MicrosoftDocs
diff --git a/‎learn-pr/wwl-sci/hunt-threats-sentinel/4-bookmarks.yml
Lines changed: 1 addition & 1 deletion b/‎learn-pr/wwl-sci/hunt-threats-sentinel/4-bookmarks.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎learn-pr/wwl-sci/hunt-threats-sentinel/includes/4-bookmarks.md
Lines changed: 2 additions & 2 deletions b/‎learn-pr/wwl-sci/hunt-threats-sentinel/includes/4-bookmarks.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎learn-pr/wwl-sci/hunt-threats-sentinel/index.yml
Lines changed: 1 addition & 1 deletion b/‎learn-pr/wwl-sci/hunt-threats-sentinel/index.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎learn-pr/wwl-sci/hunt-threats-sentinel/media/3-hunting-page.png
88.4 KB b/‎learn-pr/wwl-sci/hunt-threats-sentinel/media/3-hunting-page.png
88.4 KB
diff --git a/‎learn-pr/wwl-sci/hunt-threats-sentinel/media/4-incident-actions.png
43.8 KB b/‎learn-pr/wwl-sci/hunt-threats-sentinel/media/4-incident-actions.png
43.8 KB
@@ -3,7 +3,7 @@ uid: learn.azure.hunt-threats-sentinel.4-bookmarks
 metadata:
   title: Save key findings with bookmarks
   description: Learn how to save key findings with bookmarks in Microsoft Sentinel.
-  ms.date: 05/25/2023
+  ms.date: 03/06/2025
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit
 
@@ -11,15 +11,15 @@ You can revisit your bookmarked data at any time on the **Bookmarks** tab of the
 
 ## Create or add to incidents by using bookmarks
 
-You can use bookmarks to create a new incident or add bookmarked query results to existing incidents. The **Incident actions** button on the toolbar enables you to perform either of these tasks when a bookmark is selected.
+You can use bookmarks to create a new incident or add bookmarked query results to existing incidents. The **Incident actions** button on the *Hunt* toolbar enables you to perform either of these tasks when a bookmark is selected.
 
 :::image type="content" source="../media/4-incident-actions.png" alt-text="Screenshot of the drop-down menu for incident actions in Microsoft Sentinel." :::
 
 Incidents that you create from bookmarks can be managed from the **Incidents** page alongside other incidents created in Microsoft Sentinel.
 
 ## Use the investigation graph to explore bookmarks
 
-You can investigate bookmarks in the same way that you'd investigate incidents in Microsoft Sentinel. From the **Hunting** page, select **Investigate** to open the investigation graph for the incident. The investigation graph is a visual tool that helps to identify entities involved in the attack and the relationships between those entities. If the incident involves multiple alerts over time, you can also review the alert timeline and correlations between alerts.
+You can investigate bookmarks in the same way that you'd investigate incidents in Microsoft Sentinel. From the **Hunting** page, select your *Hunt* with a *Bookmark* from the **Hunts (Preview)** tab. In the *Hunt* details pane select **Bookmarks** (or select any *Related incidents*), select a specific *Bookmark* and then select the **Investigate** button to open the investigation graph for the incident. The investigation graph is a visual tool that helps to identify entities involved in the attack and the relationships between those entities. If the incident involves multiple alerts over time, you can also review the alert timeline and correlations between alerts.
 
 :::image type="content" source="../media/4-investigation-graph.png" alt-text="Screenshot of the investigation graph page for a deleted virtual machine incident.":::
 
 
@@ -3,7 +3,7 @@ uid: learn.azure.hunt-threats-sentinel
 metadata:
   title: Threat hunting with Microsoft Sentinel
   description: Learn how to proactively identify threat behaviors by using Microsoft Sentinel queries.
-  ms.date: 05/25/2023
+  ms.date: 03/06/2025
   author: wwlpublish
   ms.author: kelawson
   ms.topic: module