Merge pull request #54309 from KenMAG/rename-update-KenMAG

Updated to maintain module freshness.

Author: Stacyrch140

learn-pr/wwl-sci/use-entity-behavior-analytics-azure-sentinel/1-introduction.yml

@@ -4,7 +4,7 @@ title: Introduction
 metadata:
   title: Introduction
   description: "Introduction"
-  ms.date: 06/30/2022
+  ms.date: 04/19/2026
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/use-entity-behavior-analytics-azure-sentinel/2-understand-user-entity-behavior-analytics.yml

@@ -4,7 +4,7 @@ title: Understand behavioral analytics
 metadata:
   title: Understand behavioral analytics
   description: "Understand behavioral analytics"
-  ms.date: 06/30/2022
+  ms.date: 04/19/2026
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/use-entity-behavior-analytics-azure-sentinel/3-explore-entities.yml

@@ -4,7 +4,7 @@ title: Explore entities
 metadata:
   title: Explore entities
   description: "Explore entities"
-  ms.date: 06/30/2022
+  ms.date: 04/19/2026
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/use-entity-behavior-analytics-azure-sentinel/4-display-entity-behavior-information.yml

@@ -4,7 +4,7 @@ title: Display entity behavior information
 metadata:
   title: Display entity behavior information
   description: "Display entity behavior information"
-  ms.date: 06/30/2022
+  ms.date: 04/19/2026
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/use-entity-behavior-analytics-azure-sentinel/4a-use-anomaly-detection-analytical-rule-templates.yml

@@ -4,7 +4,7 @@ title: Use Anomaly detection analytical rule templates
 metadata:
   title: Use Anomaly detection analytical rule templates
   description: "Use Anomaly detection analytical rule templates"
-  ms.date: 06/30/2022
+  ms.date: 04/19/2026
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/use-entity-behavior-analytics-azure-sentinel/5-knowledge-check.yml

@@ -4,7 +4,7 @@ title: Module assessment
 metadata:
   title: Module assessment
   description: "Knowledge check"
-  ms.date: 06/30/2022
+  ms.date: 04/19/2026
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit
@@ -21,32 +21,32 @@ quiz:
     choices:
     - content: "Data elements"
       isCorrect: true
-      explanation: "Correct.  The data elements include such things as Accounts, IP Addresses, Hosts"
+      explanation: "Correct. The data elements include such things as Accounts, IP Addresses, Hosts"
     - content: "Tables"
       isCorrect: false
-      explanation: "Incorrect.  Data elements are derived from the fields in tables."
+      explanation: "Incorrect. Data elements are derived from the fields in tables."
     - content: "Alerts"
       isCorrect: false
-      explanation: "Incorrect.  Alerts can be connected to Entities."
+      explanation: "Incorrect. Alerts can be connected to Entities."
   - content: "In the timeline of the Entity page, what type of items are an aggregation of notable events relating to the entity?"
     choices:
     - content: "Alerts"
       isCorrect: false
-      explanation: "Incorrect.  Activities are the aggregation of events."
+      explanation: "Incorrect. Activities are the aggregation of events."
     - content: "Activities"
       isCorrect: true
       explanation: "Correct. Activities are the aggregation of events."
     - content: "Bookmarks"
       isCorrect: false
-      explanation: "Incorrect.  Activities are the aggregation of events."
-  - content: "When you're viewing the investigation graph, what option will show Entity Behavior information?"
+      explanation: "Incorrect. Activities are the aggregation of events."
+  - content: "When you're viewing the investigation graph, what option shows Entity Behavior information?"
     choices:
     - content: "Entities"
       isCorrect: false
-      explanation: "Incorrect.  Insights will display Entity Behavior information."
+      explanation: "Incorrect. Insights display Entity Behavior information."
     - content: "Timeline"
       isCorrect: false
-      explanation: "Incorrect.  Insights will display Entity Behavior information."
+      explanation: "Incorrect. Insights display Entity Behavior information."
     - content: "Insights"
       isCorrect: true
-      explanation: "Correct.  Insights will display Entity Behavior information."
+      explanation: "Correct. Insights display Entity Behavior information."

learn-pr/wwl-sci/use-entity-behavior-analytics-azure-sentinel/6-summary-resources.yml

