Merge pull request #2007 from MicrosoftDocs/main

OOB publish main to live for breadcrumbs in PR 2006

Author: Ruchika-mittal01

defender-xdr/m365d-autoir-actions.md

@@ -8,7 +8,7 @@ f1.keywords:
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
-ms.date: 08/11/2023
+ms.date: 11/25/2024
 manager: dansimp
 audience: ITPro
 ms.collection: 
@@ -67,7 +67,7 @@ If you've determined that a device or a file is not a threat, you can undo remed
 
 | Action source | Supported Actions |
 |:---|:---|
-| - Automated investigation <br/>- Microsoft Defender Antivirus <br/>- Manual response actions | - Isolate device <br/>- Restrict code execution <br/>- Quarantine a file <br/>- Remove a registry key <br/>- Stop a service <br/>- Disable a driver <br/>- Remove a scheduled task |
+| - Automated investigation <br/>- Microsoft Defender Antivirus <br/>- Manual response actions | - Isolate device <br/>- Contain device <br/>- Contain user <br/>- Restrict code execution <br/>- Quarantine a file <br/>- Remove a registry key <br/>- Stop a service <br/>- Disable a driver <br/>- Remove a scheduled task |
 
 ### Undo one remediation action
 

unified-secops-platform/breadcrumb/toc.yml

@@ -7,10 +7,13 @@
     topicHref: /unified-secops-platform/index
   - name: "Microsoft's unified SecOps platform"
     tocHref: /security/zero-trust/
-    topicHref: /defender-xdr/unified-secops-platform/index
+    topicHref: /unified-secops-platform/index
   - name: "Microsoft's unified SecOps platform"
     tocHref: /defender-for-identity/
-    topicHref: /defender-xdr/unified-secops-platform/index
+    topicHref: /unified-secops-platform/index
+  - name: "Microsoft's unified SecOps platform"
+    tocHref: /defender-xdr/
+    topicHref: /unified-secops-platform/index
 
 ## Azure override
 - name: "Microsoft Defender"

unified-secops-platform/defender-xdr-portal.md

@@ -26,7 +26,7 @@ Defender XDR consolidates threat signals and data across assets, so that you can
 
 Defender XDR combines multiple Microsoft security services.
 
-**Service** | **Details**
+Service | Details
 --- | ---
 **[Protect against email threats with Defender for Office 365](/defender-office-365/mdo-sec-ops-guid)** | Helps protect email and Office 365 resources.
 **[Protect devices with Defender for Endpoint](/defender-endpoint/mde-sec-ops-guide)** | Delivers preventative protection, post-breach detection, and automated investigation and response for devices.
@@ -71,7 +71,7 @@ Defender XDR provides threat hunting capabilities in the Defender portal.
 
 - **Advanced hunting**: SOC teams can use [advanced hunting](/defender-xdr/advanced-hunting-overview) with the Kusto Query Language (KQL) in the portal to create custom queries and rules for threat hunting across the enterprise. Analysts can search for indicators of compromise, anomalies, and suspicious activities across Defender XDR data sources.
 
-    If you're not familiar with KQL, Defender XDR provides a guided mode to create queries visually, and predefined query templates.
+  If you're not familiar with KQL, Defender XDR provides a guided mode to create queries visually, and predefined query templates.
 
 - **Custom detection rules**: In addition to advanced hunting, SOC teams can create [custom detection rules](/defender-xdr/custom-detections-overview) to proactively monitor and respond to events and system states. Rules can trigger alerts or automatic response actions.
 
@@ -82,6 +82,3 @@ Defender for XDR provides [automated investigation and response](/defender-xdr/m
 As alerts create incidents, automated investigations produce a verdict that determines whether a threat was found. When suspicious and malicious threats are identified, remediation actions include sending a file to quarantine, stopping a process, blocking a URL, or isolating a device.
 
 You can view a summary of automated investigations and responses in the Home page of the portal. Pending remediation actions are handled in the portal Action Center.
-
-
-

unified-secops-platform/gov-support.md

@@ -46,10 +46,10 @@ When using a US government cloud, you need to use the following URIs instead of
 
 - **Login**:
 
-    - **GCC**: https://login.microsoftonline.com
-    - **GCC High and DoD**: https://login.microsoftonline.us
+  - **GCC**: https://login.microsoftonline.com
+  - **GCC High and DoD**: https://login.microsoftonline.us
 
 - **Microsoft Defender XDR API**:
 
-    - **GCC**: https://api-gcc.security.microsoft.us
-    - **GCC High and DoD**: https://api-gov.security.microsoft.us
+  - **GCC**: https://api-gcc.security.microsoft.us
+  - **GCC High and DoD**: https://api-gov.security.microsoft.us

unified-secops-platform/hunting-overview.md

@@ -33,7 +33,7 @@ The foundation of hunting queries in the Defender portal rests on Kusto Query La
 
 Maximize the full extent of your team's hunting prowess with the following hunting tools in the Defender portal:
 
-| **Hunting tool** | **Description** |
+| Hunting tool | Description |
 |---|---|
 |[**Advanced hunting**](/defender-xdr/advanced-hunting-microsoft-defender) | View and query data sources available within Microsoft's unified SecOps platform and share queries with your team. Use all your existing Microsoft Sentinel workspace content, including queries and functions. |
 |[**Microsoft Sentinel hunting**](/azure/sentinel/hunting) | Hunt for security threats across data sources. Use specialized search and query tools like **hunts**, **bookmarks** and **livestream**. |
@@ -52,7 +52,7 @@ Maximize the full extent of your team's hunting prowess with the following hunti
 
 The following table describes how you can make the most of the Defender portal's hunting tools across all stages of threat hunting:
 
-| **Hunting stage** | **Hunting tools** |
+| Hunting stage | Hunting tools |
 | --- | --- |
 | **Proactive** - Find the weak areas in your environment before threat actors do. Detect suspicious activity extra early. | - Regularly conduct end-to-end [hunts](/azure/sentinel/hunts) to proactively seek out undetected threats and malicious behaviors, validate hypotheses, and act on findings by creating new detections, incidents, or threat intelligence.<br><br> - Use the [MITRE ATT&CK map](/azure/sentinel/mitre-coverage#use-the-mitre-attck-framework-in-analytics-rules-and-incidents) to identify detection gaps, and then run predefined hunting queries for highlighted techniques.<br><br> - Insert new threat intelligence into proven queries to tune detections and confirm if a compromise is in process.<br><br> - Take proactive steps to build and test queries against data from new or updated sources.<br><br> - Use [advanced hunting](/defender-xdr/advanced-hunting-microsoft-defender) to find early-stage attacks or threats that don't have alerts. |
 | **Reactive** - Use hunting tools during an active investigation. | - Use [livestream](/azure/sentinel/livestream) to run specific queries at consistent intervals to actively monitor events.<br><br> - Quickly pivot on incidents with the [**Go hunt**](/defender-xdr/advanced-hunting-go-hunt) button to search broadly for suspicious entities found during an investigation.<br><br> - Hunt through threat intelligence to perform [infrastructure chaining](/defender/threat-intelligence/infrastructure-chaining).<br><br> - Use [Security Copilot in advanced hunting](/defender-xdr/advanced-hunting-security-copilot) to generate queries at machine speed and scale. |