Merge branch 'main' into wi-502580-batch-6b-defender-xdr-image-reorg

Author: mberdugo

.openpublishing.redirection.defender-endpoint.json

@@ -159,6 +159,11 @@
       "source_path": "defender-endpoint/mde-linux-arm.md",
       "redirect_url": "/defender-endpoint/microsoft-defender-endpoint-linux",
       "redirect_document_id": false
-    } 
+    }, 
+    {
+      "source_path": "defender-endpoint/contact-support.md",
+      "redirect_url": "/defender-xdr/contact-defender-support",
+      "redirect_document_id": false
+    },
   ]
 }

defender-endpoint/contact-support.md

@@ -349,11 +349,15 @@
           href: advanced-hunting-graph.md
       - name: Track and respond to emerging threats
         items:
-        - name: Threat analytics overview
-          href: threat-analytics.md
-        - name: Understand the analyst report
-          href: threat-analytics-analyst-reports.md
-        - name: Defender Threat Intelligence in Microsoft Defender XDR
+        - name: Threat analytics
+          items:
+          - name: Overview
+            href: threat-analytics.md
+          - name: Understand the analyst report
+            href: threat-analytics-analyst-reports.md
+          - name: Get access to indicators
+            href: threat-analytics-indicators.md
+        - name: Microsoft Defender Threat Intelligence in Defender XDR
           href: defender-threat-intelligence.md
       - name: Collaborate with Microsoft Defender Experts for Hunting
         items:
@@ -515,6 +519,8 @@
             href: m365d-threat-analytics-notifications.md
           - name: Configure alert notifications
             href: configure-email-notifications.md
+        - name: Contact Microsoft Defender XDR support
+          href: contact-defender-support.md
         - name: Manage devices through dynamic rules
           href: configure-asset-rules.md
         - name: Provide managed service provider (MSSP) access

defender-xdr/TOC.yml

@@ -56,7 +56,7 @@ adx('<Cluster URI>/<Database Name>').<Table Name>
 
 For example, to get the first 10 rows of data from the `StormEvents` table stored in a certain URI:
 
-:::image type="content" source="/defender-xdr/media/adx-sample.png" alt-text="Screenshot of adx operator in advanced hunting." lightbox="/defender-xdr/media/adx-sample.png":::
+:::image type="content" source="./media/advanced-hunting-defender-use-custom-rules/adx-sample.png" alt-text="Screenshot of adx operator in advanced hunting." lightbox="./media/advanced-hunting-defender-use-custom-rules/adx-sample.png":::
 
 > [!NOTE]
 > The `adx()` operator isn't supported for custom detections.
@@ -76,7 +76,7 @@ In the query editor, enter *arg("").* followed by the Azure Resource Graph table
 
 For example:
 
-:::image type="content" source="/defender-xdr/media/arg-operator2.png" alt-text="Screenshot of arg operator in advanced hunting." lightbox="/defender-xdr/media/arg-operator2.png":::
+:::image type="content" source="./media/advanced-hunting-defender-use-custom-rules/arg-operator2.png" alt-text="Screenshot of arg operator in advanced hunting." lightbox="./media/advanced-hunting-defender-use-custom-rules/arg-operator2.png":::
 
 You can also, for instance, filter a query that searches over Microsoft Sentinel data based on the results of an Azure Resource Graph query:
 
@@ -97,7 +97,7 @@ To use a saved query from Microsoft Sentinel, go to the **Queries** tab and scro
 - **Open in query editor** – Loads the query in the query editor.
 - **View details** – Opens the query details side pane where you can inspect the query, run the query, or open the query in the editor.
 
