From 4e7fa706c4a6d20efd7c7ebac03f54683adbcac8 Mon Sep 17 00:00:00 2001
From: Ben Alfasi <bealfasi@microsoft.com>
Date: Sun, 5 Jan 2020 22:49:09 +0200
Subject: [PATCH] 2

---
 .../create-alert-by-reference.md                   | 14 ++++++++++++--
 .../microsoft-defender-atp/get-alerts.md           |  5 ++---
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
index 077445f7c7..08aacde7fb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
@@ -16,13 +16,23 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Create alert from event API
+# Create alert API
 
 **Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-Create alert using event data, as obtained from [Advanced Hunting](run-advanced-query-api.md) for creating a new alert.
+## API description
+Creates new MDATP [Alert](alerts.md).
+<br>MDATP Event is a required parameter for the alert creation.
+<br>You can use an event found in Advanced Hunting API or Portal.
+<br>If there is an open alert on the same Machine with the same Title, the alerts will be merged to one.
+<br>An automatic investigation starts automatically on alerts created via the API.
+
+
+## Limitations
+1. Rate limitations of this API are 15 calls per minute.
+
 
 ## Permissions
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
index 3145636794..2c0f99ebaf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/get-alerts.md
@@ -23,7 +23,6 @@ ms.topic: article
 - Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 ## API description
-
 Retrieves a collection of Alerts.
 <br>Supports [OData V4 queries](https://www.odata.org/documentation/).
 <br>The OData's ```$filter``` query is supported on: "alertCreationTime", "incidentId", "InvestigationId", "status", "severity" and "category".
@@ -32,8 +31,8 @@ Retrieves a collection of Alerts.
 
 ## Limitations
 1. You can get alerts last updated in the past 30 days.
-2. The maximum page size is 10,000.
-3. The rate limitations of this API is 100 calls per minute and 1500 calls per hour. 
+2. Maximum page size is 10,000.
+3. Rate limitations of this API are 100 calls per minute and 1500 calls per hour. 
 
 
 ## Permissions