Merge pull request #849 from MicrosoftDocs/freshness-deniseb

freshness deniseb

Author: denisebmsft

defender-xdr/configure-siem-defender.md

@@ -12,7 +12,7 @@ ms.collection:
 - m365-security
 - tier2
 ms.topic: conceptual
-ms.date: 10/25/2021
+ms.date: 06/27/2024
 ---
 
 # Integrate your SIEM tools with Microsoft Defender XDR
@@ -23,9 +23,6 @@ ms.date: 10/25/2021
 - [Microsoft Defender for Endpoint](/defender-endpoint/microsoft-defender-endpoint)
 - [Microsoft Defender XDR](microsoft-365-defender.md)
 
-> [!NOTE]
-> **Try our new APIs using MS Graph security API**. Find out more at: [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview).
-
 <a name='pull-microsoft-365-defender-incidents-and-streaming-event-data-using-security-information-and-events-management-siem-tools'></a>
 
 ## Pull Microsoft Defender XDR incidents and streaming event data using security information and events management (SIEM) tools
@@ -53,7 +50,7 @@ There are two primary models to ingest security information:
 Microsoft Defender XDR currently supports the following SIEM solution integrations:
 
 - [Ingesting incidents from the incidents REST API](#ingesting-incidents-from-the-incidents-rest-api)
-- [Ingesting streaming event data via Event Hub](#ingesting-streaming-event-data-via-event-hubs)
+- [Ingesting streaming event data via Event Hubs](#ingesting-streaming-event-data-via-event-hubs)
 
 ## Ingesting incidents from the incidents REST API
 
@@ -74,7 +71,7 @@ Using the new, fully supported Splunk Add-on for Microsoft Security that support
 
 - Ingesting Defender for Endpoint alerts (from the Defender for Endpoint's Azure endpoint) and updating these alerts
 
-- Support for updating Microsoft Defender XDR Incidents and/or Microsoft Defender for Endpoint Alerts and the respective dashboards has been moved to the Microsoft 365 App for Splunk.
+- Support for updating Microsoft Defender XDR Incidents and/or Microsoft Defender for Endpoint Alerts and the respective dashboards has moved to the Microsoft 365 App for Splunk.
 
 For more information on:
 
@@ -89,7 +86,7 @@ Framework (CEF).
 
 For more information on the new ArcSight SmartConnector for Microsoft Defender XDR, see [ArcSight Product Documentation](https://community.microfocus.com/cyberres/productdocs/w/connector-documentation/39246/smartconnector-for-microsoft-365-defender).
 
-The SmartConnector replaces the previous FlexConnector for Microsoft Defender for Endpoint that has been deprecated.
+The SmartConnector replaces the previous FlexConnector for Microsoft Defender for Endpoint that's now retired.
 
 ### Elastic
 
@@ -120,4 +117,5 @@ For more information on the Elastic streaming API integration, see [Microsoft M3
 ## Related articles
 
 [Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn](/graph/api/resources/security-api-overview)
+
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]

defender-xdr/criteria.md

@@ -15,7 +15,7 @@ ms.collection:
 - m365-security
 - tier2
 ms.topic: conceptual
-ms.date: 02/16/2021
+ms.date: 06/27/2024
 ---
 
 # Custom detections overview
@@ -26,17 +26,20 @@ ms.date: 02/16/2021
 **Applies to:**
 - Microsoft Defender XDR
 
-With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured endpoints. This is made possible by customizable detection rules that automatically trigger alerts as well as response actions.
+With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured endpoints. This is made possible by customizable detection rules that automatically trigger alerts and response actions.
 
 Custom detections work with [advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
 
 Custom detections provide:
+
 - Alerts for rule-based detections built from advanced hunting queries
 - Automatic response actions
 
 ## See also
+
 - [Create and manage custom detection rules](custom-detection-rules.md)
 - [Advanced hunting overview](advanced-hunting-overview.md)
 - [Migrate advanced hunting queries from Microsoft Defender for Endpoint](advanced-hunting-migrate-from-mde.md)
 - [Microsoft Graph security API for custom detections](/graph/api/resources/security-api-overview?view=graph-rest-beta&preserve-view=true#custom-detections)
+
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]

defender-xdr/custom-detections-overview.md

@@ -14,7 +14,7 @@ ms.collection:
   - highpri
   - tier3
 ms.topic: conceptual
-ms.date: 03/28/2021
+ms.date: 03/28/2024
 ---
 
 # Microsoft Defender Threat Intelligence in Microsoft Defender XDR
@@ -38,4 +38,5 @@ Under **Threat Intelligence** is the existing node for the **Threat Analytics**
 The experience between the existing Defender TI standalone portal differs slightly from the version in Microsoft Defender XDR. Though most of the functionality is available, at this time, the Defender TI experience in Microsoft Defender XDR doesn't include the ability to apply custom tags or project capabilities.
 
