Update customize-alert-details.md

yelevin · web-flow · commit 9371053e9738 · 2024-06-25T00:16:35.000+03:00
diff --git a/articles/sentinel/customize-alert-details.md b/articles/sentinel/customize-alert-details.md
@@ -66,21 +66,21 @@ Follow the procedure detailed below to use the alert details feature. These step
 
     1. To override more default properties, select **+ Add new** and repeat the previous step. The following properties can be overridden:
 
-        |Name  |Description  |
-        |---------|---------|
-        |**AlertName**     |    String     |
-        |**Description**     | String        |
-        |**AlertSeverity**     | One of the following values: <br>- **Informational**<br>- **Low**<br>- **Medium**<br>- **High**        |
-        |**Tactics**     |    One of the following values: <br>- **Reconnaissance**<br>- **ResourceDevelopment**<br>- **InitialAccess**<br>-         **Execution**<br>        - **Persistence**<br>-        **PrivilegeEscalation**<br>-        **DefenseEvasion**<br>-        **CredentialAccess** <br>- **Discovery**<br>        - **LateralMovement**<br>-        **Collection**<br>-        **Exfiltration**<br>-        **CommandAndControl**<br>-        **Impact**<br> - **PreAttack**<br>- **ImpairProcessControl**<br>- **InhibitResponseFunction**     |
-        |**Techniques** (Preview)     | A string that matches the following regular expression: `^T(?<Digits>\d{4})$`. <br>For example: **T1234**        |
-        |**AlertLink** (Preview)     |  String       |
-        |**ConfidenceLevel** (Preview)     | One of the following values: <br>-  **Low**<br>- **High**<br>- **Unknown**      |
-        |**ConfidenceScore** (Preview)     | Integer, between **0**-**1** (inclusive)     |
-        |**ExtendedLinks** (Preview)     |  String       |
-        |**ProductComponentName** (Preview)     |   String      |
-        |**ProductName** (Preview)     |   String      |
-        |**ProviderName** (Preview)     |   String      |
-        |**RemediationSteps** (Preview)     |    String     |
+        | Name | Description |
+        | ---- | ----------- |
+        | **AlertName**                      | String |
+        | **Description**                    | String |
+        | **AlertSeverity**                  | One of the following values: <br>- **Informational**<br>- **Low**<br>- **Medium**<br>- **High** |
+        | **Tactics**                        | One of the following values: <br>- **Reconnaissance**<br>- **ResourceDevelopment**<br>- **InitialAccess**<br>- **Execution**<br>- **Persistence**<br>- **PrivilegeEscalation**<br>- **DefenseEvasion**<br>- **CredentialAccess**<br>- **Discovery**<br>- **LateralMovement**<br>- **Collection**<br>- **Exfiltration**<br>- **CommandAndControl**<br>- **Impact**<br>- **PreAttack**<br>- **ImpairProcessControl**<br>- **InhibitResponseFunction** |
+        | **Techniques** (Preview)           | A string that matches the following regular expression: `^T(?<Digits>\d{4})$`. <br>For example: **T1234** |
+        | **AlertLink** (Preview)            | String |
+        | **ConfidenceLevel** (Preview)      | One of the following values: <br>- **Low**<br>- **High**<br>- **Unknown** |
+        | **ConfidenceScore** (Preview)      | Integer, between **0**-**1** (inclusive) |
+        | **ExtendedLinks** (Preview)        | String |
+        | **ProductComponentName** (Preview) | String |
+        | **ProductName** (Preview)          | String |
+        | **ProviderName** (Preview)         | String |
+        | **RemediationSteps** (Preview)     | String |
     
     If you change your mind, or if you made a mistake, you can remove an alert detail by clicking the trash can icon next to the **Alert property/Value** pair, or delete the free text from the **Alert Name/Description Format** fields.
 
@@ -89,7 +89,10 @@ Follow the procedure detailed below to use the alert details feature. These step
    > [!NOTE]
    > 
    > **Service limits**
-   > - The combined size limit for all alert details and [custom details](surface-custom-details-in-alerts.md), collectively, is **64 KB**.
+   > - You can override a field with **up to 50 values**. Values past the 50th are dropped.
+   > - The size limit for the AlertName field, and any other non-collection properties, is **256 bytes**.
+   > - The size limit for the Description field, and any other collection properties, is **5 KB**.
+   > - Values exceeding the size limits are dropped.
 
 ## Next steps
 
