update create relationship and image

austinmccollum · austinmccollum · commit 3b488fc6c5a1 · 2025-01-27T17:14:14.000-06:00
diff --git a/articles/sentinel/media/understand-threat-intelligence/relationship-example.png b/articles/sentinel/media/understand-threat-intelligence/relationship-example.png
diff --git a/articles/sentinel/understand-threat-intelligence.md b/articles/sentinel/understand-threat-intelligence.md
@@ -149,11 +149,15 @@ The following STIX objects are available in Microsoft Sentinel:
 
 ### Create relationships
 
-Establish connections between objects to enhance threat detection and response. Here are some examples of the relationship builder:
+Establish connections between objects to enhance threat detection and response. Here are use cases of the relationship builder:
 
-Connecting Threat Actor to Attack Pattern: The threat actor "APT29" uses the attack pattern "Phishing via Email" to gain initial access.
-Linking Indicator to Threat Actor: An indicator (malicious domain) is attributed to the threat actor "APT29".
-Associating Identity (Victim) with Attack Pattern: The organization "Example Corp" is targeted by the attack pattern "Phishing via Email".
+| Use case | Description |
+|---|---|
+| Connecting Threat Actor to Attack Pattern | The threat actor "APT29" uses the attack pattern "Phishing via Email" to gain initial access.|
+| Linking Indicator to Threat Actor|  An indicator (malicious domain) is attributed to the threat actor "APT29". |
+| Associating Identity (Victim) with Attack Pattern| The organization "Example Corp" is targeted by the attack pattern "Phishing via Email".|
+
+:::image type="content" source="media/understand-threat-intelligence/relationship-example.png" alt-text="Screenshot showing example relationship being built.":::
 
 ### Curate threat intelligence
 
diff --git a/articles/sentinel/work-with-threat-indicators.md b/articles/sentinel/work-with-threat-indicators.md
@@ -58,7 +58,9 @@ For more information on supported STIX objects, see [Understand threat intellige
 
 1. Choose the **Object type**, then fill in the form on the **New TI object** page. Required fields are marked with a red asterisk (*).
 
-1. Select **Add and duplicate** if you want to create more items with the same metadata. Otherwise, select **Add** to create the single item.
+1. Select **Add and duplicate** if you want to create more items with the same metadata. The following image shows the section of each STIX object's metadata that is duplicated. 
+1. Otherwise, select **Add** to create the single item.
+
 
 
 ## Manage threat intelligence 
