Merge pull request #2602 from yelevin/yelevin/rename-link-to-move

Change "Link/unlink alerts" to "Move alerts"

Author: Ruchika-mittal01

.openpublishing.redirection.defender-xdr.json

@@ -131,6 +131,11 @@
       "redirect_url": "/defender-xdr/entity-page-device",
       "redirect_document_id": true
     },
+    {
+      "source_path": "defender-xdr/unlink-alert-from-incident.md",
+      "redirect_url": "/defender-xdr/move-alert-to-another-incident",
+      "redirect_document_id": true
+    },
     {
       "source_path": "defender-xdr/unified-secops-platform/defender-xdr-portal.md",
       "redirect_url": "/defender-xdr/",

defender-xdr/TOC.yml

@@ -90,8 +90,8 @@
         items:
         - name: Incidents
           href: investigate-incidents.md
-        - name: Unlink alerts from incidents
-          href: unlink-alert-from-incident.md
+        - name: Move alerts to another incident
+          href: move-alert-to-another-incident.md
         - name: Alerts
           href: investigate-alerts.md
         - name: Entity pages

defender-xdr/alerts-incidents-correlation.md

@@ -41,11 +41,11 @@ The criteria used by the Defender portal to correlate alerts together in a singl
 
 While Microsoft Defender already uses advanced correlation mechanisms, you might want to decide differently whether a given alert belongs with a particular incident or not. In such a case, you can unlink an alert from one incident and link it to another. Every alert must belong to an incident, so you can either link the alert to another existing incident, or to a new incident that you create on the spot.
 
-For instructions, see [Link alerts to another incident in the Microsoft Defender portal](unlink-alert-from-incident.md).
+For more information on moving an alert from one incident to another, see [Move alerts from one incident to another in the Microsoft Defender portal](move-alert-to-another-incident.md).
 
 ## Incident correlation and merging
 
-The Defender portal's correlation activities don't stop when incidents are created. Defender continues to detect commonalities and relationships between incidents, and between alerts across incidents. When two or more incidents are determined to be sufficiently alike, Defender merges the incidents into a single incident.
+The Defender portal's correlation activities don't stop when incidents are created. Defender continues to detect commonalities and relationships between incidents and alerts across incidents. When two or more incidents are determined to be sufficiently alike, Defender merges the incidents into a single incident.
 
 ### Criteria for merging incidents