update formatting and search text

Author: austinmccollum

articles/sentinel/use-matching-analytics-to-detect-threats.md

@@ -80,7 +80,7 @@ If Microsoft's analytics finds a match, any alerts generated are grouped into in
 
 Use the following steps to triage through the incidents generated by the **Microsoft Defender Threat Intelligence Analytics** rule:
 
-1. In the Microsoft Sentinel workspace where you enabled the **Microsoft Defender Threat Intelligence Analytics** rule, select **Incidents**, and search for **Microsoft Threat Intelligence Analytics**.
+1. In the Microsoft Sentinel workspace where you enabled the **Microsoft Defender Threat Intelligence Analytics** rule, select **Incidents**, and search for *Microsoft Defender Threat Intelligence Analytics*.
 
     Any incidents that are found appear in the grid.
 
@@ -94,7 +94,7 @@ Use the following steps to triage through the incidents generated by the **Micro
 
     Alerts are then grouped on a per-observable basis of the indicator. For example, all alerts generated in a 24-hour time period that match the `contoso.com` domain are grouped into a single incident with a severity assigned based on the highest alert severity.
 
-1. Observe the indicator information. When a match is found, the indicator is published to the Log Analytics `ThreatIntelligenceIndicators` table, and it appears on the **Threat Intelligence** page. For any indicators published from this rule, the source is defined as **Microsoft Threat Intelligence Analytics**.
+1. Observe the indicator information. When a match is found, the indicator is published to the Log Analytics `ThreatIntelligenceIndicators` table, and it appears on the **Threat Intelligence** page. For any indicators published from this rule, the source is defined as `Microsoft Threat Intelligence Analytics`.
 
 Here's an example of the `ThreatIntelligenceIndicators` table.