test restruture of threatprevention

Author: jtviolet

docs/threatprevention/7.4/index.md

@@ -1 +1,27 @@
-# Threat Prevention 7.4
+# Netwrix Threat Prevention 7.4
+
+Netwrix Threat Prevention safeguards organizations from internal and external threats by acting like a firewall around critical systems and applications: Active Directory, Exchange, and file systems. It empowers organizations to overcome limitations in native Windows logging and security controls.
+
+## Key Features
+
+- **Active Monitoring** – Intercepts critical activity at the source and actively monitors user behavior
+- **Proactive Remediation** – Automatically blocks suspicious activities and compromised accounts
+- **Real-time Alerts** – Provides inspection, alerting, and policy enforcement
+- **Comprehensive Audit Trail** – Detailed records of every change, access, and authentication
+- **Third-party Integration** – Seamless SIEM dashboard integration
+- **Modern Architecture** – FIPS 140-2 compliant design
+
+## Quick Start
+
+- [Getting Started](/docs/threatprevention/7.4/threatprevention/gettingstarted.md)
+- [System Requirements](/docs/threatprevention/7.4/threatprevention/requirements/overview.md)
+- [Installation Overview](/docs/threatprevention/7.4/threatprevention/install/overview.md)
+- [Product Overview](/docs/threatprevention/7.4/threatprevention/overview.md)
+
+## Key Sections
+
+- **[Administration](/docs/threatprevention/7.4/threatprevention/admin/overview.md)** - Agent management, policies, and configuration
+- **[Solutions](/docs/threatprevention/7.4/threatprevention/solutions/overview.md)** - Active Directory, Exchange, File System, and LDAP protection
+- **[Reporting](/docs/threatprevention/7.4/threatprevention/reportingmodule/overview.md)** - Investigations and analytics
+- **[SIEM Integration](/docs/threatprevention/7.4/threatprevention/siemdashboard/overview.md)** - QRadar and Splunk dashboards
+- **[Troubleshooting](/docs/threatprevention/7.4/threatprevention/troubleshooting/overview.md)** - Common issues and solutions

docs/threatprevention/7.4/threatprevention/admin/templates/folder/domainpersistence.md

@@ -1,4 +1,8 @@
-# LDAP Folder Templates
+# Infrastructure Templates
+
+This section contains templates for monitoring and protecting infrastructure components.
+
+## LDAP Monitoring {#ldap}
 
 The LDAP folder contains the following templates:
 
@@ -9,3 +13,12 @@ The LDAP folder contains the following templates:
 | LDAP: Sensitive Groups        | This policy will detect LDAP queries targeting sensitive groups, such as Domain Admins, Enterprise Admins, and Schema Admins. Add to and delete from this list of groups in the LDAP Query filter per specific requirements | None |
 | LDAP: Sensitive SPNs          | This policy will detect LDAP queries targeting sensitive Service Principal Names, such as Exchange and SQL Servers. Add to and delete from this list of SPNs in the LDAP Query filter per specific requirements             | None |
 | LDAP: Service Principal Names | Detects attempts to obtain a list of SPN values                                                                                                                                                                             | None |
+
+## Threat Manager Integration {#threat-manager}
+
+The Threat Manager folder contains the following templates:
+
+| Template                   | Description                                                                                                                                                                                                                                | TAGS                                  |
+| -------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------- |
+| Threat Manager for AD      | This is the recommended policy for sending AD Events captured by Threat Prevention to Threat Manager. This policy includes:  Authentication Monitoring, Active Directory Changes, AD Replication Monitoring, and LSASS Guardian - Monitor. | - Threat Manager - NEW v6.1 TEMPLATES |
+| Threat Manager for AD LDAP | This is the recommended policy for sending LDAP events captured by Threat Prevention to Threat Manager for detecting signature queries of LDAP reconnaissance tools. Policy 1: Suspicious Queries Policy 2: Suspicious Attributes Returned | - Threat Manager - NEW v7.1 TEMPLATES |

docs/threatprevention/7.4/threatprevention/admin/templates/folder/ldap.md renamed to docs/threatprevention/7.4/threatprevention/admin/templates/folder/infrastructure-templates.md

@@ -0,0 +1,20 @@
+# Microsoft Platform Templates
+
+This section contains templates for monitoring and protecting Microsoft platform components.
+
+## DNS Monitoring {#dns}
+
+The **Templates** > **Microsoft** > **DNS** folder contains the following template:
+
+| Template           | Description                | TAGS |
+| ------------------ | -------------------------- | ---- |
+| DNS Record Changes | No customizations required | None |
+
+## LSASS Protection {#lsass}
+
+The **Templates** > **Microsoft** > **LSASS** folder contains the following templates:
+
+| Template                 | Description                                                                                 | TAGS |
+| ------------------------ | ------------------------------------------------------------------------------------------- | ---- |
+| LSASS Guardian - Monitor | No customizations required. Detects attempts by other processes to alter the LSASS process  | None |
+| LSASS Guardian - Protect | No customizations required. Prevents attempts by other processes to alter the LSASS process | None |