Merge pull request #260479 from batamig/patch-381

D4IoT new alert record updates

Author: prmerger-automator[bot]

articles/defender-for-iot/organizations/iot-solution.md

@@ -140,7 +140,7 @@ For more information, see [View alerts on the Defender for IoT portal](how-to-ma
 
 Defender for IoT alert data is streamed to the Microsoft Sentinel and stored in your Log Analytics workspace, in the [SecurityAlert]() table.
 
-Records in the **SecurityAlert** table are created updated each time an alert is generated or updated in Defender for IoT. Sometimes a single alert will have multiple records, such as when the alert was first created and then again when it was updated.
+Records in the **SecurityAlert** table are created each time an alert is generated or updated in Defender for IoT. Sometimes a single alert will have multiple records, such as when the alert was first created and then again when it was updated.
 
 In Microsoft Sentinel, use the following query to check the records added to the **SecurityAlert** table for a single alert:
 
@@ -151,15 +151,14 @@ SecurityAlert
 | sort by TimeGenerated desc
 ```
 
-The following types of updates generate new records in the **SecurityAlert** table:
+Updates for alert status or severity generate new records in the **SecurityAlert** table immediately.
+
+Other types of updates are aggregated across up to 12 hours, and new records in the **SecurityAlert** table reflect only the latest change. Examples of aggregated updates include:
 
-- Updates for alert status or severity
 - Updates in the last detection time, such as when the same alert is detected multiple times
 - A new device is added to an existing alert
 - The device properties for an alert are updated
 
-
-
 ## Next steps
 
 The [Microsoft Defender for IoT](https://azuremarketplace.microsoft.com/marketplace/apps/azuresentinel.azure-sentinel-solution-unifiedmicrosoftsocforot?tab=Overview) solution is a set of bundled, out-of-the-box content that's configured specifically for Defender for IoT data, and includes analytics rules, workbooks, and playbooks.

articles/defender-for-iot/organizations/whats-new.md

@@ -2,7 +2,7 @@
 title: What's new in Microsoft Defender for IoT
 description: This article describes new features available in Microsoft Defender for IoT, including both OT and Enterprise IoT networks, and both on-premises and in the Azure portal.
 ms.topic: whats-new
-ms.date: 11/01/2023
+ms.date: 12/06/2023
 ms.custom: enterprise-iot
 ---
 
@@ -16,6 +16,18 @@ Features released earlier than nine months ago are described in the [What's new
 > Noted features listed below are in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include other legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 >
 
+## December 2023
+
+|Service area  |Updates  |
+|---------|---------|
+| **OT networks** | [Updated security stack integration guidance](#updated-security-stack-integration-guidance)|
+
+### Streamlined alert records in the SecurityAlert table
+
+When integrating with Microsoft Sentinel, the Microsoft Sentinel **SecurityAlert** table is now updated immediately only for changes in alert status and severity. Other changes in alerts, such as last detection of an existing alert, are aggregated over several hours and display only the latest change made.
+
+For more information, see [Understand multiple records per alert](iot-solution.md#understand-multiple-records-per-alert).
+
 ## November 2023
 
 |Service area  |Updates  |