Merge pull request #276003 from batamig/may-fixes-2

Sentinel May automation fixes

Author: prmerger-automator[bot]

articles/sentinel/automate-incident-handling-with-automation-rules.md

@@ -99,13 +99,16 @@ When an automation rule is triggered, it checks the triggering incident or alert
 
 For rules defined using the trigger **When an incident is created**, you can define conditions that check the **current state** of the values of a given list of incident properties, using one or more of the following operators:
 
-An incident property's value
 - **equals** or **does not equal** the value defined in the condition.
 - **contains** or **does not contain** the value defined in the condition.
 - **starts with** or **does not start with** the value defined in the condition.
 - **ends with** or **does not end with** the value defined in the condition.
 
-The **current state** in this context refers to the moment the condition is evaluated - that is, the moment the automation rule runs. If more than one automation rule is defined to run in response to the creation of this incident, then changes made to the incident by an earlier-run automation rule are considered the current state for later-run rules.
+For example, if you define **Analytic rule name** as **Contains == Brute force attack against a Cloud PC**, an analytic rule with the **Brute force attack against Azure portal** doesn't meet the condition. However, if you define **Analytic rule name** as **Does not contain == User credentials**, then both the **Brute force attack against a Cloud PC** and **Brute force against Azure portal** analytics rules meet the condition.
+
+> [!NOTE]
+> The **current state** in this context refers to the moment the condition is evaluated - that is, the moment the automation rule runs. If more than one automation rule is defined to run in response to the creation of this incident, then changes made to the incident by an earlier-run automation rule are considered the current state for later-run rules.
+>
 
 #### Incident update trigger