meir's comments

batamig · batamig · commit 112ad7e90b14 · 2023-12-10T14:14:46.000+02:00
diff --git a/articles/defender-for-iot/organizations/iot-solution.md b/articles/defender-for-iot/organizations/iot-solution.md
@@ -140,7 +140,7 @@ For more information, see [View alerts on the Defender for IoT portal](how-to-ma
 
 Defender for IoT alert data is streamed to the Microsoft Sentinel and stored in your Log Analytics workspace, in the [SecurityAlert]() table.
 
-Records in the **SecurityAlert** table are created updated each time an alert is generated or updated in Defender for IoT. Sometimes a single alert will have multiple records, such as when the alert was first created and then again when it was updated.
+Records in the **SecurityAlert** table are created each time an alert is generated or updated in Defender for IoT. Sometimes a single alert will have multiple records, such as when the alert was first created and then again when it was updated.
 
 In Microsoft Sentinel, use the following query to check the records added to the **SecurityAlert** table for a single alert:
 
@@ -151,9 +151,9 @@ SecurityAlert
 | sort by TimeGenerated desc
 ```
 
-Updates for alert status or severity generate new records in the **SecurityAlert** table immediately. 
+Updates for alert status or severity generate new records in the **SecurityAlert** table immediately.
 
-For the following types of updates, events are aggregated across 8-12 hours, depending on the alert type, and new records in the **SecurityAlert** table reflect only the latest change.
+Other types of updates are aggregated across 8-12 hours, depending on the alert type, and new records in the **SecurityAlert** table reflect only the latest change. Examples of aggregated updates include:
 
 - Updates in the last detection time, such as when the same alert is detected multiple times
 - A new device is added to an existing alert
diff --git a/articles/defender-for-iot/organizations/whats-new.md b/articles/defender-for-iot/organizations/whats-new.md
@@ -24,7 +24,7 @@ Features released earlier than nine months ago are described in the [What's new
 
 ### Streamlined alert records in the SecurityAlert table
 
-When integrating with Microsoft Sentinel, the Microsoft Sentinel **SecurityAlert** table is now updated immediately only for changes in alert status and severity. Other changes in alerts, such as new devices added to an existing alert, are aggregated over several hours and display only the latest change made.
+When integrating with Microsoft Sentinel, the Microsoft Sentinel **SecurityAlert** table is now updated immediately only for changes in alert status and severity. Other changes in alerts, such as last detection of an existing alert, are aggregated over several hours and display only the latest change made.
 
 For more information, see [Understand multiple records per alert](iot-solution.md#understand-multiple-records-per-alert).
 