-   :::image type="content" source="/defender/media/advanced-hunting-unified-view-details.png" alt-text="Screenshot of the options available in saved queries in the Microsoft Defender portal." lightbox="/defender/media/advanced-hunting-unified-view-details.png":::
+   :::image type="content" source="./media/advanced-hunting-defender-use-custom-rules/advanced-hunting-unified-view-details.png" alt-text="Screenshot of the options available in saved queries in the Microsoft Defender portal." lightbox="./media/advanced-hunting-defender-use-custom-rules/advanced-hunting-unified-view-details.png":::
 
 
 For editable queries, more options are available:
@@ -120,7 +120,7 @@ To help discover threats and anomalous behaviors in your environment, you can cr
 
 For analytics rules that apply to data ingested through the connected Microsoft Sentinel workspace, select **Manage rules > Create analytics rule**.
 
-:::image type="content" source="/defender/media/advanced-hunting-unified-rules.png" alt-text="Screenshot of the options to create custom analytics or detections in the Microsoft Defender portal" lightbox="/defender/media/advanced-hunting-unified-rules.png":::
+  :::image type="content" source="./media/advanced-hunting-defender-use-custom-rules/advanced-hunting-unified-rules.png" alt-text="Screenshot of the options to create custom analytics or detections in the Microsoft Defender portal" lightbox="./media/advanced-hunting-defender-use-custom-rules/advanced-hunting-unified-rules.png":::
 
 The **Analytics rule wizard** appears. Fill up the required details as described in [Analytics rule wizard—General tab](/azure/sentinel/detect-threats-custom#analytics-rule-wizardgeneral-tab).
 

defender-xdr/advanced-hunting-defender-use-custom-rules.md

@@ -47,9 +47,9 @@ You must also have the following access or permissions:
 
 You can find the **hunting graph** page by going to the left navigation bar in the Microsoft Defender portal and selecting **Investigation & response** > **Hunting** > **Advanced hunting**. 
 
-In the advanced hunting page, select the hunting graph icon ![Screenshot of the hunting graph icon.](/defender-xdr/media/ah-hunting-graph/hunting-graph-icon.png) at the top of the page or select the **Create new** icon ![Screenshot of the Create new icon.](/defender-xdr/media/ah-hunting-graph/hunting-graph-create-icon.png) and choose **Hunting graph**.
+In the advanced hunting page, select the hunting graph icon ![Screenshot of the hunting graph icon.](./media/advanced-hunting-graph/hunting-graph-icon.png) at the top of the page or select the **Create new** icon ![Screenshot of the Create new icon.](./media/advanced-hunting-graph/hunting-graph-create-icon.png) and choose **Hunting graph**.
 
-:::image type="content" source="/defender-xdr/media/ah-hunting-graph/hunting-graph-new.png" alt-text="Screenshot of the Create new Hunting graph option in the advanced hunting page." lightbox="/defender-xdr/media/ah-hunting-graph/hunting-graph-new.png":::
+:::image type="content" source="./media/advanced-hunting-graph/hunting-graph-new.png" alt-text="Screenshot of the Create new Hunting graph option in the advanced hunting page." lightbox="./media/advanced-hunting-graph/hunting-graph-new.png":::
 
 A new hunting graph page appears as tab labeled **New hunt** in the advanced hunting page.
 
@@ -59,7 +59,7 @@ The interactive graphs generated in the hunting graph are composed of **nodes**
 
 The lower right-hand corner of the graph also has control buttons that let you **Zoom in** and **Zoom out**, and view the graph's **Layers**.
 
-:::image type="content" source="/defender-xdr/media/ah-hunting-graph/hunting-graph-render.png" alt-text="Screenshot of a rendered graph in the hunting graph page." lightbox="/defender-xdr/media/ah-hunting-graph/hunting-graph-render.png":::
+:::image type="content" source="./media/advanced-hunting-graph/hunting-graph-render.png" alt-text="Screenshot of a rendered graph in the hunting graph page." lightbox="./media/advanced-hunting-graph/hunting-graph-render.png":::
 
 ## Get started with hunting graph
 
@@ -73,7 +73,7 @@ To start hunting using a predefined scenario, on a new hunting graph page, selec
 1. [Apply filters on the graph](#step-2-apply-filters)
 1. [Render the graph](#step-3-render-the-graph)
 
