Restructuring

 - links pointing to fortinet-fortisoar repo
 - Restructured as per agreed upon template
 - Added description to contents
 - Adjusted heading levels

README.md

@@ -1,70 +1,15 @@
-## Release Information
+# Release Information
 
-- Solution Pack Version: 1.0.0
-- Minimum Compatible FortiSOAR™ Version: 7.2.0
-- Authored By: Fortinet
-- Certified: No
+- **Version**:  1.0.0 
+- **Certified**: No 
+- **Publisher**: Fortinet 
+- **Compatible Version**: FortiSOAR v7.2.0 and above
 
-## Overview
+# Overview
 
-### Introduction
+**Lost - Stolen Device Response** Solution Pack provides a set of investigation playbooks to respond to lost or stolen devices information provided by the end-user through email. These emails are typically reported by employees in the organization (sent to a SOC common email inbox).
 
-**Lost / Stolen Device Response Solution Pack** is designed to provide a set of investigation playbooks to respond to lost/stolen devices information provided by the end-user through email. These emails are typically reported by employees in the organization (sent to a SOC common email inbox).
-
-Configure Email ingestion using Connectors such as Microsoft Exchange. Ingestion process creates an alert of type 'Lost/Stolen', and then triggers the response workflow.
-
-Refer to Simulation Scenario - **Device Reported as Lost or Stolen** to experience the use case without any email configuration.
-
-### Usage
-
-Refer to [Simulate Scenario documentation](https://github.com/fortinet-fortisoar/solution-pack-soc-simulator/blob/develop/docs/solution-pack-guide.md) to understand how to Simulate and Reset scenarios.
-
-This Solution Pack ships with the following simulation scenarios. 
-
-**Scenario - Device Reported as Lost or Stolen**
-
-The scenario generates a demo alert of Type 'Lost / Stolen'.
-
-Navigate to the generated alert and observe the following:
-
-- Reported Email contains Device information like Device Owner, Device Type, Device Serial Number etc.
-- Reported Information (sender, email message) is presented for analyzing the case.
-
-**Investigate Lost or Stolen Device Response** : Launch **Investigate Lost or Stolen Device Response** Playbook and observe various investigation activities such as
-
-- Fetching asset details from ServiceNow
-- Creating asset in FortiSOAR
-- Fetching user and manager details from Active Directory
-- Sending the device confirmation detail to the End User and his/her Manager
-- Isolating lost/stolen device using Fortinet FortiEDR
-
-## Prerequisites
-
-|**Solution Pack Name**|**Purpose**|**Doc Link**|
-| :- | :- | :- |
-|SOAR Framework 1.0.0|Require for Incident Response modules|[Click here](https://github.com/fortinet-fortisoar/solution-pack-soar-framework/blob/develop/README.md)|
-|SOC Simulator 1.0.1|Require for Scenario Module and SOC Simulator connector| [Click here](https://github.com/fortinet-fortisoar/solution-pack-soc-simulator/blob/develop/README.md)|
-
-## Contents
-
-1. Connector(s)
-    |**SN**|**Connector Name**|
-    | :- | :- |
-    |1|Microsoft Active Directory|
-    |2|Fortinet FortiEDR|
-    |3|ServiceNow|
-
-     **Warning:** After deployment, this Solution Pack installs or upgrades the stated list of connectors.
-
-2. Record Set(s)
-    - Scenario: Device Reported as Lost or Stolen
-
-3. Playbook Collection(s)
-    - 02 - Use Case - Lost or Stolen Device Response (2):
-
-    |**SN**|**Playbook Name**|**Description**|
-    | :- | :- | :- |
-    |1|Investigate Lost or Stolen Device Response|Investigates lost or stolen devices using ServiceNow and Active Directory.|
-    |2|Generate Alert - Device Lost or Stolen|Generate a device lost/stolen email alert|
-
-     **Warning:** It is recommended to clone these Playbooks before any customizations to avoid loss of information while upgrading the Solution Pack.
+# Next Steps
+solution-pack-lost-or-stolen-device-response
+| [Installation](https://github.com/fortinet-fortisoar/solution-pack-soc-simulator/blob/develop/docs/setup.md#installation) | [Configuration](https://github.com/fortinet-fortisoar/solution-pack-soc-simulator/blob/develop/docs/setup.md#configuration) | [Usage](https://github.com/fortinet-fortisoar/solution-pack-soc-simulator/blob/develop/docs/usage.md) | [Contents](https://github.com/fortinet-fortisoar/solution-pack-soc-simulator/blob/develop/docs/contents.md) |
+|--------------------------------------------|----------------------------------------------|------------------------|------------------------------|

