MicrosoftDocs
diff --git a/‎articles/network-watcher/network-watcher-alert-triggered-packet-capture.md
Lines changed: 33 additions & 31 deletions b/‎articles/network-watcher/network-watcher-alert-triggered-packet-capture.md
Lines changed: 33 additions & 31 deletions
@@ -9,13 +9,13 @@ ms.date: 02/14/2024
 ms.custom: devx-track-azurepowershell
 ---
 
-# Monitor networks proactively with alerts and Azure Functions by using Packet Capture
+# Monitor networks proactively with alerts and Azure Functions by using packet capture
 
-Network Watcher packet capture creates capture sessions to track traffic in and out of virtual machines (VMs). The capture file can have a filter that you define to track only the traffic that you want to monitor. This data is stored in a storage blob or locally on the guest machine.
+Azure Network Watcher packet capture creates capture sessions to track traffic in and out of virtual machines (VMs). The capture file can have a filter that you define to track only the traffic that you want to monitor. This data is stored in a storage blob or locally on the guest machine.
 
-You can start this capability remotely from other automation scenarios, such as Azure Functions. You can run proactive captures based on defined network anomalies. Other uses include gathering network statistics, getting information about network intrusions, and debugging client/server communications.
+You can start this capability remotely from other automation scenarios, such as from Azure Functions. You can run proactive captures based on defined network anomalies. Other uses include gathering network statistics, getting information about network intrusions, and debugging client/server communications.
 
-Resources that are deployed in Azure run continuously. It's difficult to actively monitor the status of all resources at all times. For example, what happens if an issue occurs at 2 AM?
+Resources that are deployed in Azure run continuously. It's difficult to actively monitor the status of all resources at all times. For example, what happens if an problem occurs at 2:00 AM?
 
 By using Network Watcher alerts and functions from within the Azure ecosystem, you can proactively respond with the data and tools to solve problems in your network.
 
@@ -29,14 +29,15 @@ By using Network Watcher alerts and functions from within the Azure ecosystem, y
 
 ## Scenario
 
-In this example, a virtual machine has more outgoing traffic than usual and you want to be alerted. Similarly, you can create alerts for any condition.
+In this example, a virtual machine has more outgoing traffic than usual and you want to be alerted. You can use a similar process to create alerts for any condition.
 
-When an alert is triggered, the packet-level data helps to analyze why the outgoing traffic increased. You can take steps to return the virtual machine to its original state.
+When an incident triggers an alert, the packet-level data helps you analyze why the outgoing traffic increased. You can take steps to return the virtual machine to its original state.
 
 This scenario assumes that you have an existing instance of Network Watcher and a resource group with a valid virtual machine.
 
-The following workflow takes place when an alert is triggered on your VM:
+Here's the workflow for packet capture:
 
+1. An incident triggers an alert on your VM.
 1. The alert calls your Azure function.
 1. Your Azure function processes the alert and starts a Network Watcher packet capture session.
 1. The packet capture runs on the VM and collects data.
@@ -55,24 +56,24 @@ To create an Azure function to process the alert and create a packet capture, fo
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 
-1. In the search box at the top of the portal, enter *function app*. Select **Function App** from the search results
+1. In the search box at the top of the portal, enter *function app*. Select **Function App** from the search results.
 
     :::image type="content" source="./media/network-watcher-alert-triggered-packet-capture/function-app-portal-search.png" alt-text="Screenshot that shows how to search for function apps in the Azure portal." lightbox="./media/network-watcher-alert-triggered-packet-capture/function-app-portal-search.png":::
 
 1. Select **+ Create**.
 
 1. On the **Basics** tab of **Create Function App**, enter or select values for the following settings:
 
-   - Under **Project Details**, select the subscription for which you want to create the function app and the resource group value to contain the app.
+   - Under **Project Details**, select the subscription for which you want to create the function app and the resource group to contain the app.
    - Under **Instance Details**:
       - For **Function app name**, enter the name of the function app. This name is appended by *.azurewebsites.net*.
-      - For **Do you want to deploy code or container image?**, select the mode of publishing: either **Code** or **Container image**.
+      - For **Do you want to deploy code or container image?**, select the mode of publishing: **Code** or **Container image**.
       - For **Runtime stack**, select a runtime stack.
       - For **Version**, select the version of the runtime stack.
       - For **Region**, select the region in which you want to create the function app.
-   - Under **Operating system**, select the type of operating system that you're currently using. Azure recommends the type of operating system based on your runtime stack selection.
+   - Under **Operating system**, select the type of operating system that you currently use. Azure recommends the type of operating system based on your runtime stack selection.
    - Under **Hosting**, select the type of plan that you want to use for the function app. Choose from the following options:
-      - **Consumption (Serverless)**: For event-driven scaling for the most minimum cost.
+      - **Consumption (Serverless)**: For event-driven scaling for the lowest cost.
       - **Functions Premium**: For enterprise-level, serverless applications with event-based scaling and network isolation.
       - **App Service plan**: For reusing compute from an existing Azure App Service plan.
 
@@ -90,11 +91,11 @@ To create an Azure function to process the alert and create a packet capture, fo
 3. Under **Select a template**, select **HTTP trigger**.
 4. In the **Template details** section:
    - For **New Function**, enter the name of the function.
-   - For **Authorization level**, select **Function**
+   - For **Authorization level**, select **Function**.
 5. Select **Create**.
-6. After the function is created, go to the function and select **Code + Test**.
+6. Go to the function that you created and select **Code + Test**.
 
