diff --git a/docs/detections/alert-suppression.asciidoc b/docs/detections/alert-suppression.asciidoc
index 2b3249b06d..b44168a251 100644
--- a/docs/detections/alert-suppression.asciidoc
+++ b/docs/detections/alert-suppression.asciidoc
@@ -35,9 +35,9 @@ You can configure alert suppression when you create or edit a supported rule typ
 +
 [NOTE]
 ======
-Fields with multiple values are handled differently for each rule type:
+Fields with multiple values are handled as follows:
 
-* **Custom query or threshold rule** - If you specify a field with multiple values, an alert grouping is created for each value. For example, if you suppress alerts by `destination.ip` of `[127.0.0.1, 127.0.0.2, 127.0.0.3]`, alerts will be suppressed separately for each value of `127.0.0.1`, `127.0.0.2`, and `127.0.0.3`. 
+* **Custom query or threshold rules** - If you specify a field with multiple values, an alert grouping is created for each value. For example, if you suppress alerts by `destination.ip` of `[127.0.0.1, 127.0.0.2, 127.0.0.3]`, alerts will be suppressed separately for each value of `127.0.0.1`, `127.0.0.2`, and `127.0.0.3`. 
 * **Indicator match rule** - If you specify a field with multiple values, an alert grouping is created for alerts that contain the array you specified. For example, if you suppress alerts by `destination.ip` of `[127.0.0.1, 127.0.0.2, 127.0.0.3]`, alerts that contain this array are grouped and suppressed.
 
 ======