Pencil edit

Author: aditisrivastava07

defender-xdr/irm-investigate-alerts-defender.md

@@ -132,7 +132,7 @@ The following alert classification mapping is used to sync the alert classificat
 |Microsoft Defender alert classification|Microsoft Purview Insider Risk Management alert classification|
 |:---|:---|
 |True positive </br> Includes multi-staged attack, phishing, etc.|Confirmed|
-|Information, expected activity (benign positive) </br> Includes Ssecurity testing, confirmed activity, etc.|Dismissed|
+|Information, expected activity (benign positive) </br> Includes security testing, confirmed activity, etc.|Dismissed|
 |False positive </br> Includes not malicious, not enough data to validate, etc.|Dismissed|
 
 For more information about alert statuses and classifications in Microsoft Defender XDR, see [Manage alerts in Microsoft Defender](investigate-alerts.md#manage-alerts).
@@ -213,4 +213,4 @@ If you are using automation on Microsoft Sentinel incidents, note that automatio
 After investigating an insider risk incident or alert, you can do any of the following:
 
 - Continue to respond to the alert in the Microsoft Purview portal.
-- Use advanced hunting to investigate other insider risk management events in the Microsoft Defender portal.
+- Use advanced hunting to investigate other insider risk management events in the Microsoft Defender portal.