From 22300918ca404349c01813c08a4682dbc611e057 Mon Sep 17 00:00:00 2001
From: Batami Gold <26892178+batamig@users.noreply.github.com>
Date: Mon, 6 Jan 2025 15:17:00 +0200
Subject: [PATCH 1/2] adding what's new for unified soc opts

---
 unified-secops-platform/whats-new.md | 30 ++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/unified-secops-platform/whats-new.md b/unified-secops-platform/whats-new.md
index 9707c2c410..ea36c7669c 100644
--- a/unified-secops-platform/whats-new.md
+++ b/unified-secops-platform/whats-new.md
@@ -20,6 +20,36 @@ ms.topic: concept-article
 
 This article lists recent features added into Microsoft's unified SecOps platform within the Microsoft Defender portal, and new features in related services that provide an enhanced user experience in the platform.
 
+## January 2024
+
+[SOC optimization updates for unified coverage management](#soc-optimization-updates-for-unified-coverage-management)
+
+### SOC optimization updates for unified coverage management
+
+In workspaces enabled for unified security operations, SOC optimziations now support both SIEM and XDR data, with detection coverage from across Microsoft Defender services. 
+
+In the Defender portal, the **SOC optimizations** and **MITRE ATT&CK** pages also now provide extra functionality for threat-based coverage optimiations to help you understand the impact of the recommendations on your environment and help you prioritize which to implement first.
+
+Enhancements on the SOC optimizations **Overview** page include:
+
+- A **High**, **Medium**, or **Low** score for your current detection coverage. This sort of scoring can help you decide which recommendations to prioritize at a glance.
+- An indication of the number of active Microsoft Defender products (services) out of all available products. This helps you understand whether there's a whole product that you're missing in your environment.
+
+Optimizations on an optimization details side pane, shown when you drill down to a specific optimization, include:
+
+- Detailed coverage analysis, including the number of user-defined detections, response actions, and products you have active
+- Detailed spider charts that show your coverage across different threat categories, for both user-defined and out-of-the-box detections.
+- An option to jump to the specific threat scenario in the **MITRE ATT&CK** page instead of viewing MITRE ATT&CK coverage only in the side pane.
+- An option to **View full threat scenario** to drill down to even further details about the security products and detections available to provide security coverage in your environment. 
+
+Enhancements for **MITRE ATT&CK** functionality include:
+
+- A new toggle to view coverage by threat scenario. If you've jumped to the **MITRE ATT&CK** page from either a recommendation details side pane or from the **View full threat scenario** page, the **MITRE ATT&CK** page is pre-filtered for your threat scenario.
+
+- The technique details pane, shown on the side when you select a specific MITRE ATT&CK technique, now shows the number of active detections out of all available detections for that technique.
+
+For more information, see [Optimize your security operations](/azure/sentinel/soc-optimization/soc-optimization-access?toc=%2Funified-secops-platform%2Ftoc.json&bc=%2Funified-secops-platform%2Fbreadcrumb%2Ftoc.json&tabs=defender-portal) and [Understand security coverage by the MITRE ATT&CK framework](/azure/sentinel/mitre-coverage).
+
 ## December 2024
 
 - [New SOC optimization recommendations based on similar organizations (Preview)](#new-soc-optimization-recommendations-based-on-similar-organizations-preview)

From cbec2e1fbedbd536ef531eb6b430e204fe9d39df Mon Sep 17 00:00:00 2001
From: Batami Gold <26892178+batamig@users.noreply.github.com>
Date: Mon, 6 Jan 2025 15:18:52 +0200
Subject: [PATCH 2/2] fixing toc

---
 unified-secops-platform/TOC.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/unified-secops-platform/TOC.yml b/unified-secops-platform/TOC.yml
index fb27a36e5b..5d0d496911 100644
--- a/unified-secops-platform/TOC.yml
+++ b/unified-secops-platform/TOC.yml
@@ -70,7 +70,7 @@
         - name: Automated investigation and response in Microsoft Defender XDR
           href: /defender-xdr/m365d-autoir?toc=/unified-secops-platform/toc.json&bc=/unified-secops-platform/breadcrumb/toc.json
     - name: Optimize your security operations 
-      href: /azure/sentinel/soc-optimization/soc-optimization-access?toc=/unified-secops-platform/toc.json&bc=/unified-secops-platform/breadcrumb/toc.json
+      href: /azure/sentinel/soc-optimization/soc-optimization-access?toc=/unified-secops-platform/toc.json&bc=/unified-secops-platform/breadcrumb/toc.json&tabs=defender-portal
     - name: Manage your unified SOC
       items:
         - name: Manage multiple tenants