docs/contents.md

@@ -0,0 +1,27 @@
+| [Home](https://github.com/fortinet-fortisoar/solution-pack-lost-or-stolen-device-response
+/blob/develop/README.md) | 
+|--------------------------------------------|
+
+# Contents
+
+1. Connector(s)
+|SN|Connector Name|
+| :- | :- |
+|1|Microsoft Active Directory|
+|2|Fortinet FortiEDR|
+|3|ServiceNow|
+
+**Warning:** After deployment, this Solution Pack installs or upgrades the stated list of connectors.
+
+2. Record Set(s)
+- Scenario: Device Reported as Lost or Stolen
+
+3. Playbook Collection(s)
+- 02 - Use Case - Lost or Stolen Device Response (2):
+
+|SN|Playbook Name|Description|
+| :- | :- | :- |
+|1|Investigate Lost or Stolen Device Response|Investigates lost or stolen devices using ServiceNow and Active Directory.|
+|2|Generate Alert - Device Lost or Stolen|Generate a device lost/stolen email alert|
+
+**Warning:** It is recommended to clone these Playbooks before any customizations to avoid loss of information while upgrading the Solution Pack.

docs/setup.md

@@ -0,0 +1,27 @@
+| [Home](https://github.com/fortinet-fortisoar/solution-pack-lost-or-stolen-device-response
+/blob/develop/README.md) | 
+|--------------------------------------------|
+
+# Installation
+
+1. To install a solution pack, click **Content Hub** > **Discover**.    
+2. From the list of solution pack that appears, search for and select **Lost or Stolen Device Response**.
+3. Click the **Lost or Stolen Device Response** solution pack card.    
+4. Click the **Install** button on the bottom to begin installation. 
+
+## Prerequisites
+
+| Solution Pack Name | Purpose                                                 |
+|:-------------------|:--------------------------------------------------------|
+| SOAR Framework     | Required for Incident Response modules                   |
+| SOC Simulator      | Required for Scenario Module and SOC Simulator connector |
+
+# Configuration
+
+For optimal performance of **Lost or Stolen Device Response** solution pack, you can install and configure: 
+- An email ingestion process to periodically read email from a designated inbox and convert them into alerts in FortiSOAR 
+    - To configure and use MS Exchange for email ingestion, refer to [Configuring Exchange Connector](https://docs.fortinet.com/document/fortisoar/3.4.0/exchange/1/exchange-v3-4-0#Configuring_the_connector)
+- An asset management system to track the issued devices
+    - To configure and use ServiceNow as an asset management system, refer to [Configuring ServiceNow Connector](https://docs.fortinet.com/document/fortisoar/3.1.0/servicenow/134/servicenow-v3-1-0#Configure_Data_Ingestion)
+- An EDR solution to isolate the device
+    - To configure and use Fortinet's FortiEDR as an EDR solution, refer to [Configuring Fortinet FortiEDR Connector](https://docs.fortinet.com/document/fortisoar/1.3.0/fortinet-fortiedr/161/fortinet-fortiedr-v1-3-0#Configure_Data_Ingestion)

docs/usage.md

@@ -0,0 +1,34 @@
+| [Home](https://github.com/fortinet-fortisoar/solution-pack-lost-or-stolen-device-response
+/blob/develop/README.md) | 
+|--------------------------------------------|
+
+# Usage
+
+Refer to [Simulate Scenario documentation](https://github.com/fortinet-fortisoar/solution-pack-soc-simulator/blob/develop/docs/solution-pack-guide.md) to understand how to simulate and reset scenarios. 
+
+To understand the process FortiSOAR follows to respond to phishing emails, we have included a scenario — **Device Reported as Lost or Stolen** with this solution pack. Refer to the section **Device Reported as Lost or Stolen** to understand how this solution pack's automation addresses your needs. 
+
+## Device Reported as Lost or Stolen**
+
+This scenario generates an example alert of type **Lost / Stolen** in FortiSOAR's **Alerts** module.
+
+Navigate to the example alert and observe the following:
+
+- Reported Email contains following device information:
+    - Device Owner
+    - Device Type
+    - Device Serial Number
+- Following reported information is presented for analyzing the case:
+    - sender
+    - email message
+
+## Investigate Lost or Stolen Device Response
+
+Select the alert and launch the playbook **Investigate Lost or Stolen Device Response** to perform following automated tasks:
+
+- Fetch asset details from ServiceNow
+- Create asset in FortiSOAR
+- Fetch user and manager details from Active Directory
+- Send the device confirmation detail to end users and their managers
+- Isolate lost/stolen device using Fortinet FortiEDR
+