Merge pull request #50267 from KenMAG/main

Updated and improved Acrolinx scores.

Author: JamesJBarnett

learn-pr/wwl-sci/use-watchlists-azure-sentinel/1-introduction.yml

@@ -4,8 +4,8 @@ title: Introduction
 metadata:
   title: Introduction
   description: "Introduction"
-  ms.date: 06/21/2022
-  author: wwlpublish
+  ms.date: 05/02/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false

learn-pr/wwl-sci/use-watchlists-azure-sentinel/3-create-watchlist.yml

@@ -4,8 +4,8 @@ title: Create a watchlist
 metadata:
   title: Create a watchlist
   description: "Create a watchlist"
-  ms.date: 06/21/2022
-  author: wwlpublish
+  ms.date: 05/02/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false

learn-pr/wwl-sci/use-watchlists-azure-sentinel/4-manage-watchlists.yml

@@ -4,8 +4,8 @@ title: Manage watchlists
 metadata:
   title: Manage watchlists
   description: "Manage watchlists"
-  ms.date: 06/21/2022
-  author: wwlpublish
+  ms.date: 05/02/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false

learn-pr/wwl-sci/use-watchlists-azure-sentinel/5-knowledge-check.yml

@@ -4,8 +4,8 @@ title: Module assessment
 metadata:
   title: Module assessment
   description: "Knowledge check"
-  ms.date: 06/21/2022
-  author: wwlpublish
+  ms.date: 05/02/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false
@@ -31,10 +31,10 @@ quiz:
     choices:
     - content: "_Watchlist('MyList ')"
       isCorrect: false
-      explanation: "Incorrect.  The GetWatchlist will return the values"
+      explanation: "Incorrect. The GetWatchlist returns the values"
     - content: "_GetWatchlist('MyList')"
       isCorrect: true
-      explanation: "Correct.  This is the proper function."
+      explanation: "Correct. This is the proper function."
     - content: "_Getlist('MyList ')"
       isCorrect: false
-      explanation: "Incorrect.  The GetWatchlist will return the values"
+      explanation: "Incorrect. The GetWatchlist returns the values"

learn-pr/wwl-sci/use-watchlists-azure-sentinel/6-summary-resources.yml

@@ -4,8 +4,8 @@ title: Summary and resources
 metadata:
   title: Summary and resources
   description: "Summary and resources"
-  ms.date: 06/21/2022
-  author: wwlpublish
+  ms.date: 05/02/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: unit
 azureSandbox: false

learn-pr/wwl-sci/use-watchlists-azure-sentinel/includes/1-introduction.md

@@ -1,8 +1,8 @@
-Microsoft Sentinel provides a table to store list data accessible to Kusto Query Language (KQL) queries.  The Watchlists page in Microsoft Sentinel provides the management options to maintain the lists.
+Microsoft Sentinel provides a table to store list data accessible to Kusto Query Language (KQL) queries. The Watchlists page in Microsoft Sentinel provides the management options to maintain the lists.
 
-You're a Security Operations Analyst working at a company that has implemented Microsoft Sentinel.  The Security Operations team members need to prioritize alerts that are impacting high-value target servers.  
+You're a Security Operations Analyst working at a company that deployed Microsoft Sentinel. The Security Operations team members need to prioritize alerts that are impacting high-value target servers.  
 
-You must import a list of server names into Microsoft Sentinel, which can then be used by detection queries to set a priority field.  You import a list of servers into the Watchlist page of Microsoft Sentinel.  Once created, you instruct the Security Operations team to use the watch list in their KQL queries.
+You must import a list of server names into Microsoft Sentinel, which is used by detection queries to set a priority field. You import a list of servers into the Watchlist page of Microsoft Sentinel. Once created, you instruct the Security Operations team to use the watch list in their KQL queries.
 
 After completing this module, you'll be able to:
 

learn-pr/wwl-sci/use-watchlists-azure-sentinel/includes/3-create-watchlist.md

@@ -2,7 +2,7 @@ To create a watchlist from the Azure portal perform these steps:
 
 1. Go to **Microsoft Sentinel > Configuration > Watchlist** and select **Add new**.
 
-    :::image type="content" source="../media/watchlist-create.png" alt-text="Screen shot of creating a Sentinel Watchlist List.":::
+    :::image type="content" source="../media/watchlist-create.png" alt-text="Screen shot of creating a Microsoft Sentinel Watchlist List.":::
 
 1. On the General page, provide the name, description, and alias for the watchlist, then select **Next**.
 
@@ -11,7 +11,7 @@ To create a watchlist from the Azure portal perform these steps:
     > [!NOTE]
     > File uploads are currently limited to files of up to 3.8 MB in size.
 