-:::image type="content" source="/defender-xdr/media/ah-hunting-graph/hunting-graph-predefined-scenarios.png" alt-text="Screenshot of the hunting graph page highlighting the Search with Predefined scenarios button." lightbox="/defender-xdr/media/ah-hunting-graph/hunting-graph-predefined-scenarios.png":::
+:::image type="content" source="./media/advanced-hunting-graph/hunting-graph-predefined-scenarios.png" alt-text="Screenshot of the hunting graph page highlighting the Search with Predefined scenarios button." lightbox="./media/advanced-hunting-graph/hunting-graph-predefined-scenarios.png":::
 
 #### Step 1: Select a scenario and enter scenario inputs
 
@@ -90,21 +90,21 @@ The following table describes the predefined scenarios in the hunting graph and
 | **Identities with access to Azure DevOps repositories** | Provide an Azure DevOps (ADO) repository name to view users that have read and/or write access to said repository.<br><br>Use this scenario to identify entities with access to ADO repositories, which often contain sensitive assets and therefore valuable targets for threat actors. This scenario gives you visibility and lets you plan your response in case of a breach. | Target ADO repository |
 | **Identify nodes in the highest number of paths to SQL data stores** | This scenario identifies the nodes that appear in the highest number of paths leading to SQL data stores. The scenario discovers paths in the graph where users have roles or permissions to access the SQL data stores.<br><br>Use this scenario to gain visibility to stores that might contain sensitive information, assess the impact in case of a breach, and prepare your mitigation and response. | (None) |
 
-:::image type="content" source="/defender-xdr/media/ah-hunting-graph/hunting-graph-select-scenario.png" alt-text="Screenshot of the predefined scenarios side panel highlighting the available options." lightbox="/defender-xdr/media/ah-hunting-graph/hunting-graph-select-scenario.png":::
+:::image type="content" source="./media/advanced-hunting-graph/hunting-graph-select-scenario.png" alt-text="Screenshot of the predefined scenarios side panel highlighting the available options." lightbox="./media/advanced-hunting-graph/hunting-graph-select-scenario.png":::
 
-:::image type="content" source="/defender-xdr/media/ah-hunting-graph/hunting-graph-input.png" alt-text="Screenshot of the predefined scenarios side panel highlighting the required scenario inputs." lightbox="/defender-xdr/media/ah-hunting-graph/hunting-graph-input.png":::
+:::image type="content" source="./media/advanced-hunting-graph/hunting-graph-input.png" alt-text="Screenshot of the predefined scenarios side panel highlighting the required scenario inputs." lightbox="./media/advanced-hunting-graph/hunting-graph-input.png":::
 
 #### Step 2: Apply filters
 
 You can add relevant filters to make the map view of your selected scenario more precise. For example, if you want to **Show only the shortest paths**, tick this option.
 
-:::image type="content" source="/defender-xdr/media/ah-hunting-graph/hunting-graph-filter.png" alt-text="Screenshot of the predefined scenarios side panel highlighting the Show only the shortest paths filter." lightbox="/defender-xdr/media/ah-hunting-graph/hunting-graph-filter.png":::
+:::image type="content" source="./media/advanced-hunting-graph/hunting-graph-filter.png" alt-text="Screenshot of the predefined scenarios side panel highlighting the Show only the shortest paths filter." lightbox="./media/advanced-hunting-graph/hunting-graph-filter.png":::
 
 ##### Advanced filters
 
 By default, the predefined scenarios automatically apply certain filters, which you can view in the **Advanced Filters** section of the side panel. You can remove these filters or add new ones to further refine the graph you want to generate. 
 
-To remove filters, select the **Remove filter** icon ![Screenshot of the remove filter icon.](/defender-xdr/media/ah-hunting-graph/hunting-graph-remove-filter-icon.png) beside each filter or select **Clear all** to remove them all at once.
+To remove filters, select the **Remove filter** icon ![Screenshot of the remove filter icon.](./media/advanced-hunting-graph/hunting-graph-remove-filter-icon.png) beside each filter or select **Clear all** to remove them all at once.
 