-   :::image type="content" source="./media/network-watcher-alert-triggered-packet-capture/code-test.png" alt-text="Screenshot of the Code + Test screen.":::
+   :::image type="content" source="./media/network-watcher-alert-triggered-packet-capture/code-test.png" alt-text="Screenshot of the Code + Test page for a function.":::
 
 7. Update the [script](#add-powershell-to-the-function) and select **Save**.
 
@@ -164,7 +165,7 @@ Get the tenant ID by running the following PowerShell cmdlet:
 
 #### AzureCredPassword
 
-The value of the `AzureCredPassword` environment variable is the value that you get from running the following PowerShell sample. This example is the same one that's shown in the preceding [Authentication](#authentication) section. The value that you need is the output of the `$Encryptedpassword` variable. This is the service principal password that you encrypted by using the PowerShell script.
+The value of the `AzureCredPassword` environment variable is the value that you get from running the following PowerShell sample. This example is the same one that the preceding [Authentication](#authentication) section showed. The value that you need is the output of the `$Encryptedpassword` variable. This is the service principal password that you encrypted by using the PowerShell script.
 
 ```powershell
 #Variables
@@ -315,15 +316,15 @@ if ($requestBody.context.resourceType -eq "Microsoft.Compute/virtualMachines") {
 
 ## Configure an alert on a VM
 
-You can configure alerts to notify individuals when a specific metric crosses a threshold that's assigned to it. In this example, the alert is on the Network Out Total that is sent, but the alert can be triggered for many other metrics.
+You can configure alerts to notify individuals when a specific metric crosses a threshold that you assigned to it. In this example, the alert is on the Network Out Total metric that's sent, but you can trigger the alert for many other metrics.
 
 ### Create the alert rule
 
-Go to an existing virtual machine and [add an alert rule](../azure-monitor/alerts/alerts-classic-portal.md). Do the following in the **Create an Alert rule** screen.
+Go to an existing virtual machine and [add an alert rule](../azure-monitor/alerts/alerts-classic-portal.md). On the **Create an Alert rule** page, take the following steps:
 
-1. In the **Select a signal** pane, search for the name of the signal and select it. In this example, Network Out Total is the selected signal. It denotes the number of bytes out on all network interfaces by the Virtual Machine.
+1. On the **Select a signal** pane, search for the name of the signal and select it. In this example, **Network Out Total** is the selected signal. It denotes the number of bytes out on all network interfaces by the virtual machine.
 
-2. In the **Conditions** tab, set the following values and select **Next: Actions >**.
+2. On the **Conditions** tab, set the following values, and then select **Next: Actions**.
 
    |**Setting** | **Value** |
    |---|---|
@@ -334,23 +335,24 @@ Go to an existing virtual machine and [add an alert rule](../azure-monitor/alert
    |**Check every**|1 minute|
    |**Lookback period**|5 minutes|
 
-3. In the **Actions** tab, select **Create an action group**.
-4. In the **Create action group** screen, select the **Subscription**, **Resource group**, and **Region**. Also enter the Action group name and the display name and select **Next: Notifications >**.
-5. In the screen that appears, select **Action type** as **Azure Function**.
-6. In the Azure Function pane, select the **Subscription**, **Resource group**, **Function app**, and **Azure Function**.
-   :::image type="content" source="./media/network-watcher-alert-triggered-packet-capture/action-group.png" alt-text="Screenshot of the Create action group screen.":::
-7. Select **No** in **Enable the common alert schema** slider and select **OK**.
+3. On the **Actions** tab, select **Create an action group**.
+4. On the **Create action group** page, select the **Subscription**, **Resource group**, and **Region** values. Also enter the action group name and the display name, and then select **Next: Notifications**.
+5. On the **Notifications** tab, for **Action type**, select **Azure Function**.
+6. On the **Azure Function** pane, select the **Subscription**, **Resource group**, **Function app**, and **Azure Function** values.
+
+   :::image type="content" source="./media/network-watcher-alert-triggered-packet-capture/action-group.png" alt-text="Screenshot of the page for creating an action group and the pane for details about an Azure function.":::
+7. In **Enable the common alert schema** slider, select **No**. Then select **OK**.
 
 ## Review the results
 
-After the criteria for the alert triggers, a packet capture is created. Go to Network Watcher and select **Packet capture**. On this page, you can select the packet capture file link to download the packet capture.
+After the criteria trigger an alert, Network Watcher creates a packet capture. Go to Network Watcher and select **Packet capture**. On this page, you can select the file link to download the packet capture.
 
-If the capture file is stored locally, you can retrieve it by signing in to the virtual machine.
+If the capture file is stored locally, you can get it by signing in to the virtual machine.
 
-For instructions on downloading files from Azure storage accounts, see [Get started with Azure Blob storage using .NET](../storage/blobs/storage-quickstart-blobs-dotnet.md). You can also use the [Storage Explorer](https://storageexplorer.com/) tool.
+For instructions on downloading files from Azure storage accounts, see the [quickstart for the Azure Blob Storage client library for .NET](../storage/blobs/storage-quickstart-blobs-dotnet.md). You can also use the [Azure Storage Explorer](https://storageexplorer.com/) tool.
 
-After your capture has been downloaded, you can view it using tools like [Microsoft Message Analyzer](/message-analyzer/microsoft-message-analyzer-operating-guide) and [WireShark](https://www.wireshark.org/)that can read a **.cap** file.
+After you download your capture, you can view it by using tools like [Wireshark](https://www.wireshark.org/) that can read a *.cap* file.
 
 ## Next step
 
-Learn how to view your packet captures by visiting [Packet capture analysis with Wireshark](network-watcher-deep-packet-inspection.md).
+Learn how to view your packet captures by reading [Inspect and analyze Network Watcher packet capture files](network-watcher-deep-packet-inspection.md).