From 10dc3d9c0372e38a72138c27a61e29816f702573 Mon Sep 17 00:00:00 2001
From: "nastasha.solomon" <nastasha.solomon@elastic.co>
Date: Tue, 5 Dec 2023 18:47:09 -0500
Subject: [PATCH] Input from Natasa and Ryland

---
 docs/detections/rules-ui-create.asciidoc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/detections/rules-ui-create.asciidoc b/docs/detections/rules-ui-create.asciidoc
index a4b71d8f70..707aa3c3b6 100644
--- a/docs/detections/rules-ui-create.asciidoc
+++ b/docs/detections/rules-ui-create.asciidoc
@@ -193,12 +193,13 @@ IMPORTANT: Data in indicator indices must be <<ecs-compliant-reqs, ECS compatibl
 +
 .. *Indicator index query*: The query and filters used to filter the fields from
 the indicator index patterns. The default query `@timestamp > "now-30d/d"` searches specified indicator indices for indicators ingested during the past 30 days and rounds the start time down to the nearest day (resolves to UTC `00:00:00`).
-.. *Indicator mapping*: Compares the values of the specified event and indicator field
-values. When the field values are identical, an alert is generated. To define
-which field values are compared from the indices add the following:
+.. *Indicator mapping*: Compares the values of the specified event and indicator fields, and generates an alert if the values are identical.
 +
 NOTE: Only single-value fields are supported.
 +
+To define
+which field values are compared from the indices add the following:
+
 ** *Field*: The field used for comparing values in the {elastic-sec} event
 indices.
 ** *Indicator index field*: The field used for comparing values in the indicator