 To add a filter, select **Add filter** then the select any of the supported node or edge filters. The following table lists these supported operators and filters. Depending on your chosen scenario, some of these filters might not be available as options.  
 
@@ -114,7 +114,7 @@ To add a filter, select **Add filter** then the select any of the supported node
 | **Target Node** | equals |<ul><li>Has sensitive data<li>Has risk score<li>Is vulnerable</ul> |
 | **Edge Type** | equals |<ul><li>has permissions to<li>routes traffic to<li>affecting<li>member of<li>defines<li>can impersonate as<li>contains<li>can authenticate as<li>runs on<li>has role on<li>is running<li>used to create<li>maintains<li>frequently logged in by<li>has credentials of<li>defined in<li>can authenticate to<li>pushes<li>provisions</ul>|
 
-:::image type="content" source="/defender-xdr/media/ah-hunting-graph/hunting-graph-advanced-filters.png" alt-text="Screenshot of the predefined scenarios side panel highlighting the advanced filter section." lightbox="/defender-xdr/media/ah-hunting-graph/hunting-graph-advanced-filters.png":::
+:::image type="content" source="./media/advanced-hunting-graph/hunting-graph-advanced-filters.png" alt-text="Screenshot of the predefined scenarios side panel highlighting the advanced filter section." lightbox="./media/advanced-hunting-graph/hunting-graph-advanced-filters.png":::
 
 #### Step 3: Render the graph
 

defender-xdr/advanced-hunting-graph.md

@@ -61,11 +61,11 @@ The report can be accessed in two ways:
 
 - In the advanced hunting page, select **Query resources report**:
 
-  :::image type="content" source="/defender/media/ah-query-resources/view-query-resources report.png" alt-text="view the query resources report button in the AH portal" lightbox="/defender/media/ah-query-resources/view-query-resources report.png":::
+  :::image type="content" source="./media/advanced-hunting-limits/view-query-resources report.png" alt-text="view the query resources report button in the AH portal" lightbox="./media/advanced-hunting-limits/view-query-resources report.png":::
 
 - Within the **Reports** page, find the new report entry in the **General** section
 
-  :::image type="content" source="/defender/media/ah-query-resources/reports-general-query-resources.png" alt-text="view the query resources report in the Reports section" lightbox="/defender/media/ah-query-resources/reports-general-query-resources.png":::
+  :::image type="content" source="./media/advanced-hunting-limits/reports-general-query-resources.png" alt-text="view the query resources report in the Reports section" lightbox="./media/advanced-hunting-limits/reports-general-query-resources.png":::
 
 All users can access the reports; however, only the Microsoft Entra Global Administrator, Microsoft Entra Security Administrator, and Microsoft Entra Security Reader roles can see queries done by all users in all interfaces. Any other user can only see:
 
@@ -93,7 +93,7 @@ The query resources report contains all queries that ran, including detailed res
 > [!TIP]
 > If the query state is **Failed**, you can hover the field to view the reason for the query failure.
 
-:::image type="content" source="/defender/media/ah-query-resources/excessive-usage-sample.png" alt-text="view inefficient queries" lightbox="/defender/media/ah-query-resources/excessive-usage-sample.png":::
+:::image type="content" source="./media/advanced-hunting-limits/excessive-usage-sample.png" alt-text="view inefficient queries" lightbox="./media/advanced-hunting-limits/excessive-usage-sample.png":::
 
 ### Find resource-heavy queries
 
@@ -112,7 +112,7 @@ The graph supports two views:
 - Average use per day –  the average use of resources per day
 - Highest use per day – the highest actual use of resources per day
 
-![Two view modes for query resources report](/defender/media/ah-query-resources/resource-usage-over-time.png)
+![Two view modes for query resources report](./media/advanced-hunting-limits/resource-usage-over-time.png)
 
 This means that, for instance, if on a specific day you ran two queries, one used 50% of your resources and one used 100%, the average daily use value would show 75%, while the top daily use would show 100%.