Committing updates. (#438)

Author: jmikell821

docs/detections/api/rules/rules-api-create.asciidoc

@@ -3,13 +3,13 @@
 
 Creates a new detection rule.
 
-You can create these types of rules:
+You can create the following types of rules:
 
-* *Query rules*: Searches the defined indices and creates an alert when
+* *Custom query*: Searches the defined indices and creates an alert when
 a document matches the rule's KQL query.
-* *EQL*: Searches the defined indices and creates an alert when results match an
+* *Event correlation*: Searches the defined indices and creates an alert when results match an
 {ref}/eql.html[Event Query Language (EQL)] query.
-* *Threshold rules*: Searches the defined indices and creates an alert when the
+* *Threshold*: Searches the defined indices and creates an alert when the
 number of times the specified field's value meets the threshold during a single
 execution. When there are multiple values that meet the threshold, an alert is
 generated for each value.
@@ -19,7 +19,7 @@ alert is generated for every source IP address that appears in at least 10 of
 the rule's search results. If you're interested, see
 {ref}/search-aggregations-bucket-terms-aggregation.html[Terms Aggregation] for
 more information.
-* *Threat match*: Creates an alert when fields match values defined in the
+* *Indicator match*: Creates an alert when fields match values defined in the
 specified {ref}/indices-create-index.html[{es} index]. For example, you can
 create an index for IP addresses and use this index to create an alert whenever
 an event's `destination.ip` equals a value in the index. The index's field
@@ -138,7 +138,7 @@ specified field.
 |==============================================
 
 [[req-fields-query-threshold]]
-===== Required field for query, threat-match and threshold rules
+===== Required field for query, indicator match and threshold rules
 
 [width="100%",options="header"]
 |==============================================

docs/detections/detections-ui-exceptions.asciidoc

@@ -104,15 +104,14 @@ image::images/exception-histogram.png[]
 [role="screenshot"]
 image::images/more-action-button.png[]
 +
-The *Add Rule Exception* window opens (via Alerts table).
+The *Add Rule Exception* window opens (via the Alerts table).
 +
 [role="screenshot"]
 image::images/add-exception-ui.png[]
 . Add conditions that define when the exception prevents alerts. You can define
 multiple conditions with `OR` and `AND` relationships. In the example above,
 the exception prevents the rule from generating alerts when the
-`maintenance.exe` process runs on `win-server-1`, `win-server-2`, or
-`win-server-3`.
+`svchost.exe` process runs on agent hostname `siem-kibana`.
 +
 [IMPORTANT]
 ============
@@ -136,7 +135,7 @@ is only available when adding exceptions via the Alerts table.
 * *Close all alerts that match this exception and were generated by this rule*:
 Closes all alerts that match the exception's conditions and were generated only by the current rule.
 +
-. Click *Add Exception*.
+. Click *Add Rule Exception*.
 
 [float]
 [[endpoint-rule-exceptions]]
@@ -182,9 +181,9 @@ NOTE: <<ex-nested-conditions>> describes when nested conditions are required.
 
 . You can select any of the following:
 
-* _Close this alert_: Closes the alert when the exception is added. This option
+* *Close this alert*: Closes the alert when the exception is added. This option
 is only available when adding exceptions via the Alerts table.
-* _Close all alerts that match this exception, including alerts generated by other rules_:
+* *Close all alerts that match this exception, including alerts generated by other rules*:
 Closes all alerts that match the exception's conditions.
 
 . Click *Add Exception*.