Updated investigate-alerts-windows-defender-advanced-threat-protection.md

windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection.md

@@ -54,14 +54,11 @@ Some actor profiles include a link to download a more comprehensive threat intel
 The detailed alert profile helps you understand who the attackers are, who they target, what techniques, tools, and procedures (TTPs) they use, which geolocations they are active in, and finally, what recommended actions you may take. In many cases, you can download a more detailed Threat Intelligence report about this attacker or campaign for offline reading.
 
 ## Alert process tree
-The **Alert process tree** takes alert triage and investigation to the next level, displaying the alert and related evidence, together with other events that occurred within the same execution context and time. This rich triage context of the alert and surrounding events is available on the alert page.
+The **Alert process tree** takes alert triage and investigation to the next level, displaying the aggregated alert and surrounding evidence that occurred within the same execution context and time period. This rich triage and investigation context is available on the alert page.
 
 ![Image of the alert process tree](images/atp-alert-process-tree.png)
 
-The **Alert process tree** expands to display the execution path of the alert, its evidence, and related events that occurred in the minutes - before and after - the alert.
-
-The alert and related events or evidence have circles with thunderbolt icons inside them.
-
+The **Alert process tree** expands to display the execution path of the alert and related evidence that occurred around the same period. Evidence items that are marked with a thunderbolt icon should be given priority during investigation.
 
 >[!NOTE]
 >The alert process tree might not be available in some alerts.