Merge pull request #106446 from memildin/asc-melvyn-vmva

 Updated screenshot. Added to FAQ. Fixed typo.

Author: shawnmariejones

articles/security-center/container-security.md

@@ -30,10 +30,12 @@ This article describes how Security Center helps you improve, monitor, and maint
 For instructions on how to use these features, see [Monitoring the security of your containers](monitor-container-security.md).
 
 ## Vulnerability management - scanning container images
-To monitor your ARM-based Azure Container Registry, ensure you're on Security Center's standard tier (see [pricing](/azure/security-center/security-center-pricing)). Then enable the optional Container Registries bundle. When a new image is pushed, Security Center scans the image using a scanner from the industry-leading vulnerability scanning vendor, Qualys.
+To monitor your ARM-based Azure Container Registry, ensure you're on Security Center's standard tier (see [pricing](/azure/security-center/security-center-pricing)). Then, enable the optional Container Registries bundle. When a new image is pushed, Security Center scans the image using a scanner from the industry-leading vulnerability scanning vendor, Qualys.
 
 When issues are found – by Qualys or Security Center – you’ll get notified in the Security Center dashboard. For every vulnerability, Security Center provides actionable recommendations, along with a severity classification, and guidance for how to remediate the issue. For details of Security Center's recommendations for containers, see the [reference list of recommendations](recommendations-reference.md#recs-containers).
 
+Security Center filters and classifies findings from the scanner. When an image is healthy, Security Center marks it as such. Security Center generates security recommendations only for images that have issues to be resolved. By only notifying when there are problems, Security Center reduces the potential for unwanted informational alerts.
+
 ## Environment hardening
 
 ### Continuous monitoring of your Docker configuration
@@ -57,28 +59,30 @@ AKS provides security controls and visibility into the security posture of your
 
 For details of the relevant Security Center recommendations that might appear for this feature, see the [container section](recommendations-reference.md#recs-containers) of the recommendations reference table.
 
-## Run-time protection - Real-time threat protection
+## Run-time protection - Real-time threat detection
 
-Security Center provides real-time threat protection for your containerized environments and generates alerts for suspicious activities. You can use this information to quickly remediate security issues and improve the security of your containers.
+Security Center provides real-time threat detection for your containerized environments and generates alerts for suspicious activities. You can use this information to quickly remediate security issues and improve the security of your containers.
 
-We detect threats at the host and AKS cluster level. For full details, see [threat protection for Azure containers](threat-protection.md#azure-containers).
+We detect threats at the host and AKS cluster level. For full details, see [threat detection for Azure containers](https://docs.microsoft.com/azure/security-center/security-center-alerts-compute#azure-containers-).
 
 
 ## Container security FAQ
 
 ### What types of images can Azure Security Center scan?
-Security Center scans Linux OS based images which provide shell access. 
+Security Center scans Linux OS based images that provide shell access. 
+
+The Qualys scanner doesn't support super minimalist images such as [Docker scratch](https://hub.docker.com/_/scratch/) images, or "Distroless" images that only contain your application and its runtime dependencies without a package manager, shell, or OS.
 
-The Qualys scanner doesn't support super minimalist images such as [Docker scratch](https://hub.docker.com/_/scratch/) images, or "Distroless" images which only contain your application and its runtime dependencies (without a package manager, shell, or OS).
+### How does Azure Security Center scan an image?
+The image is extracted from the registry. It's then run in an isolated sandbox with the Qualys scanner that extracts a list of known vulnerabilities.
 
-### How does we scan Azure Security Center scan an image?
-The image is extracted from the registry. It's then run in an isolated sandbox with the Qualys scanner which extracts a list of known vulnerabilities.
+Security Center filters and classifies findings from the scanner. When an image is healthy, Security Center marks it as such. Security Center generates security recommendations only for images that have issues to be resolved. By only notifying when there are problems, Security Center reduces the potential for unwanted informational alerts.
 
 ### How often does Azure Security Center scan my images?
 Image scans are triggered on every push.
 
 ### Can I get the scan results via REST API?
-Yes. The results are under [Sub-Assessments Rest API](/rest/api/securitycenter/subassessments/list/). In addition, you can use Azure Resource Graph (ARG), the Kusto-like API for all of your resources: a query can fetch a specific scan.
+Yes. The results are under [Sub-Assessments Rest API](/rest/api/securitycenter/subassessments/list/). Also, you can use Azure Resource Graph (ARG), the Kusto-like API for all of your resources: a query can fetch a specific scan.
 
 
 ## Next steps