Apply suggestions from Nastasha's review

Co-authored-by: Nastasha Solomon <[email protected]>
elastic · Jul 22, 2024 · 83fb8fc · 83fb8fc
1 parent 3b7f37a
commit 83fb8fc
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 12 deletions.
diff --git a/docs/management/admin/response-actions-config.asciidoc b/docs/management/admin/response-actions-config.asciidoc
@@ -24,7 +24,7 @@ Check out <<third-party-actions>> to learn which response actions are supported
 
 * <<endpoint-management-req,{elastic-sec} feature privileges>>: **All** for the response action features, such as **Host Isolation**, that you want to perform.
 
-* Endpoints must have actively running endpoint agents installed.
+* Endpoints must have actively running third-party agents installed.
 --
 
 Expand a section below for your endpoint security system:
@@ -37,8 +37,8 @@ Expand a section below for your endpoint security system:
 
 . **Create an API client in CrowdStrike.** Refer to CrowdStrike's docs for instructions on creating an API client.
 +
-- Give the API client the least privilege required to read CrowdStrike data and perform actions on enrolled hosts.
-- Take note of the client ID, client secret, and base URL: you'll need them in later steps when you configure {elastic-sec} components to access CrowdStrike.
+- Give the API client the minimum privilege required to read CrowdStrike data and perform actions on enrolled hosts.
+- Take note of the client ID, client secret, and base URL; you'll need them in later steps when you configure {elastic-sec} components to access CrowdStrike.
 
 . **Install the CrowdStrike integration and {agent}.** Elastic's {integrations-docs}/crowdstrike[CrowdStrike integration]
  collects and ingests logs into {elastic-sec}.
@@ -71,7 +71,7 @@ IMPORTANT: Do not create more than one CrowdStrike connector.
 +
 NOTE: Do not include any other index patterns.
 +
-This gives you visibility into CrowdStrike without needing to leave {elastic-sec}. You can perform supported endpoint response actions directly from alerts that the rule creates, by using the **Take action** menu on the alert details flyout.
+This gives you visibility into CrowdStrike without needing to leave {elastic-sec}. You can perform supported endpoint response actions directly from alerts that the rule creates, by using the **Take action** menu in the alert details flyout.
 ====
 
 
@@ -83,7 +83,7 @@ This gives you visibility into CrowdStrike without needing to leave {elastic-sec
 
 . **Generate API access tokens in SentinelOne.** You'll need these tokens in later steps, and they allow {elastic-sec} to collect data and perform actions in SentinelOne. 
 +
-Create two API tokens in SentinelOne, and give them the least privilege required by the Elastic components that will use them:
+Create two API tokens in SentinelOne, and give them the minimum privilege required by the Elastic components that will use them:
 +
 --
 - SentinelOne integration: Permission to read SentinelOne data.
@@ -126,5 +126,5 @@ Use these settings when creating the custom query rule to target the data collec
 +
 NOTE: Do not include any other index patterns or query parameters.
 +
-This gives you visibility into SentinelOne without needing to leave {elastic-sec}. You can perform supported endpoint response actions directly from alerts that the rule creates, by using the **Take action** menu on the alert details flyout.
+This gives you visibility into SentinelOne without needing to leave {elastic-sec}. You can perform supported endpoint response actions directly from alerts that the rule creates, by using the **Take action** menu in the alert details flyout.
 ====
diff --git a/docs/serverless/endpoint-response-actions/response-actions-config.mdx b/docs/serverless/endpoint-response-actions/response-actions-config.mdx
@@ -21,7 +21,7 @@ Check out <DocLink slug="/serverless/security/third-party-actions" /> to learn w
 <DocCallOut title="Prerequisites">
 * <DocLink slug="/serverless/elasticsearch/manage-project">Project features add-on</DocLink>: Endpoint Protection Complete
 * <DocLink slug="/serverless/general/assign-user-roles">User roles</DocLink>: **SOC manager** or **Endpoint operations analyst**
-* Endpoints must have actively running endpoint agents installed.
+* Endpoints must have actively running third-party agents installed.
 </DocCallOut>
 
 Select a tab below for your endpoint security system:
@@ -34,9 +34,9 @@ Select a tab below for your endpoint security system:
 
     1. **Create an API client in CrowdStrike.** Refer to CrowdStrike's docs for instructions on creating an API client.
 
-        - Give the API client the least privilege required to read CrowdStrike data and perform actions on enrolled hosts.
+        - Give the API client the minimum privilege required to read CrowdStrike data and perform actions on enrolled hosts.
 
-        - Take note of the client ID, client secret, and base URL: you'll need them in later steps when you configure ((elastic-sec)) components to access CrowdStrike.<br /><br />
+        - Take note of the client ID, client secret, and base URL; you'll need them in later steps when you configure ((elastic-sec)) components to access CrowdStrike.<br /><br />
 
     1. **Install the CrowdStrike integration and ((agent)).** Elastic's [CrowdStrike integration](((integrations-docs))/crowdstrike) collects and ingests logs into ((elastic-sec)).
         1. Go to **Project Settings** → **Integrations**, search for and select **CrowdStrike**, then select **Add CrowdStrike**.
@@ -71,7 +71,7 @@ Select a tab below for your endpoint security system:
         Do not include any other index patterns.
         </DocCallOut>
 
-        This gives you visibility into CrowdStrike without needing to leave ((elastic-sec)). You can perform supported endpoint response actions directly from alerts that the rule creates, by using the **Take action** menu on the alert details flyout.
+        This gives you visibility into CrowdStrike without needing to leave ((elastic-sec)). You can perform supported endpoint response actions directly from alerts that the rule creates, by using the **Take action** menu in the alert details flyout.
     </DocTab>
 
     <DocTab name="SentinelOne">
@@ -81,7 +81,7 @@ Select a tab below for your endpoint security system:
 
     1. **Generate API access tokens in SentinelOne.** You'll need these tokens in later steps, and they allow ((elastic-sec)) to collect data and perform actions in SentinelOne.
 
-        Create two API tokens in SentinelOne, and give them the least privilege required by the Elastic components that will use them:
+        Create two API tokens in SentinelOne, and give them the minimum privilege required by the Elastic components that will use them:
             - SentinelOne integration: Permission to read SentinelOne data.
             - SentinelOne connector: Permission to read SentinelOne data and perform actions on enrolled hosts (for example, isolating and releasing an endpoint).<br /><br />
 
@@ -122,6 +122,6 @@ Select a tab below for your endpoint security system:
         Do not include any other index patterns or query parameters.
         </DocCallOut>
 
-        This gives you visibility into SentinelOne without needing to leave ((elastic-sec)). You can perform supported endpoint response actions directly from alerts that the rule creates, by using the **Take action** menu on the alert details flyout.
+        This gives you visibility into SentinelOne without needing to leave ((elastic-sec)). You can perform supported endpoint response actions directly from alerts that the rule creates, by using the **Take action** menu in the alert details flyout.
     </DocTab>
 </DocTabs>