Updated units, fixed MD and fixed ARM template

Author: Ken Lawson

learn-pr/wwl-sci/analyze-data-in-sentinel/1-introduction.yml

@@ -4,7 +4,7 @@ title: Introduction
 metadata:
   title: Introduction
   description: "Provide an introduction of Microsoft Sentinel Analytics."
-  ms.date: 05/15/2023
+  ms.date: 03/18/2025
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/analyze-data-in-sentinel/2-exercise-setup.yml

@@ -4,7 +4,7 @@ title: Exercise - Detect threats with Microsoft Sentinel analytics
 metadata:
   title: Exercise - Detect threats with Microsoft Sentinel analytics
   description: "Detect threats by using Microsoft Sentinel Analytics."
-  ms.date: 02/24/2025
+  ms.date: 03/18/2025
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/analyze-data-in-sentinel/4-analytics-rules.yml

@@ -4,7 +4,7 @@ title: Types of analytics rules
 metadata:
   title: Types of analytics rules
   description: "Identify different template rules to create analytic rules."
-  ms.date: 05/15/2023
+  ms.date: 03/18/2025
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/analyze-data-in-sentinel/5-create-rule-from-templates.yml

@@ -4,7 +4,7 @@ title: Create an analytics rule from templates
 metadata:
   title: Create an analytics rule from templates
   description: "Describes the procedure to create an analytics rule from templates."
-  ms.date: 05/15/2023
+  ms.date: 03/18/2025
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/analyze-data-in-sentinel/6-create-rule-from-wizard.yml

@@ -4,7 +4,7 @@ title: Create an analytics rule from wizard
 metadata:
   title: Create an analytics rule from wizard
   description: "Describes how to create an analytics rule by using the wizard."
-  ms.date: 05/15/2023
+  ms.date: 03/18/2025
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/analyze-data-in-sentinel/7-manage-analytics-rules.yml

@@ -4,7 +4,7 @@ title: Manage analytics rules
 metadata:
   title: Manage analytics rules
   description: "Describes how to manage and modify analytics rules."
-  ms.date: 05/15/2023
+  ms.date: 03/18/2025
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/analyze-data-in-sentinel/8-exercise-detect-threats.yml

@@ -4,7 +4,7 @@ title: Exercise - Detect threats with Microsoft Sentinel analytics
 metadata:
   title: Exercise - Detect threats with Microsoft Sentinel analytics
   description: "Detect threats by using Microsoft Sentinel Analytics."
-  ms.date: 05/15/2023
+  ms.date: 03/18/2025
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/analyze-data-in-sentinel/includes/2-exercise-setup.md

@@ -1,5 +1,3 @@
-
-
 The Threat detection with Microsoft Sentinel Analytics exercise in this module is an optional unit. However, if you want to perform this exercise, you need access to an Azure subscription where you can create Azure resources. If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?azure-portal=true) before you begin.
 
 To deploy the prerequisites for the exercise, perform the following tasks.

learn-pr/wwl-sci/analyze-data-in-sentinel/includes/3-azure-sentinel-analytics-overview.md

@@ -61,11 +61,11 @@ The **Analytics** home page provides the following filters:
 
 - **Severity**. Use to filter the rules by levels of severity.
 
-- **Rule Type**. There are currently six types of rules: Scheduled, NRT (near real time), Fusion, Microsoft Security, ML (machine learning) Behavior Analytics, and Threat Intelligence.
+- **Rule Type**. There are currently seven types of rules: Scheduled, NRT (near real time), Fusion, Microsoft Security, ML (machine learning) Behavior Analytics, and Threat Intelligence.
 
 - **Tactics**. Use to filter the rules based on 14 specific methodologies in ATT&CK model.
 
 - **Data Sources**. Use to filter the rules by the data source connector that generates the alert.
 
 > [!NOTE]
-> MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
+> MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

learn-pr/wwl-sci/analyze-data-in-sentinel/includes/4-analytics-rules.md

@@ -43,8 +43,7 @@ By default, Fusion detection is enabled in Microsoft Sentinel. Microsoft is cons
 
   - Microsoft Defender for IoT
 
-    - Microsoft Defender XDR
-
+  - Microsoft Defender XDR
 
   - Microsoft Defender for Cloud Apps
 
@@ -68,7 +67,7 @@ Some of the common attack detection scenarios that Fusion alerts identify includ
 
 - **Ransomware**. After a suspicious sign-in to a Microsoft Entra account, unusual user behavior used to encrypt data can trigger a ransomware execution alert.
 
-> [!Note]
+> [!NOTE]
 > For more information on the Fusion technology in Microsoft Sentinel, see [Advanced multistage attack detection in Microsoft Sentinel](/azure/sentinel/fusion)
 
 ## Microsoft security
@@ -93,7 +92,7 @@ You can configure the following security solutions to pass their alerts to Micro
 
 - Microsoft Defender for Endpoint
 
-> [!Note]
+> [!NOTE]
 > Microsoft unifies security information and event management (SIEM) and extended detection and response (XDR) terminology across their security products.
 
 You can filter these alerts by severity and by specific text that is contained in the alert name.