Merge branch 'main' into berry-demo

Author: kimsauce

docs/cse/administration/create-use-network-blocks.md

@@ -50,13 +50,14 @@ When Cloud SIEM looks for the network block address `10.128.0.1`, it will ret
 
 Follow these instructions to create a network block using the Cloud SIEM UI. For information about creating multiple network blocks by file upload, see [Upload a CSV file of network blocks](#upload-a-csv-file-of-network-blocks).
 
-1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Content > Network Blocks**.  <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Network Blocks**. You can also click the **Go To...** menu at the top of the screen and select **Network Blocks**. 
-1. On the **Create Network Block** popup:
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Content > Network Blocks**.  <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Network Blocks**. You can also click the **Go To...** menu at the top of the screen and select **Network Blocks**.
+1. Click **Add Network Block**.
+1. On the **Add Network Block** popup:
     1. **Address Block**. Enter a CIDR block that identifies a contiguous range of IP addresses.
     1. **Label**. Enter a meaningful name for the network block.
     1. **Internal**. Leave the toggle switched to the right (green) if you want to mark IP addresses that match the network block as Internal. This allows you to filter on the IP addresses in rule expressions, as described below in [Using enrichment fields](#using-enrichment-fields), below.
     1. **Suppress Signals**. Leave the toggle switched to the left (red) if you do not want to suppress signals on IP addresses in the network block. Otherwise, switch the toggle to the right (green).
-    1. Click **Create**. <br/><img src={useBaseUrl('img/cse/create-network-block.png')} alt="Create network block" style={{border: '1px solid gray'}} width="400"/>
+    1. Click **Save**. <br/><img src={useBaseUrl('img/cse/create-network-block.png')} alt="Create network block" style={{border: '1px solid gray'}} width="400"/>
 
 ## Upload a CSV file of network blocks
 

docs/cse/administration/index.md

@@ -19,7 +19,7 @@ Learn about onboarding tasks and best practices for Cloud SIEM administrators. I
 <div className="box smallbox card">
   <div className="container">
   <a href="/docs/cse/administration/create-use-network-blocks"><img src={useBaseUrl('img/icons/operations/microservices.png')} alt="Network icon" width="40"/><h4>Network Blocks</h4></a>
-  <p>Learn about Network Blocks, their purpose, and instructions for setting them up and using them.</p>
+  <p>Learn about network blocks, their purpose, and instructions for setting them up and using them.</p>
   </div>
 </div>
 <div className="box smallbox card">

docs/cse/get-started-with-cloud-siem/intro-for-analysts.md

@@ -400,7 +400,7 @@ But what if you want to be alerted right away when a certain rule is triggered?
 You want to be alerted right away when your new custom match rule is triggered. Create a custom insight that looks for only this rule.
 
 1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu, select **Content > Custom Insights**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Custom Insights**. You can also click the **Go To...** menu at the top of the screen and select **Custom Insights**.
-1. Click **Create**.
+1. Click **Add Custom Insight**.
 1. Give your custom insight a name.
 1. Under **When Signals are created from the following** select **rules**.
 1. In **Type to add a rule**, search for the rule you created in [Write a match rule](#write-a-match-rule) and add it to your custom insight.

docs/cse/records-signals-entities-insights/configure-custom-insight.md

@@ -30,7 +30,7 @@ When the conditions of a custom insight configuration are met during the current
 To create a custom insight:
 
 1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu, select **Content > Custom Insights**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Custom Insights**. You can also click the **Go To...** menu at the top of the screen and select **Custom Insights**.  
-2. Click **Create** on the **Custom Insights** page.
+2. Click **Add Custom Insight** on the **Custom Insights** page.
 3. The **Configure the Custom Insight** popup appears. <br/><img src={useBaseUrl('img/cse/custom-insight.png')} alt="Configure an insight" style={{border: '1px solid gray'}} width="600"/>
 4. In the **Name** field, enter a name for the custom insight.
 5. If you want the custom insight to be generated based on one or more rules firing signals, jump to step 6, below. Otherwise: 

docs/cse/records-signals-entities-insights/tags-insights-signals-entities-rules.md

@@ -87,9 +87,8 @@ Note that in addition to tags that you manually assign to an insight, an insight
 ### UI for tagging a custom insight
 
