Docs latest

docs/configure/priority.md

@@ -6,13 +6,13 @@ The priority field is very generic by default and should be updated to suite you
 
 Type | Condition | Severity | Description
 ---- | --------- | -------- | -----------
-RegEx | domain_controller | `critical` | All domain controllers
-RegEx | server\|ubuntu\|rhel\|linux | `high` | Servers
+RegEx\* | domain_controller | `critical` | All domain controllers
+RegEx\* | server\|ubuntu\|rhel\|linux | `high` | Servers
 boolean | true() | `medium` | catch-all. Remaining devices receive medium severity.
 
 
 !!! note ""
-    Regex Match is performed on the category field.
+    \*Regex Match is performed on the category field.
 
 Default priority field definition
 

docs/index.md

@@ -10,28 +10,27 @@ hide:
 
 The SA-CrowdstrikeDevices add-on allows Splunk Enterprise Security admins to use Crowdstrike device data with the Asset Database.
 
-!!! important
-    This Supporting add-on only works if [Splunk Enterprise Security](https://splunkbase.splunk.com/app/263) is installed.
+!!! important "This Supporting add-on is only intended to work with [Splunk Enterprise Security](https://splunkbase.splunk.com/app/263) deployments."
 
 !!! quote ""
     __*Disclaimer*__
 
-    *This Splunk Supporting Add-on is __not__ affiliated with* [__Crowdstrike__](https://www.crowdstrike.com) *and is not sponsored or sanctioned by the Crowdstrike team. As such, the included documentation does not contain information on how to get started with the Crowdstrike. Rather, this documentation serves as a guide to use Crowdstrike device data with Splunk Enterprise Security. Please visit [https://www.crowdstrike.com](https://www.crowdstrike.com) for more information about Crowdstrike.*
+    *This Splunk Supporting Add-on is __not__ affiliated with* [__Crowdstrike, Inc.__](https://www.crowdstrike.com) *and is not sponsored or sanctioned by the Crowdstrike team. As such, the included documentation does not contain information on how to get started with the Crowdstrike. Rather, this documentation serves as a guide to use Crowdstrike device data with Splunk Enterprise Security. Please visit [https://www.crowdstrike.com](https://www.crowdstrike.com) for more information about Crowdstrike.*
 
 ## Assumptions
 
 This documentation assumes the following:
 
-1. You have a working Splunk Enterprise Security environment. **This add-on will not work without Splunk ES.**
+1. You have a working Splunk Enterprise Security environment. __This add-on is not inteded to work without Splunk ES.__
 2. You already have Crowdstrike device data ingested using the [Crowdstrike Devices technical add-on](https://splunkbase.splunk.com/app/5570).
 3. Familiarity with setting up a new Asset source in Enterprise Security.
 
 ## About
 
 Info | Description
 ------|----------
-SA-CrowdstrikeDevices | 1.0.1 - [Splunkbase](https://splunkbase.splunk.com/app/6573) [GitHub](https://github.com/ZachChristensen28/SA-CrowdstrikeDevices)
-Splunk Enterprise Security Version <small>(Required)</small> | [7.x, 6.x](https://splunkbase.splunk.com/app/263)
+SA-CrowdstrikeDevices | 1.0.1 - [Splunkbase](https://splunkbase.splunk.com/app/6573) \| [GitHub](https://github.com/ZachChristensen28/SA-CrowdstrikeDevices)
+Splunk Enterprise Security Version <small>(Required)</small> | [7.x \| 6.x](https://splunkbase.splunk.com/app/263)
 Crowdstrike Devices Add-on <small>(Required)</small> | [3.x](https://splunkbase.splunk.com/app/5570)
 Add-on has a web UI | No, this add-on does not contain views.
 

docs/quickstart/prerequisites.md

@@ -5,5 +5,5 @@
 
 Required App | Version | Description
 ------------ | ------- | -----------
-[Splunk Enterprise Security](https://splunkbase.splunk.com/app/263) | 7.x, 6.x | This add-on supports Splunk ES and is not designed to work without it.
+[Splunk Enterprise Security](https://splunkbase.splunk.com/app/263) | 7.x \| 6.x | This add-on supports Splunk ES and is not designed to work without it.
 [Crowdstrike Devices technical add-on](https://splunkbase.splunk.com/app/5570) | 3.x | Crowdstrike device data must be brought in prior to installing this add-on. See [Crowdstrike's documentation](https://www.crowdstrike.com/resources/guides/crowdstrike-falcon-devices-add-on-for-splunk-guide-3-1/) for more information.

docs/quickstart/quickstart.md

@@ -27,6 +27,8 @@ Macro | Default | Description
 1. Set the "Owner" dropdown to `any`.
 1. Click the macro named `sa_crowdstrike_index` to update the index definition.
 
+---
+
 ## Enable asset correlation
 
 Confirm asset correlation has been setup in Enterprise Security.
@@ -37,11 +39,15 @@ Confirm asset correlation has been setup in Enterprise Security.
     - If you choose to enable select sourcetypes, ensure the `stash` sourcetype is also selected so Notable events will be enriched with asset information.
 1. Save.
 
+---
+
 ## Disable existing asset sources
 
 !!! info "optional"
 
-It may be possible that you have existing Asset Lookups defined. If Crowdstrike is widely deployed in your environment the other existing lookups may no longer be needed.
+It may be possible that you have existing Asset Lookups defined. If Crowdstrike is widely deployed in your environment the existing lookups may no longer be needed.
+
+---
 
 ## Update default saved search schedule
 

docs/reference/all-configurations.md

@@ -6,12 +6,12 @@ hide:
 
 Below is a table that list all configuration for this add-on.
 
-Name | Type | Web Location | *CLI Location | Description
+Name | Type | Web Location | CLI Location\* | Description
 ---- | ---- | ------------ | ------------- | -----------
 Crowdstrike Devices Lookup - Gen | Saved Search | Settings > Searches reports, and alerts | savedsearches.conf | Populates the lookup file `crowdstrike_devices`.
 crowdstrike_devices | lookup | Settings > Lookups > Lookup definitions | transforms.conf | Lookup definition for the KVStore collection `crowdstrike_devices_collection`.
-crowdstrike_devices_collection | KVStore collection | **n/a | collections.conf | KVStore configuration.
-sa_crowdstrike_index | search macro | Settings > Advanced Search > Search Macros | macros.conf | Index definition for the crowdstrike index that contains the sourcetype `crowdstrike:device:json`.
+crowdstrike_devices_collection | KVStore collection | n/a\*\* | collections.conf | KVStore configuration.
+sa_crowdstrike_index | Search macro | Settings > Advanced Search > Search Macros | macros.conf | Index definition for the crowdstrike index that contains the sourcetype `crowdstrike:device:json`.
 identity_manager://crowdstrike_devices | Asset lookup configuration | Enterprise Security > Configure > Data Enrichment > Asset and Identity Management > Asset Lookups | inputs.conf | Asset configuration lookup to load Crowdstrike devices into the asset database.
 
 > \*CLI locations are relative to `SA-SandflyDevices/default`. Any update to CLI configuration files should be done in the local directory.