Gal and Lori review

Author: yelevin

articles/sentinel/automate-incident-handling-with-automation-rules.md

@@ -117,14 +117,14 @@ An incident property's value was
 - **changed to** the value defined in the condition.
 - **added** to (this applies to properties with a list of values).
 
-#### Items vs. collections
+#### *Tag* property: individual vs. collection
 
-For incident properties that are collections of items, such as tags—an incident can have multiple tags applied to it—you can define conditions that check **each item in the collection individually**, and conditions that check **the entire collection as a unit**.
+The incident property **Tag** is a collection of individual items—a single incident can have multiple tags applied to it. You can define conditions that check **each tag in the collection individually**, and conditions that check **the collection of tags as a unit**.
 
-- **Any individual item** operators check the condition against every item in the collection. The evaluation is *true* when *at least one item* satisfies the condition.
-- **Collection of all items** operators check the condition against the collection of items as a single unit. The evaluation is *true* only if *the collection as a whole* satisfies the condition.
+- **Any individual tag** operators check the condition against every tag in the collection. The evaluation is *true* when *at least one tag* satisfies the condition.
+- **Collection of all tags** operators check the condition against the collection of tags as a single unit. The evaluation is *true* only if *the collection as a whole* satisfies the condition.
 
-This distinction matters when your condition is a negative (does not equal, does not contain, and so on), and some items in the collection satisfy the condition and others don't.
+This distinction matters when your condition is a negative (does not contain), and some tags in the collection satisfy the condition and others don't.
 
 Let's look at an example where your condition is, **Tag does not contain "2024"**, and you have two incidents, each with two tags:
 
@@ -139,8 +139,6 @@ In this example, in *Incident 1*:
 
 In *Incident 2*, the outcome will be the same, regardless of which type of condition is defined.
 
-Both kinds of conditions can be chosen for properties that comprise collections, such as tags.
-
 #### When triggers collide
 
 - An automation rule, based on the update trigger, can run on an incident that was updated by another automation rule, based on the incident creation trigger, that ran on the incident.

articles/sentinel/create-manage-use-automation-rules.md

@@ -106,22 +106,23 @@ Select the **+ Add** expander and choose **Condition (And)** from the drop-down
 
     | Property | Operator set |
     | -------- | -------- |
-    | <ul><li>Title<li>Description<li>All listed entity properties | <ul><li>Equals/Does not equal<li>Contains/Does not contain<li>Starts with/Does not start with<li>Ends with/Does not end with |
-    | <ul><li>Severity<li>Status<li>Incident provider<li>Custom details key (Preview) | <ul><li>Equals/Does not equal |
-    | <ul><li>Tactics<li>Alert product names<li>Custom details value (Preview) | <ul><li>Contains/Does not contain |
-    | <ul><li>Tag<br>(See [Items vs. collections](automate-incident-handling-with-automation-rules.md#items-vs-collections)) | Any individual tag:<ul><li>Equals/Does not equal<li>Contains/Does not contain<li>Starts with/Does not start with<li>Ends with/Does not end with</ul><br>Collection of all tags:<ul><li>Equals/Does not equal<li>Contains/Does not contain<li>Starts with/Does not start with<li>Ends with/Does not end with |
+    | - **Title**<br>- **Description**<br>- All listed **entity properties** | - Equals/Does not equal<br>- Contains/Does not contain<br>- Starts with/Does not start with<br>- Ends with/Does not end with |
+    | - **Tag** (See [individual vs. collection](automate-incident-handling-with-automation-rules.md#tag-property-individual-vs-collection)) | **Any individual tag:**<br>- Equals/Does not equal<br>- Contains/Does not contain<br>- Starts with/Does not start with<br>- Ends with/Does not end with<br><br>**Collection of all tags:**<br>- Contains/Does not contain |
+    | - **Severity**<br>- **Status**<br>- **Incident provider**<br>- **Custom details key** (Preview) | - Equals/Does not equal |
+    | - **Tactics**<br>- **Alert product names**<br>- **Custom details value** (Preview) | - Contains/Does not contain |
 
     ##### Conditions available with the update trigger
 
     | Property | Operator set |
     | -------- | -------- |
-    | - Title<br>- Description<br>- Tag<br>- All listed entity properties | - Equals/Does not equal<br>- Contains/Does not contain<br>- Starts with/Does not start with<br>- Ends with/Does not end with |
-    | - Tag (in addition to above)<br>- Alerts<br>- Comments | - Added |
-    | - Severity<br>- Status | - Equals/Does not equal<br>- Changed<br>- Changed from<br>- Changed to |
-    | - Owner | - Changed |
-    | - Incident provider<br>- Updated by<br>- Custom details key (Preview) | - Equals/Does not equal |
-    | - Tactics | - Contains/Does not contain<br>- Added |
-    | - Alert product names<br>- Custom details value (Preview) | - Contains/Does not contain |
+    | - **Title**<br>- **Description**<br>- All listed **entity properties** | - Equals/Does not equal<br>- Contains/Does not contain<br>- Starts with/Does not start with<br>- Ends with/Does not end with |
+    | - **Tag** (See [individual vs. collection](automate-incident-handling-with-automation-rules.md#tag-property-individual-vs-collection)) | **Any individual tag:**<br>- Equals/Does not equal<br>- Contains/Does not contain<br>- Starts with/Does not start with<br>- Ends with/Does not end with<br><br>**Collection of all tags:**<br>- Contains/Does not contain |
+    | - **Tag** (in addition to above)<br>- **Alerts**<br>- **Comments** | - Added |
+    | - **Severity**<br>- **Status** | - Equals/Does not equal<br>- Changed<br>- Changed from<br>- Changed to |
+    | - **Owner** | - Changed |
+    | - **Incident provider**<br>- **Updated by**<br>- **Custom details key** (Preview) | - Equals/Does not equal |
+    | - **Tactics** | - Contains/Does not contain<br>- Added |
+    | - **Alert product names**<br>- **Custom details value** (Preview) | - Contains/Does not contain |
 
 1. Enter a value in the text box on the right. Depending on the property you chose, this might be a drop-down list from which you would select the values you choose. You might also be able to add several values by selecting the icon to the right of the text box (highlighted by the red arrow below).