 1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Content > Custom Insights**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Custom Insights**. You can also click the **Go To...** menu at the top of the screen and select **Custom Insights**.  
-1. Navigate to a custom insight.
-1. The UI for tagging is at the bottom of the **Then Create a Signal** area of the insight editor.
-1. To add a tag, follow the instructions in [Add a schema key tag](#applya-schema-key-tag) or [Add a keyword tag](#apply-a-keyword-tag).<br/><img src={useBaseUrl('img/cse/custom-insight.png')} alt="Tag a custom insight" style={{border: '1px solid gray'}} width="600"/>
+1. Navigate to a custom insight and select it.
+1. The UI for tagging is at the bottom of the **Then Create a Signal** area of the insight editor. To add a tag, follow the instructions in [Add a schema key tag](#applya-schema-key-tag) or [Add a keyword tag](#apply-a-keyword-tag).<br/><img src={useBaseUrl('img/cse/custom-insight.png')} alt="Tag a custom insight" style={{border: '1px solid gray'}} width="600"/>
 
 ## Apply a schema key tag
 

docs/cse/records-signals-entities-insights/view-manage-entities.md

@@ -119,7 +119,7 @@ the entity appears.
 | p | **Related Entities**. Entities related to the current entity. |
 | q | **Automations**. [Automations](/docs/cse/automation/automations-in-cloud-siem/#view-results-of-an-automation) that have been run on the entity. |
 | r | **Create Insight**. You can use this option to create an insight on the entity, as described below in [Create an insight](#create-an-insight), below. |
-| s | The **Current State** section lists signals that were generated for the entity during the current [detection window](/docs/cse/records-signals-entities-insights/set-insight-generation-window-threshold/) that are not already part of an insight. (The detection window is the period over which Cloud SIEM evaluates signals, which is 14 days, by default. The detection window is configured on the **Content > Custom Insights** page in the Cloud SIEM UI.) |
+| s | The **Current State** section lists signals that were generated for the entity during the current [detection window](/docs/cse/records-signals-entities-insights/set-insight-generation-window-threshold/) that are not already part of an insight. (The detection window is the period over which Cloud SIEM evaluates signals, which is 14 days, by default. The detection window is configured on the **Custom Insights** page in the Cloud SIEM UI.) |
 
 Below the **Current State** section there may be a **Prior Activity** section. This section lists signals that were generated for the entity prior to the current detection window, and all insights for the entity. 
 

docs/get-started/training-certification-faq.md

@@ -188,9 +188,9 @@ Certified users become technical experts on setting up, managing and optimizing
 In this course, you'll create starter SOC queries as dashboard panels. These advanced operator queries help you monitor user activity across the globe, failed logins, land speed violations, brute force attacks, and more. You will create parameterized lookup tables for easy panel or dashboard pivots. You will learn how to export the starter SOC dashboard you created for use in your own environment. Lastly, you will be able to detect and investigate IOCs with the use of our embedded CrowdStrike database, which monitors malicious IPs addresses, and apply scheduled views as a best practice.
 -->
 
-**Sumo Logic Certified - Cloud SIEM Fundamentals**. Learn how Cloud SIEM ingests your data and turns it into actionable security Insights. Get hands-on practice with threat investigation, take actions on Insights, and learn the basics of SOC content creation, like writing rules and custom Insights.
+**Sumo Logic Certified - Cloud SIEM Fundamentals**. Learn how Cloud SIEM ingests your data and turns it into actionable security Insights. Get hands-on practice with threat investigation, take actions on Insights, and learn the basics of SOC content creation, like writing rules and custom insights.
 
-**Sumo Logic Certified - Cloud SIEM Administration**. Learn how to set up data ingestion for Cloud SIEM, including writing custom log and ingest mappings. Customize your environment with a deep dive into custom rules and Insight Actions.
+**Sumo Logic Certified - Cloud SIEM Administration**. Learn how to set up data ingestion for Cloud SIEM, including writing custom log and ingest mappings. Customize your environment with a deep dive into custom rules and insight actions.
 
 **Sumo Logic Certified - Cloud SOAR Fundamentals**. Learn how to automate your security operations center with playbooks, dashboards, and reports. Watch a playbook run in real time and export a customized dashboard.