Added XDR topics from xls part 2

Author: cwatson-cat

defender-xdr/unified-soc-platform/TOC.yml

@@ -11,7 +11,7 @@
       - name: Service integration in the portal
         items:
         - name: Microsoft Defender XDR
-          href: /defender-xdr/microsoft-365-defender-portal
+          href: /defender-xdr/microsoft-365-defender-portal ## Placeholder article
         - name: Microsoft Security Exposure Management
           href: /security-exposure-management/get-started-exposure-management
         - name: Microsoft Sentinel
@@ -20,6 +20,8 @@
             href: /azure/sentinel/microsoft-365-defender-sentinel-integration?toc=/unified-soc-platform/toc.json&bc=/unified-soc-platform/breadcrumb/toc.json&tabs=defender-portal
           - name: Experience in the Defender portal
             href: /azure/sentinel/microsoft-sentinel-defender-portal?toc=/unified-soc-platform/toc.json&bc=/unified-soc-platform/breadcrumb/toc.json
+          - name: Connect Microsoft Sentinel to Microsoft Defender
+            href: /defender-xdr/microsoft-sentinel-onboard
         - name: Microsoft Defender for Cloud
           href: /defender-xdr/microsoft-365-security-center-defender-cloud
         - name: Microsoft Defender for IoT
@@ -62,42 +64,82 @@
             href: /defender-xdr/secure-score-data-storage-privacy.md
     - name: Detect threats ## Have each writer provide article and then we summarize in one article. Our outline and scope should align to datasheet: "Get visiblity into, and disrupt attacks in real time across identities, endpoints, email, cloud apps, data in hybrid and multicloud environments"
       href: /azure/sentinel/threat-detection ## PLACEHOLDER LINK
+    - name: Hunt for threats with advanced hunting
+      items:
+      - name: Overview
+        href: /defender-xdr/advanced-hunting-overview
+      - name: Advanced hunting in the Microsoft Defender portal
+        href: /defender-xdr/advanced-hunting-microsoft-defender
+      - name: Guided and advanced modes
+        href: /defender-xdr/advanced-hunting-modes
+      - name: Generate KQL queries with Security Copilot
+        href: /defender-xdr/advanced-hunting-security-copilot
+      - name: Build hunting queries using guided mode
+        href: /defender-xdr/advanced-hunting-query-builder
+      - name: Work with query results
+        href: /defender-xdr/advanced-hunting-query-results
+      - name: Take action on query results
+        href: /defender-xdr/advanced-hunting-take-action
+      - name: Hunt for ransomware
+        href: /defender-xdr/advanced-hunting-find-ransomware
+      - name: Learn the query language
+        href: /defender-xdr/advanced-hunting-query-language
+      - name: Get expert training
+        href: /defender-xdr/advanced-hunting-expert-training
     - name: Investigate incidents ## could be incidents, threats, posture findings. Need an overview article for USX. Current overviews (XDR/Sentinel) don't appear to be updated for USX.
       items:
         - name: Overview
           href: /defender-xdr/investigate-incidents ## Would need update to apply to USX. Per Dianne, this isn't XDR specific.
         - name: Alerts, incidents, and correlation
           href: /defender-xdr/alerts-incidents-correlation
+        - name: Manage incidents
+          href: /defender-xdr/manage-incidents
         - name: Investigate alerts
           href: /defender-xdr/investigate-alerts
-        - name: Hunt for threats
-          items:
-          - name: Advanced hunting
-            href: /defender-xdr/advanced-hunting-microsoft-defender
-          - name: Microsoft Copilot for Security in advanced hunting
-            href: /defender-xdr/advanced-hunting-security-copilot
-          - name: Learn the query language
-            href: /defender-xdr/advanced-hunting-query-language
         - name: Investigate incidents in Copilot for Security ## This article is specific to Sentinel in the context of using outside of USX and with XDR in USX. We don't think it applies to Sentinel only but need to confirm with PM.  Austin thought title w/o mentioning Sentinel is misleading. We might need to leave this out of TOC or as part of plan/deploy to integrate Sentinel w/ Copilot features.
           href: /azure/sentinel/sentinel-security-copilot
+        - name: Investigate with Microsoft Copilot in Microsoft Defender ## Copied entire section from XDR TOC
