DOCS-610 - Fix match lists docs (#4988)

Author: jpipkin1

docs/cse/match-lists-suppressed-lists/create-match-list.md

@@ -18,9 +18,9 @@ Here’s a use case for using a match list to define an allow list:  Vulnerabil
 There’s no reason you can’t use a match list to define “deny lists” of items. However, Cloud SIEM’s threat intel feature is designed for exactly that purpose. Most of the time, but not always, you should use threat intel lists for negative indicators. For more information, see [Match lists or threat intel: which to use?](#match-listor-threat-intel-which-to-use).
 :::
 
-Here are some match lists in the Cloud SIEM UI.  
+Here are some match lists in Cloud SIEM.  
 
-<img src={useBaseUrl('img/cse/example-match-list.png')} alt="Example match list" style={{border: '1px solid gray'}} width="800"/>
+<img src={useBaseUrl('img/cse/example-match-lists.png')} alt="Example match list" style={{border: '1px solid gray'}} width="800"/>
 
 Note that each match list has a **Target Column**, which you define when you create the list. The Target Column indicates what type of record fields should be compared to the match list, for example, hostnames, URLs, domains, IP addresses, usernames, and so on. For more information, see [How are match lists Used?](#how-are-match-lists-used)
 

docs/cse/match-lists-suppressed-lists/custom-match-list-columns.md

@@ -50,4 +50,4 @@ To see the custom columns that have been defined in your environment:
 
 1. Follow the instructions in [Create a Match List](/docs/cse/match-lists-suppressed-lists/create-match-list/#create-a-match-list).
 1. In the **Add Match List** dialog, click **Target Column**. A list of available target column values appears.
-1. Select the desired column in the **Custom** section of the selector list.<br/><img src={useBaseUrl('img/cse//target-column-selector.png')} alt="Target column selector" style={{border: '1px solid gray'}} width="400"/>
+1. Select the desired column in the **Custom** section of the selector list.<br/><img src={useBaseUrl('img/cse/target-column-selector.png')} alt="Target column selector" style={{border: '1px solid gray'}} width="400"/>

docs/cse/rules/about-cse-rules.md

@@ -134,9 +134,9 @@ This section describes what [match lists](/docs/cse/match-lists-suppressed-lists
 
 Match lists are lists of important indicators and identifiers, typically configured by a Cloud SIEM analyst. Match lists are often used to define allowlists of entities, like IP addresses, URLs, and hostnames, and so on, that you want to exempt from ordinary rule processing. For example, you might want to prevent a rule from firing for records that contain one of a certain set of IP addresses. 
 
-Here’s an example of a match list in the Cloud SIEM UI. 
+Here are some match lists in Cloud SIEM.   
 
-<img src={useBaseUrl('img/cse/example-match-list.png')} alt="Example match list" width="800"/>
+<img src={useBaseUrl('img/cse/example-match-lists.png')} alt="Example match list" width="800"/>
 
 You can take advantage of match lists in rules, but match lists actually come into play when records are ingested. Here’s how it works:  When a record is ingested, Cloud SIEM compares the entries in all match lists to fields in the record. Of course, Cloud SIEM doesn’t compare the entries in a given match list to all fields in a record; it wouldn’t make sense to compare a domain name to an IP address. You could say that Cloud SIEM understands the difference between apples and oranges: Cloud SIEM distinguishes which record fields contain IP addresses, which contain domain name and so on. So, Cloud SIEM compares a match list of IP addresses to record fields that contain IP addresses. Similarly, Cloud SIEMs compares a match list of usernames to record fields that contain usernames. For more information about how that works, see [Match Fields Reference](/docs/cse/match-lists-suppressed-lists/match-fields-reference).