From 3d28a9ee0d231981a95413a9aa2566403ae91c17 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Fri, 29 Jan 2021 20:09:53 +0200
Subject: [PATCH] Update pull-alerts-using-rest-api.md

Acrolinx.
---
 .../microsoft-defender-atp/pull-alerts-using-rest-api.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
index 0b426b8e0d..49d143d897 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/pull-alerts-using-rest-api.md
@@ -1,6 +1,6 @@
 ---
 title: Pull Microsoft Defender for Endpoint detections using REST API
-description: Learn how call an Microsoft Defender for Endpoint API endpoint to pull detections in JSON format using the SIEM REST API.
+description: Learn how to call a Microsoft Defender for Endpoint API endpoint to pull detections in JSON format using the SIEM REST API.
 keywords: detections, pull detections, rest api, request, response
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@@ -67,7 +67,7 @@ Use the following method in the Microsoft Defender for Endpoint API to pull dete
 ## Get an access token
 Before creating calls to the endpoint, you'll need to get an access token.
 
-You'll use the access token to access the protected resource, which are detections in Microsoft Defender for Endpoint.
+You'll use the access token to access the protected resource, which is detections in Microsoft Defender for Endpoint.
 
 To get an access token, you'll need to do a POST request to the token issuing endpoint. Here is a sample request:
 
@@ -115,7 +115,7 @@ Name | Value| Description
 :---|:---|:---
 sinceTimeUtc | DateTime | Defines the lower time bound alerts are retrieved from, based on field: <br> `LastProcessedTimeUtc` <br> The time range will be: from sinceTimeUtc time to current time. <br><br> **NOTE**: When not specified, all alerts generated in the last two hours are retrieved.
 untilTimeUtc | DateTime | Defines the upper time bound alerts are retrieved. <br> The time range will be: from `sinceTimeUtc` time to `untilTimeUtc` time. <br><br> **NOTE**: When not specified, the default value will be the current time.
-ago | string | Pulls alerts in the following time range: from `(current_time - ago)` time to `current_time` time. <br><br> Value should be set according to **ISO 8601** duration format <br> E.g. `ago=PT10M` will pull alerts received in the last 10 minutes.
+ago | string | Pulls alerts in the following time range: from `(current_time - ago)` time to `current_time` time. <br><br> Value should be set according to **ISO 8601** duration format <br> Example: `ago=PT10M` will pull alerts received in the last 10 minutes.
 limit | int | Defines the number of alerts to be retrieved. Most recent alerts will be retrieved based on the number defined.<br><br> **NOTE**: When not specified, all alerts available in the time range will be retrieved.
 machinegroups | string | Specifies device groups to pull alerts from. <br><br> **NOTE**: When not specified, alerts from all device groups will be retrieved. <br><br> Example: <br><br> ```https://wdatp-alertexporter-eu.securitycenter.windows.com/api/Alerts/?machinegroups=UKMachines&machinegroups=FranceMachines```
 DeviceCreatedMachineTags | string | Single device tag from the registry.