 [Learn more about Microsoft Defender Threat Intelligence](/defender/threat-intelligence/what-is-microsoft-defender-threat-intelligence-defender-ti).
+
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]

defender-xdr/defender-threat-intelligence.md

@@ -1,6 +1,6 @@
 ---
 title: Deploy services supported by Microsoft Defender XDR
-description: Learn about the Microsoft security services that can be integrated by Microsoft Defender XDR, their licensing requirements, and deployment procedures
+description: Learn about the Microsoft security services that integrate with Microsoft Defender XDR, their licensing requirements, and deployment procedures
 ms.service: defender-xdr
 f1.keywords: 
   - NOCSH
@@ -18,7 +18,7 @@ ms.topic: conceptual
 search.appverid: 
   - MOE150
   - MET150
-ms.date: 02/16/2021
+ms.date: 02/16/2024
 ---
 
 # Deploy supported services
@@ -31,7 +31,7 @@ ms.date: 02/16/2021
 
 [!INCLUDE [Prerelease information](../includes/prerelease.md)]
 
-[Microsoft Defender XDR](microsoft-365-defender.md) integrates various Microsoft security services to provide centralized detection, prevention, and investigation capabilities against sophisticated attacks. This article describes the supported services, their licensing requirements, the advantages and limitations associated with deploying one or more services, and links to how you can fully deploy them individually.
+[Microsoft Defender XDR](microsoft-365-defender.md) integrates various Microsoft security services to provide centralized detection, prevention, and investigation capabilities against sophisticated attacks. This article describes the supported services, their licensing requirements, the advantages, and limitations associated with deploying one or more services, and links to how you can fully deploy them individually.
 
 ## Supported services
 
@@ -42,7 +42,7 @@ A Microsoft 365 E5, E5 Security, A5, or A5 Security license or a valid combinati
 | Microsoft Defender for Endpoint | Endpoint protection suite built around powerful behavioral sensors, cloud analytics, and threat intelligence |
 |Microsoft Defender for Office 365 | Advanced protection for your apps and data in Office 365, including email and other collaboration tools |
 | Microsoft Defender for Identity | Defend against advanced threats, compromised identities, and malicious insiders using correlated Active Directory signals |
-| Microsoft Defender for Cloud Apps | Identify and combat cyberthreats across your Microsoft and third-party cloud services |
+| Microsoft Defender for Cloud Apps | Identify and combat cyberthreats across your Microsoft and non-Microsoft cloud services |
 
 ## Deployed services and functionality
 
@@ -58,16 +58,16 @@ To get the complete benefits of Microsoft Defender XDR, we recommend deploying a
 
 ### Limited deployment scenarios
 
-Each supported service that you deploy provides an extremely rich set of raw signals as well as correlated information. While limited deployment doesn't cause Microsoft Defender XDR functionality to turn off, its ability to provide comprehensive visibility across your endpoints, apps, data, and identities is affected. At the same time, any remediation capabilities only apply to entities that can be managed by the services you've deployed.
+Each supported service that you deploy provides an extremely rich set of raw signals and correlated information. While limited deployment doesn't cause Microsoft Defender XDR functionality to turn off, its ability to provide comprehensive visibility across your endpoints, apps, data, and identities is affected. At the same time, any remediation capabilities only apply to entities that are managed by the services you've deployed.
 
 The table below lists how each supported service provides additional data, opportunities to obtain additional insight by correlating the data, and better remediation and response capabilities.
 
 | Service | Data (signals & correlated info) | Remediation & response scope |
 | ------ | ------ | ------ |
-| Microsoft Defender for Endpoint |<ul><li>Endpoint states and raw events</li><li>Endpoint detections and alerts, including antivirus, EDR, attack surface reduction</li><li>Info on files and other entities observed on endpoints</li></ul> | Endpoints |
-|Microsoft Defender for Office 365 |<ul><li>Mail and mailbox states and raw events</li><li>Email, attachment, and link detections</li></ul> | <ul><li>Mailboxes</li><li>Microsoft 365 accounts</li></ul> |
-| Microsoft Defender for Identity |<ul><li>Active Directory signals, including authentication events</li><li>Identity-related behavioral detections</li></ul> | Identities |
-| Microsoft Defender for Cloud Apps |<ul><li>Detection of unsanctioned cloud apps and services (shadow IT)</li><li>Exposure of data to cloud apps</li><li>Threat activity associated with cloud apps</li></ul> | Cloud apps |
+| Microsoft Defender for Endpoint |- Endpoint states and raw events<br/>- Endpoint detections and alerts, including antivirus, EDR, attack surface reduction<br/>- Info on files and other entities observed on endpoints | Endpoints |
+|Microsoft Defender for Office 365 |- Mail and mailbox states and raw events<br/>- Email, attachment, and link detections | - Mailboxes<br/>- Microsoft 365 accounts |
+| Microsoft Defender for Identity |- Active Directory signals, including authentication events<br/>- Identity-related behavioral detections | Identities |
+| Microsoft Defender for Cloud Apps |- Detection of unsanctioned cloud apps and services (shadow IT)<br/>- Exposure of data to cloud apps<br/>- Threat activity associated with cloud apps | Cloud apps |
 
 ## Deploy the services
 
@@ -82,7 +82,7 @@ Deploying each service typically requires provisioning to your tenant and some i
 
 Once you've deployed the supported services, [turn on Microsoft Defender XDR](m365d-enable.md).
 
-## Related topics
+## Related articles
 
 - [Microsoft Defender XDR overview](microsoft-365-defender.md)
 - [Turn on Microsoft Defender XDR](m365d-enable.md)
@@ -91,4 +91,5 @@ Once you've deployed the supported services, [turn on Microsoft Defender XDR](m3
 - [Microsoft Defender for Office 365 overview](/defender-office-365/mdo-about)
 - [Microsoft Defender for Cloud Apps overview](/cloud-app-security/what-is-cloud-app-security)
 - [Microsoft Defender for Identity overview](/azure-advanced-threat-protection/what-is-atp)
+
 [!INCLUDE [Microsoft Defender XDR rebranding](../includes/defender-m3d-techcommunity.md)]