Incorporate review comments in preparation for beta release 7.2 (#373)

* Incorporate review comments in preparation for beta release

* Add live link and more review comments

Author: karenzone

docs/en/siem/images/siem-architecture.png

@@ -98,10 +98,5 @@ To populate *Network* data, enable these {filebeat} modules:
 * {filebeat-ref}/filebeat-module-iptables.html[Iptables/Ubiquiti module]
 * {filebeat-ref}/filebeat-module-coredns.html[CoreDNS module]
 * {filebeat-ref}/filebeat-module-envoyproxy.html[Envoy proxy module (Kubernetes)]
-* Palo Alto firewall module*
-//* {filebeat-ref}/filebeat-module-panw.html[Palo Alto firewall module]
-* {filebeat-ref}//filebeat-module-cisco.html[Cisco ASA firewall module*]
-
-// Palo Alto link target currently missing in 7.x:  {filebeat-ref}/filebeat-module-panw.html[Palo Alto firewall module]
-// https://github.com/elastic/beats/blob/7.x/filebeat/docs/modules/panw.asciidoc
-
+* {filebeat-ref}/filebeat-module-panw.html[Palo Alto Networks firewall module]
+* {filebeat-ref}//filebeat-module-cisco.html[Cisco ASA firewall module]

docs/en/siem/installation.asciidoc

@@ -40,9 +40,9 @@ investigating host and network security events.
 
 [float]
 [[siem-integration]]
-==== Elastic integration
+==== Additional Elastic components
 
-{siem-soln} also integrates with other Elastic products and features to help you
+You can use {siem-soln} with other Elastic products and features to help you
 identify and investigate suspicious activity:
 
 * https://www.elastic.co/products/stack/machine-learning[{ml-cap}] 
@@ -90,13 +90,8 @@ Common Schema (ECS)].
 ** {filebeat-ref}/filebeat-module-iptables.html[Iptables/Ubiquiti module]
 ** {filebeat-ref}/filebeat-module-coredns.html[CoreDNS module]
 ** {filebeat-ref}/filebeat-module-envoyproxy.html[Envoy proxy module (Kubernetes)]
-** Palo Alto Networks firewall module*
-//** {filebeat-ref}/filebeat-module-panw.html[Palo Alto firewall module]
-** {filebeat-ref}//filebeat-module-cisco.html[Cisco ASA firewall module*]
-
-// Palo Alto link target currently missing in 7.x:  {filebeat-ref}/filebeat-module-panw.html[Palo Alto Networks firewall module]
-// https://github.com/elastic/beats/blob/7.x/filebeat/docs/modules/panw.asciidoc
-
+** {filebeat-ref}/filebeat-module-panw.html[Palo Alto Networks firewall module]
+** {filebeat-ref}//filebeat-module-cisco.html[Cisco ASA firewall module]
 
 [float]
 [[ecs]]

docs/en/siem/overview.asciidoc

@@ -16,11 +16,11 @@ The {siem-app} is a highly interactive workspace for security analysts. It is
 designed to be discoverable, clickable, draggable and droppable, expandable and
 collapsible, resizable, moveable, and so forth.
 
-The *{kibana-ref}/kuery-query.html[{kib} Query Language (KQL)] bar* is available
+The *{kibana-ref}/kuery-query.html[{kib} Query Language (KQL)]* bar is available
 throughout the {siem-app} for searching and filtering.
 
-NOTE: The default index patterns for {siem-soln} events are `auditbeat-*``, `winlogbeat-*``,
-`filebeat-*``, and `packetbeat-*`. You can change the default index patterns in
+NOTE: The default index patterns for {siem-soln} events are `auditbeat-*`, `winlogbeat-*`,
+`filebeat-*`, and `packetbeat-*`. You can change the default index patterns in
 {kib} -> Management -> Advanced Settings -> `siem:defaultIndex`.
 
 
@@ -43,7 +43,7 @@ image::overview-ui.png[]
 [[hosts-ui]]
 === Hosts
 
-The Hosts view provides provides key metrics regarding host-related security
+The Hosts view provides key metrics regarding host-related security
 events, and a set of data tables that let you interact with the Timeline Event
 Viewer. You can drag and drop items of interest from the Hosts view tables to
 Timeline for further investigation.
@@ -132,20 +132,20 @@ whether your placement is on target to create an `AND` or `OR` filters.
 [[pivot]]
 ==== Pivot your data 
 
-Right-click a drop area filter to access additional operations to exclude, temporarily
-disable, or delete the filter terms. For example, you can change an included
-filter to an exclusion.
+Click a filter to access additional operations such as exclude, temporarily
+disable, or delete items from the query. For example, you can change an included
+item so that it is excluded.
 
 [float]
 [[row-renderer]]
 ==== Get more context for each event
 As you build and modify your queries, you can see the results of your
 interactions in the details pane below. 
 
-As your query takes shape, an easy-to-follow rendered view appears for each
-event. It shows relevant contextual information that helps tell the backstory of
-the event. If you see a particular item that interests you, you can drag it to
-the drop area for further introspection.
+As your query takes shape, an easy-to-follow rendered view appears for events. It
+shows relevant contextual information that helps tell the backstory of the
+event. If you see a particular item that interests you, you can drag it to the
+drop area for further introspection.
 
 [float]
 [[other]]
@@ -154,7 +154,7 @@ the drop area for further introspection.
 The Timeline is flexible and highly interactive.  As you would expect, the
 {siem-app} lets you:
 
-* add, remove, or resize Timeline columns. 
+* add, remove, reorder, or resize Timeline columns. 
 * save, open, and list Timelines
 * add notes to individual events
 * add investigation notes for the whole Timeline