Quality updates to rule docs (#2848)

docs/en/rules/Azure.ACR.ContentTrust.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 pillar: Security
-category: Data protection
+category: SE:02 Secured development lifecycle
 resource: Container Registry
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.ACR.ContentTrust/
 ---
@@ -104,7 +104,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2023-08-01-preview' =
 
 ## LINKS
 
-- [Follow best practices for container security](https://learn.microsoft.com/azure/architecture/framework/security/applications-services#follow-best-practices-for-container-security)
+- [SE:02 Secured development lifecycle](https://learn.microsoft.com/azure/well-architected/security/secure-development-lifecycle)
 - [Content trust in Azure Container Registry](https://learn.microsoft.com/azure/container-registry/container-registry-content-trust)
 - [Content trust in Docker](https://docs.docker.com/engine/security/trust/content_trust/)
 - [Overview of customer-managed keys](https://learn.microsoft.com/azure/container-registry/tutorial-customer-managed-keys#before-you-enable-a-customer-managed-key)

docs/en/rules/Azure.ACR.Firewall.md

@@ -94,6 +94,8 @@ resource acr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
 }
 ```
 
+<!-- external:avm avm/res/container-registry/registry publicNetworkAccess -->
+
 ## NOTES
 
 Configuring firewall rules or using private endpoints is only available for the Premium SKU.

docs/en/rules/Azure.ACR.MinSku.md

@@ -121,6 +121,8 @@ resource acr 'Microsoft.ContainerRegistry/registries@2023-01-01-preview' = {
 }
 ```
 
+<!-- external:avm avm/res/container-registry/registry acrSku -->
+
 ## LINKS
 
 - [Target and non-functional requirements](https://learn.microsoft.com/azure/architecture/framework/resiliency/design-requirements)

docs/en/rules/Azure.Firewall.Mode.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 pillar: Security
-category: Network security and containment
+category: SE:10 Monitoring and threat detection
 resource: Firewall
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Firewall.Mode/
 ---
@@ -35,7 +35,7 @@ Alternatively, consider using firewall policies to manage Azure Firewalls at sca
 
 To deploy Azure Firewalls that pass this rule:
 
-- Set the `properties.threatIntelMode` to `Deny`.
+- Set the `properties.threatIntelMode` property to `Deny`.
 
 For example:
 
@@ -58,7 +58,7 @@ For example:
 
 To deploy Azure Firewalls that pass this rule:
 
-- Set the `properties.threatIntelMode` to `Deny`.
+- Set the `properties.threatIntelMode` property to `Deny`.
 
 For example:
 
@@ -77,7 +77,7 @@ resource firewall_classic 'Microsoft.Network/azureFirewalls@2021-05-01' = {
 
 ## LINKS
 
-- [Implement network segmentation patterns on Azure](https://learn.microsoft.com/azure/architecture/framework/security/design-network-segmentation)
+- [SE:10 Monitoring and threat detection](https://learn.microsoft.com/azure/well-architected/security/monitor-threats)
 - [Azure Firewall threat intelligence-based filtering](https://learn.microsoft.com/azure/firewall/threat-intel)
 - [Azure network security overview](https://learn.microsoft.com/azure/security/fundamentals/network-overview#azure-firewall)
 - [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.network/azurefirewalls)

docs/en/rules/Azure.Firewall.PolicyMode.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 pillar: Security
-category: Network security and containment
+category: SE:10 Monitoring and threat detection
 resource: Firewall
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.Firewall.PolicyMode/
 ---
@@ -30,7 +30,7 @@ Consider configuring Azure Firewall to alert and deny IP addresses, domains and
 
 To deploy Azure Firewall polices that pass this rule:
 
-- Set the `properties.threatIntelMode` to `Deny`.
+- Set the `properties.threatIntelMode` property to `Deny`.
 
 For example:
 
@@ -53,7 +53,7 @@ For example:
 
 To deploy Azure Firewall polices that pass this rule:
 
-- Set the `properties.threatIntelMode` to `Deny`.
+- Set the `properties.threatIntelMode` property to `Deny`.
 
 For example:
 
@@ -70,6 +70,8 @@ resource firewallPolicy 'Microsoft.Network/firewallPolicies@2023-04-01' = {
 }
 ```
 
+<!-- external:avm avm/res/network/firewall-policy threatIntelMode -->
+
 ### NOTES
 
 Azure Firewall Premium SKU is required for associating standalone resource firewall policies.
@@ -79,10 +81,10 @@ In order to take advantage of URL filtering with `HTTPS` traffic included in thr
 
 ## LINKS
 
-- [Implement network segmentation patterns on Azure](https://learn.microsoft.com/azure/architecture/framework/security/design-network-segmentation)
+- [SE:10 Monitoring and threat detection](https://learn.microsoft.com/azure/well-architected/security/monitor-threats)
+- [NS-1: Establish network segmentation boundaries](https://learn.microsoft.com/security/benchmark/azure/baselines/azure-firewall-security-baseline#ns-1-establish-network-segmentation-boundaries)
 - [Azure Firewall threat intelligence-based filtering](https://learn.microsoft.com/azure/firewall/threat-intel)
 - [Rule processing logic](https://learn.microsoft.com/azure/firewall/rule-processing#threat-intelligence)
 - [Azure security baseline for Azure Firewall](https://learn.microsoft.com/security/benchmark/azure/baselines/azure-firewall-security-baseline)
-- [NS-1: Establish network segmentation boundaries](https://learn.microsoft.com/security/benchmark/azure/baselines/azure-firewall-security-baseline#ns-1-establish-network-segmentation-boundaries)
 - [Azure network security overview](https://learn.microsoft.com/azure/security/fundamentals/network-overview#azure-firewall)
 - [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.network/firewallpolicies#firewallpolicypropertiesformat)