Merge pull request #185254 from lior-tamir/patch-11

PRMerger14 · web-flow · commit 734306c3b40f · 2022-02-27T20:43:40.000+05:30
Update playbook-triggers-actions.md
diff --git a/articles/sentinel/playbook-triggers-actions.md b/articles/sentinel/playbook-triggers-actions.md
@@ -36,15 +36,15 @@ Though the Microsoft Sentinel connector can be used in a variety of ways, the co
 
 | Trigger | Full trigger name in<br>Logic Apps Designer | When to use it | Known limitations 
 | --------- | ------------ | -------------- | -------------- | 
-| **Incident trigger** | "When Microsoft Sentinel incident creation rule was triggered (Preview)" | Recommended for most incident automation scenarios.<br><br>The playbook receives incident objects, including entities and alerts. Using this trigger allows the playbook to be attached to an **Automation rule**, so it can be triggered when an incident is created in Microsoft Sentinel, and all the [benefits of automation rules](./automate-incident-handling-with-automation-rules.md) can be applied to the incident. | Playbooks with this trigger can't be run manually from Microsoft Sentinel.<br><br>Playbooks with this trigger do not support alert grouping, meaning they will receive only the first alert sent with each incident.
-| **Alert trigger** | "When a response to a Microsoft Sentinel alert is triggered" | Advisable for playbooks that need to be run on alerts manually from the Microsoft Sentinel portal, or for **scheduled** analytics rules that don't generate incidents for their alerts. | This trigger cannot be used to automate responses for alerts generated by **Microsoft security** analytics rules.<br><br>Playbooks using this trigger cannot be called by **automation rules**. |
+| **Incident trigger** | "Microsoft Sentinel incident (Preview)" | Recommended for most incident automation scenarios.<br><br>The playbook receives incident objects, including entities and alerts. Using this trigger allows the playbook to be attached to an **Automation rule**, so it can be triggered when an incident is created in Microsoft Sentinel, and all the [benefits of automation rules](./automate-incident-handling-with-automation-rules.md) can be applied to the incident. | Playbooks with this trigger do not support alert grouping, meaning they will receive only the first alert sent with each incident.
+| **Alert trigger** | "Microsoft Sentinel alert" | Advisable for playbooks that need to be run on alerts manually from the Microsoft Sentinel portal, or for **scheduled** analytics rules that don't generate incidents for their alerts. | This trigger cannot be used to automate responses for alerts generated by **Microsoft security** analytics rules.<br><br>Playbooks using this trigger cannot be called by **automation rules**. |
 |
 
 The schemas used by these two flows are not identical. The recommended practice is to use the **Microsoft Sentinel incident trigger** flow, which is applicable to most scenarios.
 
 ### Incident dynamic fields
 
-The **Incident** object received from **When Microsoft Sentinel incident creation rule was triggered** includes the following dynamic fields:
+The **Incident** object received from **Microsoft Sentinel incident** includes the following dynamic fields:
 
 - Incident properties (Shown as "Incident: field name")
 
@@ -81,32 +81,32 @@ The **Incident** object received from **When Microsoft Sentinel incident creatio
 > Use the **Alert - Get Incident** action beforehand to get the **Incident ARM ID**.
 
 ### Update an incident
--  Playbook is triggered **when an incident is created**
+-  Playbook is triggered by **Microsoft Sentinel incident**
 
     ![Incident trigger simple Update flow example](media/playbook-triggers-actions/incident-simple-flow.png)
 
--  Playbook is triggered **when an alert is generated**
+-  Playbook is triggered by **Microsoft Sentinel alert**
 
     ![Alert trigger simple Update Incident flow example](media/playbook-triggers-actions/alert-update-flow.png)
       
 ### Use Incident Information
 
 Basic playbook to send incident details over mail:
--  Playbook is triggered **when an incident is created**
+-  Playbook is triggered by **Microsoft Sentinel incident**
 
     ![Incident trigger simple Get flow example](media/playbook-triggers-actions/incident-simple-mail-flow.png)
 
--  Playbook is triggered **when an alert is generated**
+-  Playbook is triggered by **Microsoft Sentinel alert**
 
     ![Alert trigger simple Get Incident flow example](media/playbook-triggers-actions/alert-simple-mail-flow.png)
 
 ### Add a comment to the incident
 
--  Playbook is triggered **when an incident is created**
+-  Playbook is triggered by **Microsoft Sentinel incident**
 
     ![Incident trigger simple add comment example](media/playbook-triggers-actions/incident-comment.png)
 
--  Playbook is triggered **when an alert is generated**
+-  Playbook is triggered by **Microsoft Sentinel alert**
 
     !["Alert trigger simple add comment example"](media/playbook-triggers-actions/alert-comment.png)
 
