MicrosoftDocs
diff --git a/‎articles/sentinel/bookmarks.md
Lines changed: 1 addition & 1 deletion b/‎articles/sentinel/bookmarks.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/sentinel/hunting.md
Lines changed: 10 additions & 11 deletions b/‎articles/sentinel/hunting.md
Lines changed: 10 additions & 11 deletions
diff --git a/‎articles/sentinel/media/bookmarks/mitre-attack-mapping.png
-242 KB b/‎articles/sentinel/media/bookmarks/mitre-attack-mapping.png
-242 KB
diff --git a/‎articles/sentinel/media/hunting/map-entity-types-hunting.png
203 KB b/‎articles/sentinel/media/hunting/map-entity-types-hunting.png
203 KB
diff --git a/‎articles/sentinel/media/hunting/mitre-attack-mapping-hunting.png
322 KB b/‎articles/sentinel/media/hunting/mitre-attack-mapping-hunting.png
322 KB
@@ -65,7 +65,7 @@ Viewing bookmarks from the table enables you to filter, summarize, and join book
 
 1. On the right, in the **Add bookmark** pane, optionally, update the bookmark name, add tags, and notes to help you identify what was interesting about the item.
 
-1. **(Preview)** Bookmarks can be optionally mapped to MITRE ATT&CK techniques or sub-techniques. MITRE ATT&CK mappings are inherited from mapped values in hunting queries, but you can also create them manually. Select the MITRE ATT&CK tactic associated with the desired technique from the drop-down menu in the **Tactics & techniques** section of the **Add bookmark** pane (which for this purpose looks like the **Create custom query** wizard shown below). The menu will expand to show all the MITRE ATT&CK techniques, and you can select multiple techniques and sub-techniques in this menu.
+1. **(Preview)** Bookmarks can be optionally mapped to MITRE ATT&CK techniques or sub-techniques. MITRE ATT&CK mappings are inherited from mapped values in hunting queries, but you can also create them manually. Select the MITRE ATT&CK tactic associated with the desired technique from the drop-down menu in the **Tactics & techniques** section of the **Add bookmark** pane. The menu will expand to show all the MITRE ATT&CK techniques, and you can select multiple techniques and sub-techniques in this menu.
 
     :::image type="content" source="media/bookmarks/mitre-attack-mapping.png" alt-text="Screenshot of how to map Mitre Attack tactics and techniques to bookmarks.":::
 
 
@@ -24,7 +24,7 @@ For example, one built-in query provides data about the most uncommon processes
 
 ## Use built-in queries
 
-The [hunting dashboard](#use-the-hunting-dashboard-public-preview) provides ready-made query examples designed to get you started and get you familiar with the tables and the query language. Queries run on data stored in log tables, such as for process creation, DNS events, or other event types.
+The [hunting dashboard](#use-the-hunting-dashboard) provides ready-made query examples designed to get you started and get you familiar with the tables and the query language. Queries run on data stored in log tables, such as for process creation, DNS events, or other event types.
 
 Built-in hunting queries are developed by Microsoft security researchers on a continuous basis, both adding new queries and fine-tuning existing queries to provide you with an entry point to look for new detections and figure out where to start hunting for the beginnings of new attacks.
 
@@ -88,11 +88,13 @@ Create or modify a query and save it as your own query or share it with users wh
 
 1. Fill in all the blank fields and select **Create**.
 
-    1. (Preview) Create entity mappings by selecting entity types, identifiers and columns. 
+    1. **(Preview)** Create entity mappings by selecting entity types, identifiers and columns.
+    
+        :::image type="content" source="media/hunting/map-entity-types-hunting.png" alt-text="Screenshot for mapping entity types in hunting queries.":::
 
-    1. (Preview) Map MITRE ATT&CK techniques to your hunting queries by selecting the tactic, technique and sub-technique (if applicable).
+    1. **(Preview)** Map MITRE ATT&CK techniques to your hunting queries by selecting the tactic, technique and sub-technique (if applicable).
 
-    :::image type="content" source="./media/hunting/new-query.png" alt-text="New query" lightbox="./media/hunting/new-query.png":::
+        :::image type="content" source="./media/hunting/mitre-attack-mapping-hunting.png" alt-text="New query" lightbox="./media/hunting/new-query.png":::
 
 **To clone and modify an existing query**:
 
@@ -104,13 +106,9 @@ Create or modify a query and save it as your own query or share it with users wh
 
 1. Modify the query and select **Create**.
 
-    :::image type="content" source="./media/hunting/custom-query.png" alt-text="Custom query" lightbox="./media/hunting/custom-query.png":::
-
-
-
 ## Sample query
 
-A typical query starts with a table name followed by a series of operators separated by \|.
+A typical query starts with a table name followed by a series of operators separated by a pipe character ("\|").
 
 In the example above, start with the table name SecurityEvent and add piped elements as needed.
 
@@ -128,9 +126,10 @@ In the example above, start with the table name SecurityEvent and add piped elem
 
 During the hunting and investigation process, you may come across query results that may look unusual or suspicious. Bookmark these items to refer back to them in the future, such as when creating or enriching an incident for investigation.
 
-- In your results, mark the checkboxes for any rows you want to preserve, and select **Add bookmark**. This creates for a record for each marked row - a bookmark - that contains the row results, the query that created the results, and entity mappings to extract users, hosts, and IP addresses. You can add your own tags and notes to each bookmark.
+- In your results, mark the checkboxes for any rows you want to preserve, and select **Add bookmark**. This creates for a record for each marked row - a bookmark - that contains the row results as well as the query that created the results. You can add your own tags and notes to each bookmark.
 
-    - (Preview) Bookmarks will default to use the same entity and MITRE ATT&CK technique mappings as the hunting query being investigated. 
+    - **(Preview)** As with custom queries, you can enrich your bookmarks with entity mappings to extract multiple entity types and identifiers, and MITRE ATT&CK mappings to associate particular tactics and techniques.
+    - **(Preview)** Bookmarks will default to use the same entity and MITRE ATT&CK technique mappings as the hunting query that produced the bookmarked results. 
 
 - View all the bookmarked findings by clicking on the **Bookmarks** tab in the main **Hunting** page. Add tags to bookmarks to classify them for filtering. For example, if you're investigating an attack campaign, you can create a tag for the campaign, apply the tag to any relevant bookmarks, and then filter all the bookmarks based on the campaign.