@@ -4,7 +4,7 @@ title: Summary and resources
 metadata:
   title: Summary and resources
   description: "Summary and resources"
-  ms.date: 06/30/2022
+  ms.date: 04/19/2026
   author: wwlpublish
   ms.author: kelawson
   ms.topic: unit

learn-pr/wwl-sci/use-entity-behavior-analytics-azure-sentinel/includes/2-understand-user-entity-behavior-analytics.md

@@ -1,12 +1,12 @@
-Identifying threats inside your organization and their potential impact - whether a compromised entity or a malicious insider - has always been a time-consuming and labor-intensive process. When you're sifting through alerts, connecting the dots, and actively hunting, it adds up to massive amounts of time and effort expended with minimal returns. And, the possibility of sophisticated threats evading discovery. Elusive threats like zero-day, targeted, and advanced persistent threats can be the most dangerous to your organization, making their detection all the more critical.
+Identifying threats inside your organization and their potential impact - whether a compromised entity or a malicious insider - is a time-consuming and labor-intensive process. When you're sifting through alerts, connecting the dots, and actively hunting, it adds up to massive amounts of time and effort expended with minimal returns. And, the possibility of sophisticated threats evading discovery. Elusive threats like zero-day, targeted, and advanced persistent threats can be the most dangerous to your organization, making their detection all the more critical.
 
 The Entity Behavior capability in Microsoft Sentinel eliminates the drudgery from your analysts’ workloads, and the uncertainty from their efforts. The Entity Behavior capability delivers high-fidelity and actionable intelligence, so they can focus on investigation and remediation.
 
-As Microsoft Sentinel collects logs and alerts from all the connected data sources, it analyzes and builds baseline behavioral profiles of your organization’s entities (users, hosts, IP addresses, applications etc.). The analysis is across the time and peer group horizon. Microsoft Sentinel uses various techniques and machine learning capabilities, and can then identify anomalous activity and help you determine if an asset has been compromised. Not only that, but it can also figure out the relative sensitivity of particular assets, identify peer groups of assets, and evaluate the potential impact of any given compromised asset (its “blast radius”). Armed with this information, you can effectively prioritize your investigation and incident handling.
+As Microsoft Sentinel collects logs and alerts from all the connected data sources, it analyzes and builds baseline behavioral profiles of your organization’s entities (users, hosts, IP addresses, applications, etc.). The analysis is across the time and peer group horizon. Microsoft Sentinel uses various techniques and machine learning capabilities, and can then identify anomalous activity and help you determine if an asset is compromised. Not only that, but it can also figure out the relative sensitivity of particular assets, identify peer groups of assets, and evaluate the potential impact of any given compromised asset (its "blast radius"). Armed with this information, you can effectively prioritize your investigation and incident handling.
 
 ### Architecture overview
 
-:::image type="content" source="../media/entity-behavior-1.png" alt-text="Diagram of the E U B A architecture overview.":::
+:::image type="content" source="../media/entity-behavior-1.png" alt-text="Diagram of the UEBA architecture overview.":::
 
 ### Security-driven analytics
 
@@ -18,7 +18,7 @@ Microsoft adopted Gartner’s paradigm for UEBA solutions, Microsoft Sentinel pr
 
 **Analytics:** Microsoft Sentinel uses machine learning (ML) algorithms, and identifies anomalous activities that presents evidence clearly and concisely in the form of contextual enrichments. See the examples below.
 
-:::image type="content" source="../media/entity-behavior-2.png" alt-text="Image of Security Driven Analytics enrichment.":::
+:::image type="content" source="../media/entity-behavior-2.png" alt-text="Diagram showing security-driven analytics enrichment examples in Microsoft Sentinel.":::
 
 Microsoft Sentinel presents artifacts that help your security analysts get a clear understanding of anomalous activities in context, and in comparison with the user's baseline profile. Actions performed by a user (or a host, or an address) are evaluated contextually, where a "true" outcome indicates an identified anomaly:
 
@@ -30,9 +30,9 @@ Microsoft Sentinel presents artifacts that help your security analysts get a cle
 
 - As compared to organization's behavior.
 
