Merge pull request #225531 from yelevin/patch-2

Update false-positives.md

Author: prmerger-automator[bot]

articles/sentinel/false-positives.md

@@ -31,7 +31,7 @@ The following table describes characteristics of each method:
 
 |Method|Characteristic|
 |-|-|
-|**Automation rules**|<ul><li>Can apply to several analytics rules.</li><li>Keep an audit trail. Exceptions prevent incident creation, but alerts are still recorded for audit purposes.</li><li>Are often generated by analysts.</li><li>Allow applying exceptions for a limited time. For example, maintenance work might trigger false positives that outside the maintenance timeframe would be true incidents.</li></ul>|
+|**Automation rules**|<ul><li>Can apply to several analytics rules.</li><li>Keep an audit trail. Exceptions immediately and automatically close created incidents, recording the reason for the closure and comments.</li><li>Are often generated by analysts.</li><li>Allow applying exceptions for a limited time. For example, maintenance work might trigger false positives that outside the maintenance timeframe would be true incidents.</li></ul>|
 |**Analytics rules modifications**|<ul><li>Allow advanced boolean expressions and subnet-based exceptions.</li><li>Let you use watchlists to centralize exception management.</li><li>Typically require implementation by Security Operations Center (SOC) engineers.</li><li>Are the most flexible and complete false positive solution, but are more complex.</li></ul>|
 
 ## Add exceptions by using automation rules