screenshot that shows the incident summary card on the Copilot pane as seen in the Microsoft Defender incident page." lightbox="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary.png":::
+
    > [!TIP]
    > You can navigate to a file, IP, or URL page from the Copilot results pane by clicking on the evidence in the results.
-3. Select the **More actions** ellipsis (...) at the top of the incident summary card to copy or regenerate the summary, or view the summary in the Copilot for Security portal. Selecting **Open in Copilot for Security** opens a new tab to the Copilot for Security standalone portal where you can input prompts and access other plugins.
-   :::image type="content" source="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary-more-actions.png" alt-text="Screenshot highlighting the actions available on the incident summary card." lightbox="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary-more-actions.png":::
-4. Review the summary and use the information to guide your investigation and response to the incident. You can provide feedback on the summary by selecting the feedback icon ![Screenshot of the feedback icon for Copilot in Defender cards](/defender/media/copilot-in-defender/copilot-defender-feedback.png) found on the bottom of the Copilot pane.
+
+1. Select the **More actions** ellipsis (...) at the top of the incident summary card to copy or regenerate the summary, or view the summary in the Copilot for Security portal. Selecting **Open in Copilot for Security** opens a new tab to the Copilot for Security standalone portal where you can input prompts and access other plugins.
+
+   :::image type="content" source="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary-more-actions.png" alt-text="Screenshot that shows the actions available on the incident summary card." lightbox="/defender/media/copilot-in-defender/incident-summary/copilot-defender-incident-summary-more-actions.png":::
+
+1. Review the summary and use the information to guide your investigation and response to the incident. You can provide feedback on the summary by selecting the feedback icon ![Screenshot of the feedback icon for Copilot in Defender cards](/defender/media/copilot-in-defender/copilot-defender-feedback.png) found on the bottom of the Copilot pane.
 
 ## See also
 

defender-xdr/security-copilot-m365d-script-analysis.md

@@ -49,19 +49,19 @@ To begin analysis, perform the following steps:
 
 1. Open an incident page then select an item on the left pane to open the attack story below the incident graph. Within the attack story, select an event with a script or command line that you want to analyze. Click **Analyze** to start the analysis.
 
-   :::image type="content" source="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-analysis-incident-small.png" alt-text="Screenshot highlighting the script analysis button in the attack story view." lightbox="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-analysis-incident.png":::
+   :::image type="content" source="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-analysis-incident-small.png" alt-text="Screenshot that shows the script analysis button in the attack story view." lightbox="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-analysis-incident.png":::
 
    Alternately, you can select an event to inspect in the device timeline view. On the file details pane, select **Analyze** to run the script analysis capability.
 
-   :::image type="content" source="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-device-timeline-small.png" alt-text="Screenshot highlighting the Analyze button in the device timeline." lightbox="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-device-timeline.png":::
+   :::image type="content" source="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-device-timeline-small.png" alt-text="Screenshot that shows the Analyze button in the device timeline." lightbox="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-device-timeline.png":::
 
 2. Copilot runs script analysis and displays the results in the Copilot pane. Select **Show code** to expand the script, or **Hide code** to close the expansion.
 
-   :::image type="content" source="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-analysis-results-small.png" alt-text="Screenshot of the Copilot pane with script analysis results in the Microsoft Defender XDR incident page." lightbox="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-analysis-results.png":::
+   :::image type="content" source="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-analysis-results-small.png" alt-text="Screenshot that shows the Copilot pane with script analysis results in the Microsoft Defender XDR incident page." lightbox="/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-analysis-results.png":::
 
 3. Select the **More actions** ellipsis (...) on the upper right of the script analysis card to copy or regenerate the results, or view the results in the Copilot for Security standalone experience. Selecting **Open in Copilot for Security** opens a new tab to the Copilot standalone portal where you can input prompts and access other plugins.
 
-    ![Screenshot highlighting the More actions option in the Copilot script analysis card.](/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-analysis-more-actions.png)
+    ![Screenshot that shows the More actions option in the Copilot script analysis card.](/defender/media/copilot-in-defender/script-analyzer/copilot-defender-script-analysis-more-actions.png)
 
 4. Review the results. You can provide feedback on the results by selecting the feedback icon ![Screenshot of the feedback icon for Copilot in Defender cards.](/defender/media/copilot-in-defender/copilot-defender-feedback.png) found at the end of the script analysis card.