add links

yoninalmsft · yoninalmsft · commit 7f1650bb323e · 2022-08-04T09:32:46.000+03:00
diff --git a/articles/defender-for-iot/device-builders/concept-event-aggregation.md b/articles/defender-for-iot/device-builders/concept-event-aggregation.md
@@ -142,16 +142,16 @@ The data collected on each package includes:
 |**Version**     |  The package version.       |
 |**Vendor**     |    The package's vendor, which is the **Maintainer** field in deb packages.     |
 
+> [!NOTE]
+> The SBoM collector currently only collects the first 500 packages ingested.
+
 ## Event aggregation for Process and Network collectors
 
 How event aggregation works for the [Process events](#process-events-event-based-collector) and [Network Activity events](#network-activity-events-event-based-collector):
 
-Defender for IoT agents aggregate events during the send interval defined in the message frequency configuration for each collector, such as  **Process_MessageFrequency** or **NetworkActivity_MessageFrequency**.  Once the send interval period has passed, the agent sends the aggregated events to the Azure cloud for further analysis. The aggregated events are stored in memory until being sent to the Azure cloud.
+Defender for IoT agents aggregate events during the send interval defined in the message frequency configuration for each collector, such as [**Process_MessageFrequency**](concept-micro-agent-configuration.md#process-collector-specific-settings) or [**NetworkActivity_MessageFrequency**](concept-micro-agent-configuration.md#network-activity-collector-specific-settings). Once the send interval period has passed, the agent sends the aggregated events to the Azure cloud for further analysis. The aggregated events are stored in memory until being sent to the Azure cloud.
 
-When the agent collects similar events to the ones that are already stored in memory, this causes the agent to increase the hit count of this specific event to reduce the memory footprint of the agent. When the aggregation time window passes, the agent sends the hit count of each type of event that occurred. Event aggregation is the aggregation of the hit counts of similar events. For example, network activity with the same remote host and on the same port, is aggregated as one event, instead of as a separate event for each packet.
-
-> [!NOTE]
-> The SBoM collector currently only collects the first 500 packages ingested.
+When the agent collects similar events to the ones that are already stored in memory, the agent will increase the hit count of this specific event to reduce the memory footprint of the agent. When the aggregation time window passes, the agent sends the hit count of each type of event that occurred. Event aggregation is the aggregation of the hit counts of similar events. For example, network activity with the same remote host and on the same port, is aggregated as one event, instead of as a separate event for each packet.
 
 ## Next steps
 
