Reorg Sentinel-related

schmurky · schmurky · commit c4f95099d383 · 2024-08-30T15:39:25.000+01:00
diff --git a/defender-xdr/TOC.yml b/defender-xdr/TOC.yml
@@ -222,8 +222,14 @@
                href: advanced-hunting-modes.md
              - name: Generate KQL queries with Security Copilot
                href: advanced-hunting-security-copilot.md
-             - name: Advanced hunting in the Microsoft Defender portal
-               href: advanced-hunting-microsoft-defender.md
+             - name: Hunt over Microsoft Sentinel data
+               items:
+                 - name: Microsoft Sentinel data in advanced hunting
+                   href: advanced-hunting-microsoft-defender.md
+                 - name: Use functions, saved queries, and custom rules
+                   href: advanced-hunting-defender-use-custom-rules.md
+                 - name: Work with results containing Microsoft Sentinel data
+                   href: advanced-hunting-defender-results.md
              - name: Build queries using guided mode
                items:
                  - name: Get started with query builder
diff --git a/defender-xdr/advanced-hunting-defender-results.md b/defender-xdr/advanced-hunting-defender-results.md
@@ -1,5 +1,5 @@
 ---
-title: Work with advanced hunting results in Microsoft Defender
+title: Work with results containing Microsoft Sentinel data
 description: Work with advanced hunting in the portal unifying Defender XDR and Sentinel data
 search.appverid: met150
 ms.service: defender-xdr
@@ -23,7 +23,7 @@ appliesto:
 ms.date: 08/07/2024
 ---
 
-# Work with advanced hunting results in Microsoft Defender
+# Work with advanced hunting results containing Microsoft Sentinel data
 
 ## Explore results
 
@@ -58,7 +58,7 @@ You can use the link to incident feature to add advanced hunting query results t
 
 3.	In the **Alert details** section in the Link to incident pane, select **Create new incident** to convert the events to alerts and group them to a new incident:
 
-[IMAGE]
+
  
     You can also select **Link to an existing incident** to add the selected records to an existing incident. Choose the related incident from the dropdown list of existing incidents. You can also enter the first few characters of the incident name or ID to find the incident you want.
    :::image type="content" source="/defender/media/advanced-hunting-results-link4.png" alt-text="Screenshot of the options available in saved queries in the Microsoft Defender portal" lightbox="/defender/media/advanced-hunting-results-link4.png":::
diff --git a/defender-xdr/advanced-hunting-defender-use-custom-rules.md b/defender-xdr/advanced-hunting-defender-use-custom-rules.md
@@ -1,5 +1,5 @@
 ---
-title: Use custom functions in advanced hunting in Microsoft Defender
+title: Use Microsoft Sentinel custom functions in advanced hunting in Microsoft Defender
 description: Using functions, saved queries, and custom rules in advanced hunting in the portal unifying Defender XDR and Sentinel data
 search.appverid: met150
 ms.service: defender-xdr
@@ -23,7 +23,7 @@ appliesto:
 ms.date: 08/07/2024
 ---
 
-# Use advanced hunting functions, saved queries, and custom rules in Microsoft Defender
+# Use Microsoft Sentinel functions, saved queries, and custom rules 
 
 
 ## Use functions
diff --git a/defender-xdr/advanced-hunting-microsoft-defender.md b/defender-xdr/advanced-hunting-microsoft-defender.md
@@ -1,6 +1,6 @@
 ---
-title: Advanced hunting in Microsoft Defender
-description: Advanced hunting in the portal unifying Defender XDR and Sentinel data
+title: Advanced hunting with Microsoft Sentinel data in Microsoft Defender
+description: Learn how to use advanced hunting in the portal unifying Defender XDR and Sentinel data
 search.appverid: met150
 ms.service: defender-xdr
 ms.subservice: adv-hunting
@@ -23,9 +23,9 @@ appliesto:
 ms.date: 04/12/2024
 ---
 
-# Advanced hunting in the Microsoft Defender portal
+# Advanced hunting with Microsoft Sentinel data in Microsoft Defender portal
 
-Advanced hunting in the unified portal allows you to view and query all data from Microsoft Defender XDR. This includes data from various Microsoft security services and Microsoft Sentinel, which includes data from non-Microsoft products, in a single platform. You can also access and use all your existing Microsoft Sentinel workspace content, including queries and functions. 
+Advanced hunting in the [unified Microsoft Defender portal](/defender-xdr/microsoft-365-defender-portal) allows you to view and query all data from Microsoft Defender XDR and Microsoft Sentinel, which includes data from non-Microsoft products, in a single platform. You can also access and use all your existing Microsoft Sentinel workspace content, including queries and functions. 
 
 Querying from a single portal across different data sets makes hunting more efficient and removes the need for context-switching.
 
@@ -96,3 +96,4 @@ In the unified portal, in addition to viewing the schema column names and descri
 
 - [Use advanced hunting functions, saved queries, and custom rules](advanced-hunting-defender-use-custom-rules.md)
 - [Explore advanced hunting results](advanced-hunting-defender-results.md)
+- [Link Microsoft Sentinel incidents](advanced-hunting-link-to-incident.md)