-:::image type="content" source="../media/entity-behavior-3.png" alt-text="image showing the E U B A Context rings.":::
+:::image type="content" source="../media/entity-behavior-3.png" alt-text="Diagram showing the UEBA context rings used to evaluate user activity.":::
 
 ### Scoring
 
-Each activity is scored with “Investigation Priority Score”. The score determines the probability of a specific user performing a specific activity based on behavioral learning of the user and their peers. Activities identified as the most abnormal receive the highest scores (on a scale of 0-10).
+Each activity is scored with "Investigation Priority Score". The score determines the probability of a specific user performing a specific activity based on behavioral learning of the user and their peers. Activities identified as the most abnormal receive the highest scores (on a scale of 0-10).
 

learn-pr/wwl-sci/use-entity-behavior-analytics-azure-sentinel/includes/3-explore-entities.md

@@ -1,10 +1,10 @@
-When alerts are sent to Microsoft Sentinel, they include data elements that Microsoft Sentinel identifies and classifies as entities, such as user accounts, hosts, IP addresses and others. On occasion, this identification can be a challenge, if the alert doesn't contain sufficient information about the entity.
+When alerts are sent to Microsoft Sentinel, they include data elements that Microsoft Sentinel identifies and classifies as entities, such as user accounts, hosts, IP addresses, and others. On occasion, this identification can be a challenge, if the alert doesn't contain sufficient information about the entity.
 
 For example, user accounts can be identified in more than one way: using a Microsoft Entra account’s numeric identifier (GUID), or its User Principal Name (UPN) value, or alternatively, using a combination of its username and its NT domain name. Different data sources can identify the same user in different ways. Therefore, whenever possible, Microsoft Sentinel merges those identifiers into a single entity, so that it can be properly identified.
 
 It can happen, though, that one of your resource providers creates an alert in which an entity isn't sufficiently identified - for example, a user name without the domain name context. In such a case, the user entity can't be merged with other instances of the same user account, which would be identified as a separate entity, and those two entities would remain separate instead of unified.
 
-In order to minimize the risk of this happening, you should verify that all of your alert providers properly identify the entities in the alerts they produce. Additionally, synchronizing user account entities with Microsoft Entra ID may create a unifying directory, which will be able to merge user account entities.
+In order to minimize the risk of this happening, you should verify that all of your alert providers properly identify the entities in the alerts they produce. Additionally, synchronizing user account entities with Microsoft Entra ID may create a unifying directory, which is able to merge user account entities.
 
 The following types of entities are currently identified in Microsoft Sentinel:
 
@@ -48,7 +48,7 @@ The following types of entities are currently identified in Microsoft Sentinel:
 
 ### Entity pages
 
-When you encounter any entity (currently limited to users and hosts) in a search, an alert, or an investigation, you can select the entity and be taken to an **entity page**, a datasheet full of useful information about that entity. The types of information you'll find on this page include basic facts about the entity, a timeline of notable events related to this entity and insights about the entity's behavior.
+When you encounter any entity (currently limited to users and hosts) in a search, an alert, or an investigation, you can select the entity and be taken to an **entity page**, a datasheet full of useful information about that entity. The types of information you find on this page include basic facts about the entity, a timeline of notable events related to this entity and insights about the entity's behavior.
 
 Entity pages consist of three parts:
 
@@ -60,7 +60,7 @@ Entity pages consist of three parts:
 
 ### The timeline
 
-:::image type="content" source="../media/entity-behavior-4.png" alt-text="Screen shot of an Entity Behavior timeline.":::
+:::image type="content" source="../media/entity-behavior-4.png" alt-text="Screenshot of an entity behavior timeline in Microsoft Sentinel.":::
 
 The timeline is a major part of the entity page's contribution to behavior analytics in Microsoft Sentinel. It presents a story about entity-related events, helping you understand the entity's activity within a specific time frame.
 

learn-pr/wwl-sci/use-entity-behavior-analytics-azure-sentinel/includes/6-summary-resources.md

@@ -1,4 +1,4 @@
-You should have learned how to use entity behavior analytics in Microsoft Sentinel to identify threats inside your organization.
+You learned how to use entity behavior analytics in Microsoft Sentinel to identify threats inside your organization.
 
 You should now be able to:
 
@@ -10,6 +10,6 @@ You should now be able to:
 
 You can learn more by reviewing the following.
 
-[Become a Microsoft Sentinel Ninja](https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310?azure-portal=true)
+[Become a Microsoft Sentinel Ninja](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/become-a-microsoft-sentinel-ninja-the-complete-level-400/ba-p/1246310?azure-portal=true)
 
 [Microsoft Tech Community Security Webinars](https://techcommunity.microsoft.com/t5/microsoft-security-and/security-community-webinars/ba-p/927888?azure-portal=true)