resolve blocking issues

Author: austinmccollum

articles/sentinel/use-matching-analytics-to-detect-threats.md

@@ -42,7 +42,7 @@ Matching analytics is configured when you enable the **Microsoft Threat Intellig
 
 1. Click **Review** > **Create**.
 
-:::image type="content" source="media/use-matching-analytics-to-detect-threats/configure-matching-analytics-rule.png" alt-text="A screenshot showing the Microsoft Threat Intelligence Analytics rule enable in the Active rules tab.":::
+:::image type="content" source="media/use-matching-analytics-to-detect-threats/configure-matching-analytics-rule.png" alt-text="A screenshot showing the Microsoft Threat Intelligence Analytics rule enabled in the Active rules tab.":::
 
 Alerts are grouped on a per-observable basis. For example, all alerts generated in a 24-hour time period that match the `contoso.com` domain are grouped into a single incident with the appropriate severity.
 
@@ -72,17 +72,17 @@ Use the following steps to triage through the incidents generated by the **Micro
 
     For example:
 
-    :::image type="content" source="media/work-with-threat-indicators/matching-analytics.png" alt-text="Sample matched analytics details.":::
+    :::image type="content" source="media/work-with-threat-indicators/matching-analytics.png" alt-text="Screenshot of incident generated by matching analytics with details pane.":::
 
 When a match is found, the indicator is also published to the Log Analytics **ThreatIntelligenceIndicators**, and displayed in the **Threat Intelligence** page. For any indicators published from this rule, the source is defined as **Microsoft Threat Intelligence Analytics**.
 
 For example, in the **ThreatIntelligenceIndicators** log:
 
-:::image type="content" source="media/work-with-threat-indicators/matching-analytics-logs.png" alt-text="Matching analytics displayed in the ThreatIntelligenceIndicators log.":::
+:::image type="content" source="media/work-with-threat-indicators/matching-analytics-logs.png" alt-text="Screenshot of ThreatIntelligenceIndicator table in Log Analytics showing recent indicator with SourceSystem of Microsoft Threat Intelligence Analytics.":::
 
 In the **Threat Intelligence** page:
 
-:::image type="content" source="media/work-with-threat-indicators/matching-analytics-threat-intelligence.png" alt-text="Matching analytics displayed in the Threat Intelligence page.":::
+:::image type="content" source="media/work-with-threat-indicators/matching-analytics-threat-intelligence.png" alt-text="Screenshot of the Threat Intelligence overview with an indicator selecting showing the details pain and the source as Microsoft Threat Intelligence Analytics.":::
 
 
 ## Next steps

articles/sentinel/use-threat-indicators-in-analytics-rules.md

@@ -35,11 +35,11 @@ Below is an example of how to enable and configure a rule to generate security a
 
 1. Find the rule titled **TI map IP entity to AzureActivity** and ensure you have connected all the required data sources as shown below.
 
-    :::image type="content" source="media/work-with-threat-indicators/threat-intel-required-data-sources.png" alt-text="Required data sources":::
+    :::image type="content" source="media/work-with-threat-indicators/threat-intel-required-data-sources.png" alt-text="Screenshot of required data sources for the TI map IP entity to AzureActivity analytics rule.":::
 
 1. Select the **TI map IP entity to AzureActivity** rule and then select **Create rule** to open a rule configuration wizard. Configure the settings in the wizard and then select **Next: Set rule logic >**.
 
-    :::image type="content" source="media/work-with-threat-indicators/threat-intel-create-analytics-rule.png" alt-text="Create analytics rule":::
+    :::image type="content" source="media/work-with-threat-indicators/threat-intel-create-analytics-rule.png" alt-text="Screenshot of the create analytics rule configuration wizard.":::
 
 1. The rule logic portion of the wizard has been pre-populated with the following items: