Edits

tarTech23 · tarTech23 · commit cacd3fd4dfaa · 2024-11-11T15:15:03.000+02:00
diff --git a/articles/defender-for-iot/organizations/how-to-manage-cloud-alerts.md b/articles/defender-for-iot/organizations/how-to-manage-cloud-alerts.md
@@ -147,7 +147,7 @@ The file is generated, and you're prompted to save it locally.
 
 ## Remediate aggregated alerts
 
-To reduce alert fatigue, multiple versions of the same alert with identical parameters are listed as one item in the Alerts page. As you investigate alerts, an aggregated alert is identified by the *Multiple violations* message that appears under the Source device IP. Use the **Violations** tab to investigate further and the **Take action** tab to remediate the alerts.
+To reduce alert fatigue, multiple versions of the same alert with identical parameters are listed as one item in the Alerts inventory. As you investigate alerts, an aggregated alert is identified by the *Multiple violations* message that appears under the Source device IP. Use the **Violations** tab to investigate further and the **Take action** tab to remediate the alerts.
 
 1. On the **Alerts** page, select an alert in the grid to display more details in the pane on the right.
 1. For an Aggregated alert the *Multiple violations* message appears underneath the Source device IP address, and the **Violations** tab is displayed.
diff --git a/articles/defender-for-iot/organizations/how-to-view-alerts.md b/articles/defender-for-iot/organizations/how-to-view-alerts.md
@@ -179,14 +179,17 @@ For more information, see [Accelerating OT alert workflows](alerts.md#accelerati
 
 ## Remediate aggregated alerts
 
-To reduce alert fatigue, multiple versions of the same alert with identical parameters are listed as one item in the Alerts page. Investigate the alerts and then remediate them using the Learn tab.
+To reduce alert fatigue, multiple versions of the same alert with identical parameters are listed as one item in the Alerts inventory. As you investigate alerts, an aggregated alert is identified by the *Multiple violations* message that appears under the Source device IP. Use the **Violations** tab to investigate further and the **Take action** tab to remediate the alerts.
 
 1. Sign into your OT sensor console and select the **Alerts** page on the left.
-1. How do we know from the table that this is an aggregated alert?<!-- is there a violations column or -->
+1. For an Aggregated alert the *Multiple violations* message appears underneath the Source device IP address, and the **Violations** tab is displayed.
+
+    :::image type="content" source="media/how-to-manage-cloud-alerts/alert-details-aggregated.png" alt-text="Screenshot of the alerts detail pane showing the aggregated alerts message, the ViolationsCount and the Violations tab.":::
+<!-- change the image to one for an OT sensor -->
 1. Select the **Violations** tab.
-1. Export the data to a CSV file using the **Export** button. Open the file and examine the data.
+1. An inventory table displays the first 10 alerts from this aggregated alert group. Export the data to a CSV file using the **Export** button. Open the file and examine the data.
 1. Select the **Take action** tab. Follow the **Remediation steps**.
-1. Select the **Learn** button so that Defender for IoT learns that this doesn't need to create an alert item for this activity in the future.
+1. Select the **Learn** button, if appropriate, so that Defender for IoT learns that this network activity doesn't need to create an alert item in the future.
 <!-- go over this with the OT sensor and data that shows this feature and check this is correct -->
 ## Next steps
 
