This time, actually added more <div class="alert">

windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md

@@ -104,11 +104,11 @@ The package contains the following folders:
 | Prefetch files| Windows Prefetch files are designed to speed up the application startup process. It can be used to track all the files recently used in the system and find traces for applications that might have been deleted but can still be found in the prefetch file list. </br></br> - Prefetch folder –  Contains a copy of the prefetch files from `%SystemRoot%\Prefetch`. NOTE: It is suggested to download a prefetch file viewer to view the prefetch files. </br></br> - PrefetchFilesList.txt – Contains the list of all the copied files which can be used to track if there were any copy failures to the prefetch folder.                                                                                                      |
 | Processes| Contains a .CSV file listing the running processes, which provides the ability to identify current processes running on the device. This can be useful when identifying a suspicious process and its state.                                                                                                                                                                                                       |
 | Scheduled tasks| Contains a .CSV file listing the scheduled tasks, which can be used to identify routines performed automatically on a chosen device to look for suspicious code which was set to run automatically.                                                                                                                                                                                                      |
-| Security event log| Contains the security event log, which contains records of login or logout activity, or other security-related events specified by the system's audit policy. </br></br>NOTE: Open the event log file using Event viewer.                                                                                      |
+| Security event log| Contains the security event log, which contains records of login or logout activity, or other security-related events specified by the system's audit policy. </br></br><div class="alert"><b>NOTE:</b> Open the event log file using Event viewer.</div>                                                                                    |
 | Services| Contains a .CSV file that lists services and their states.                                                                                      |
-| Windows Server Message Block (SMB) sessions | Lists shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. This can help identify data exfiltration or lateral movement. </br></br> Contains files for SMBInboundSessions and SMBOutboundSession. </br></br> NOTE: If there are no sessions (inbound or outbound), you'll get a text file which tell you that there are no SMB sessions found.                                                                                                                            |
+| Windows Server Message Block (SMB) sessions | Lists shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. This can help identify data exfiltration or lateral movement. </br></br> Contains files for SMBInboundSessions and SMBOutboundSession. </br></br> <div class="alert"><b>NOTE:</b> If there are no sessions (inbound or outbound), you'll get a text file which tell you that there are no SMB sessions found.</div>                                                                                                                          |
 | System Information| Contains a SystemInformation.txt file which lists system information such as OS version and network cards.                                                                                     |
-| Temp Directories| Contains a set of text files that lists the files located in %Temp% for every user in the system. </br></br> This can help to track suspicious files that an attacker may have dropped on the system. </br></br> NOTE: If the file contains the following message: “The system cannot find the path specified”, it means that there is no temp directory for this user, and might be because the user didn’t log in to the system.                                                                                                                                            |
+| Temp Directories| Contains a set of text files that lists the files located in %Temp% for every user in the system. </br></br> This can help to track suspicious files that an attacker may have dropped on the system. </br></br> <div class="alert"><b>NOTE:</b> If the file contains the following message: “The system cannot find the path specified”, it means that there is no temp directory for this user, and might be because the user didn’t log in to the system.</div>                                                                                                                                         |
 | Users and Groups| Provides a list of files that each represent a group and its members.                                                                                                                   |
 |WdSupportLogs| Provides the MpCmdRunLog.txt and MPSupportFiles.cab                                                                                                                   |
 | CollectionSummaryReport.xls| This file is a summary of the investigation package collection, it contains the list of data points, the command used to extract the data, the execution status, and the error code in case of failure. You can use this report to track if the package includes all the expected data and identify if there were any errors. |