+          items:
+          - name: Overview
+            href: /defender-xdr/security-copilot-in-microsoft-365-defender.md
+          - name: Summarize incidents
+            href: /defender-xdr/security-copilot-m365d-incident-summary.md
+          - name: Run script analysis
+            href: /defender-xdr/security-copilot-m365d-script-analysis.md
+          - name: Analyze files
+            href: /defender-xdr/copilot-in-defender-file-analysis.md
+          - name: Generate device summaries
+            href: /defender-xdr/copilot-in-defender-device-summary.md
+          - name: Use guided responses
+            href: /defender-xdr/security-copilot-m365d-guided-response.md
+          - name: Generate KQL queries
+            href: /defender-xdr/advanced-hunting-security-copilot.md
+          - name: Create incident reports
+            href: /defender-xdr/security-copilot-m365d-create-incident-report.md
         - name: Investigate entities
           items: 
           - name: Overview
             href: /azure/sentinel/entity-pages?tabs=azure-portal
           - name: User entity pages
-            href: investigate-users.md
+            href: /defender-xdr/investigate-users.md
           - name: Device entity pages
-            href: entity-page-device.md
+            href: /defender-xdr/entity-page-device.md
           - name: IP entity pages
-            href: entity-page-ip.md
+            href: /defender-xdr/entity-page-ip.md
     - name: Respond to threats
       items:
         - name: Overview
           href: /defender-xdr/incidents-overview
         - name: Prioritize incidents
           href: /defender-xdr/incident-queue
         - name: Automatic attack disruption 
-          href: /defender-xdr/automatic-attack-disruption
+          items:
+          - name: Overview
+            href: /defender-xdr/automatic-attack-disruption
+          - name: Configure capabilities
+            href: /defender-xdr/configure-attack-disruption
+        - name: Review remediations in the action center
+          href: /defender-xdr/m365d-action-center
     - name: Optimize your security operations 
       items:
         - name: Overview
@@ -108,12 +150,26 @@
           href: /azure/sentinel/soc-optimization/soc-optimization-reference
     - name: Manage your unified SOC ## Need article w/ overview about settings? What else needs to go here? Several other things like permissions and costs would get referenced by planning guide.
       items:
-        - name: Manage multiple tenants ## Work will start soon to integrate Sentinel into one or more of these articles.
+        - name: Manage multiple tenants ## Work will start soon to integrate Sentinel into one or more of these articles. Copied in entire section from XDR library
           items: 
             - name: Overview
               href: /defender-xdr/mto-overview
             - name: Set up multi-tenant management
               href: /defender-xdr/mto-requirements
+            - name: Manage incidents and alerts
+              href: /defender-xdr/mto-incidents-alerts
+            - name: Advanced hunting
+              href: /defender-xdr/mto-advanced-hunting.md
+            - name: Multitenant devices
+              href: /defender-xdr/mto-tenant-devices.md
+            - name: Vulnerability management
+              href: /defender-xdr/mto-dashboard.md
+            - name: Manage tenants
+              href: /defender-xdr/mto-tenants.md
+            - name: Manage endpoint security policies
+              href: /defender-xdr/mto-endpoint-security-policy.md
+            - name: Manage content distribution with tenant groups
+              href: /defender-xdr/mto-tenantgroups.md
         - name: Configure notifications
           items:
           - name: Get incident notifications
@@ -124,5 +180,11 @@
       items:
         - name: Threat actor naming
           href: /defender-xdr/microsoft-threat-actor-naming
+        - name: Identification of malware and unwanted apps
+          href: /defender-xdr/criteria
+        - name: Submit files for analysis
+          href: /defender-xdr/submission-guide
         - name: Microsoft virus initiative
-          href: /defender-xdr/virus-initiative-criteria
+          href: /defender-xdr/virus-initiative-criteria
+        - name: Microsoft security portals
+          href: /defender-xdr/portals