Update sentinel-guidance.md

Updating sentinel guidance
wagov · Apr 23, 2024 · 75c5b0b · 75c5b0b
1 parent 52dc9ec
commit 75c5b0b
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/docs/onboarding/sentinel-guidance.md b/docs/onboarding/sentinel-guidance.md
@@ -17,7 +17,7 @@ Below is a rapid approach to get Microsoft workloads covered rapidly using Senti
 1. [Microsoft 365 Defender XDR connector](https://learn.microsoft.com/en-us/azure/sentinel/data-connectors/microsoft-365-defender)
     1. [Microsoft Defender for Office 365](https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/step-by-step-guides/step-by-step-guide-overview?view=o365-worldwide)
     1. [Microsoft Defender for Identity](https://learn.microsoft.com/en-us/defender-for-identity/quick-installation-guide)
-    1. [Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mde-planning-guide?view=o365-worldwide)
+    1. [Microsoft Defender for Endpoint](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mde-planning-guide?view=o365-worldwide) (including [Attack Surface Reduction](https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction?view=o365-worldwide))
     1. [Connect Microsoft Defender for Cloud (servers)](https://learn.microsoft.com/en-us/azure/sentinel/connect-defender-for-cloud)
 1. [Microsoft Entra ID (formerley AAD)](https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory)
 
@@ -37,11 +37,11 @@ Steps 1-3 should be straightforward to complete under E5/A5 licencing. Once tele
 
 [Create incidents based on events from systems whose logs are not ingested into Microsoft Sentinel.](https://learn.microsoft.com/en-us/azure/sentinel/create-incident-manually)
 
-The above guide supports the below incident creation flows from third party systems:
+The above guide supports the below incident creation flows from third party systems (ideally for these integrations aim to ensure that **classification**, **severity** are set and related incidents are grouped):
 
 - [Create an incident using Azure Logic Apps](https://learn.microsoft.com/en-us/azure/sentinel/create-incident-manually#create-an-incident-using-azure-logic-apps)
-    - Create incident with Microsoft Form
-    - Create incident from shared email inbox
+    - [Create Incidents with Email](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Create%20Incidents%20with%20Email)
+    - [Create Incidents from Webhook (HTTP)](https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Create%20Incidents%20From%20Http)
 - [Create an incident using the Microsoft Sentinel API](https://learn.microsoft.com/en-us/azure/sentinel/create-incident-manually#create-an-incident-using-the-microsoft-sentinel-api)
 
 Including **severity**, **classification** and **mitre tactic / technique** attributes helps the WASOC triage and prioritise incidents.