-1. Next, review the information, verify that it's correct, then select **Create**. A notification appears once the watchlist is ready.
+1. Review the information, and verify that it's correct. Then select **Create**. A notification appears once the watchlist is ready.
 
 To use the watchlist data in KQL, use the KQL function _GetWatchlist('watchlist name').
 

learn-pr/wwl-sci/use-watchlists-azure-sentinel/includes/4-manage-watchlists.md

@@ -1,4 +1,4 @@
-We recommend you edit an existing watchlist instead of deleting and recreating a watchlist. Log analytics has a five-minute SLA for data ingestion. If you delete and recreate a watchlist, you might see both the deleted and recreated entries in Log Analytics during this five-minute window. If you see these duplicate entries in Log Analytics for a longer period of time, submit a support ticket.
+We recommend you edit an existing watchlist instead of deleting and recreating a watchlist. Log analytics has a five-minute SLA (Service Level Agreement) for data ingestion. If you delete and recreate a watchlist, you might see both the deleted and recreated entries in Log Analytics during this five-minute window. If you see these duplicate entries in Log Analytics for a longer period of time, submit a support ticket.
 
 ## Edit a watchlist item
 
@@ -32,9 +32,9 @@ Edit a watchlist to edit or add an item to the watchlist.
 
 ## Bulk update a watchlist
 
-When you have many items to add to a watchlist, use bulk update. A bulk update of a watchlist appends items to the existing watchlist. Then, it de-duplicates the items in the watchlist where all the value in each column match.
+When you have many items to add to a watchlist, use bulk update. A bulk update of a watchlist appends items to the existing watchlist. Then, it deduplicates the items in the watchlist where all the value in each column match.
 
-If you've deleted an item from your watchlist file and upload it, bulk update won't delete the item in the existing watchlist. Delete the watchlist item individually. Or, when you have many deletions, delete and recreate the watchlist.
+If you deleted an item from your watchlist file and upload it, bulk update won't delete the item in the existing watchlist. Delete the watchlist item individually. Or, when you have many deletions, delete and recreate the watchlist.
 
 The updated watchlist file you upload must contain the search key field used by the watchlist with no blank values.
 

learn-pr/wwl-sci/use-watchlists-azure-sentinel/includes/6-summary-resources.md

@@ -1,4 +1,4 @@
-You should have learned how Microsoft Sentinel provides a table to store list data accessible to Kusto Query Language (KQL) queries.  And that the Watchlists page in Microsoft Sentinel provides the management options to maintain the lists.
+You learned how Microsoft Sentinel provides a table to store list data accessible to Kusto Query Language (KQL) queries. And that the Watchlists page in Microsoft Sentinel provides the management options to maintain the lists.
 
 You should now be able to:
 
@@ -12,8 +12,3 @@ You can learn more by reviewing the following.
 [Become a Microsoft Sentinel Ninja](https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310?azure-portal=true)
 
 [Microsoft Tech Community Security Webinars](https://techcommunity.microsoft.com/t5/microsoft-security-and/security-community-webinars/ba-p/927888?azure-portal=true)
-
-
-
-
-

learn-pr/wwl-sci/use-watchlists-azure-sentinel/index.yml

@@ -3,15 +3,15 @@ uid: learn.wwl.use-watchlists-azure-sentinel
 metadata:
   title: Use watchlists in Microsoft Sentinel
   description: "Use watchlists in Microsoft Sentinel"
-  ms.date: 06/21/2022
-  author: wwlpublish
+  ms.date: 05/02/2025
+  author: KenMAG
   ms.author: kelawson
   ms.topic: module
   ms.service: microsoft-sentinel
 title: Use watchlists in Microsoft Sentinel
-summary: Learn how to create Microsoft Sentinel watchlists that are a named list of imported data.  Once created, you can easily use the named watchlist in KQL queries.
+summary: Learn how to create Microsoft Sentinel watchlists that are a named list of imported data. Once created, you can easily use the named watchlist in KQL queries.
 abstract: |
-  Upon completion of this module, the learner will be able to:
+  Upon completion of this module, the learner is able to:
   - Create a watchlist in Microsoft Sentinel
   - Use KQL to access the watchlist in Microsoft Sentinel
 prerequisites: ""