Merge pull request #2229 from MicrosoftDocs/main

padmagit77 · web-flow · commit 2bb608e7b053 · 2024-12-19T23:53:46.000+05:30
Published main to live, Thursday 10:30 AM PST, 12/19
diff --git a/CloudAppSecurityDocs/caac-known-issues.md b/CloudAppSecurityDocs/caac-known-issues.md
@@ -72,6 +72,7 @@ In the following applications, we encountered scenarios where browsing to a link
 - Workplace from Meta
 - ServiceNow
 - Workday
+- Box
 
 ### File upload limitations
 
diff --git a/defender-xdr/microsoft-threat-actor-naming.md b/defender-xdr/microsoft-threat-actor-naming.md
@@ -17,12 +17,12 @@ ms.custom:
 - cx-ti
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 12/17/2024
+ms.date: 12/19/2024
 ---
 
 # How Microsoft names threat actors
 
-Microsoft shifted to a new naming taxonomy for threat actors aligned with the theme of weather. We intend to bring better clarity to customers and other security researchers with the new taxonomy. We offer a more organized, articulate, and easy way to reference threat actors so that organizations can better prioritize and protect themselves. We also aim to aid security researchers, who are already confronted with an overwhelming amount of threat intelligence data.
+Microsoft uses a naming taxonomy for threat actors aligned with the theme of weather. We intend to bring better clarity to customers and other security researchers with this taxonomy. We offer a more organized, articulate, and easy way to reference threat actors so that organizations can better prioritize and protect themselves. We also aim to aid security researchers, who are already confronted with an overwhelming amount of threat intelligence data.
 
 :::image type="content" source="/defender/media/threat-actor-naming/threat-actor-categories.png" alt-text="Nation-state actors based on Microsoft naming" lightbox="/defender/media/threat-actor-naming/threat-actor-categories-lg.png":::
 
@@ -38,11 +38,11 @@ Microsoft categorizes threat actors into five key groups:
 
 **Groups in development:** a temporary designation given to an unknown, emerging, or developing threat activity. This designation allows Microsoft to track a group as a discrete set of information until we can reach high confidence about the origin or identity of the actor behind the operation. Once criteria are met, a group in development is converted to a named actor or merged into existing names.
 
-In our new taxonomy, a weather event or *family name* represents one of the above categories. For nation-state actors, we assigned a family name to a country/region of origin tied to attribution. For example, Typhoon indicates origin or attribution to China. For other actors, the family name represents a motivation. For example, Tempest indicates financially motivated actors.
+In this taxonomy, a weather event or *family name* represents one of the above categories. For nation-state actors, we assigned a family name to a country/region of origin tied to attribution. For example, Typhoon indicates origin or attribution to China. For other actors, the family name represents a motivation. For example, Tempest indicates financially motivated actors.
 
 Threat actors within the same weather family are given an adjective to distinguish actor groups with distinct tactics, techniques, and procedures (TTPs), infrastructure, objectives, or other identified patterns. For groups in development, we use a temporary designation of Storm and a four-digit number where there's a newly discovered, unknown, emerging, or developing cluster of threat activity.
 
-The table that follows shows how the family names map to the threat actors that we track.
+The following table shows how the family names map to the threat actors that we track.
 
 |Threat actor category|Type|Family name|
 |:---|:---|:---|
@@ -52,7 +52,7 @@ The table that follows shows how the family names map to the threat actors that
 |Influence operations|Influence operations|Flood|
 |Groups in development|Groups in development|Storm|
 
-The table that follows lists publicly disclosed threat actor names with their origin or threat actor category, previous names, and corresponding names used by other security vendors where available. This page will be updated as more info on other vendors’ names become available.  
+The following table lists publicly disclosed threat actor names with their origin or threat actor category, previous names, and corresponding names used by other security vendors where available. This page will be updated as more info on other vendors’ names become available.  
 
 |Threat actor name|Origin/Threat actor category|Other names|
 |:-----|:-----|:---|
@@ -181,7 +181,7 @@ The table that follows lists publicly disclosed threat actor names with their or
 |Wisteria Tsunami|India, Private sector offensive actor|DEV-0605|
 |Zigzag Hail|Korea|DUBNIUM, Nemim, TEMPLAR, TieOnJoe, Fallout Team, Purple Pygmy, Dark Hotel, Egobot, Tapaoux, PALADIN, Darkhotel|
 
-Read our announcement about the new taxonomy for more information: [https://aka.ms/threatactorsblog](https://aka.ms/threatactorsblog)
+Read our announcement about this taxonomy for more information: [https://aka.ms/threatactorsblog](https://aka.ms/threatactorsblog)
 
 ## Putting intelligence into the hands of security professionals
 
diff --git a/unified-secops-platform/overview-deploy.md b/unified-secops-platform/overview-deploy.md
@@ -135,7 +135,7 @@ After you [connect Microsoft Sentinel to Microsoft Defender](/defender-xdr/micro
 
 For more information, see [Microsoft incident creation ](/azure/sentinel/microsoft-365-defender-sentinel-integration?tabs=azure-portal).
 
-### Conduct a MITRE Att&ck crosswalk
+### Conduct a MITRE ATT&CK crosswalk
 
 With fusion, anomaly, and threat intelligence analytic rules enabled, conduct a MITRE Att&ck crosswalk to help you decide which remaining analytic rules to enable and to finish implementing a mature XDR (extended detection and response) process. This empowers you to detect and respond throughout the lifecycle of an attack.
 
