Incorporates Janeen's feedback

docs/detections/session-view.asciidoc

@@ -24,23 +24,23 @@ Session View uses process data collected by the {endpoint-sec} integration,
 but this data is not collected by default. To enable Session View data, go to *Manage* -> *Policies*
 and edit one or more of your {endpoint-sec} integration policies. On the *Policy settings* tab,
 scroll down to the Linux event collection section near the bottom of the page
-and switch on the *Include session data* toggle. Only data collected by {endpoint-sec} with this setting
-enabled can be viewed in Session View.  For more information about the additional
-fields collected by {endpoint-sec} when this setting is enabled, refer to the https://github.com/elastic/ecs/blob/main/rfcs/text/0030-linux-event-model.md[Linux event model].
+and switch the *Include session data* toggle on. Session View can only display data that was
+collected by {endpoint-sec} when this setting was enabled. For more information about the additional
+fields collected by {endpoint-sec} when this setting is enabled, refer to the https://github.com/elastic/ecs/blob/main/rfcs/text/0030-linux-event-model.md[Linux event model RFC]
 
 [float]
 [[open-session-view]]
 === Open Session View
 Session View is accessible from the **Hosts**, **Alerts**, and **Timelines** pages.
-To open Session View, find an event or session you wish to view,
-then click *Open Session View* under *Actions*. For example:
+Events and sessions that you can investigate in Session View have a rectangular
+*Open Session View* button in the *Actions* column. For example:
 
-* On the Alerts page, go to *Detect* -> *Alerts*, then scroll down to view the Alerts table.
-Events viewable in Session View have a rectangular **Open Session View** icon under **Actions**:
+* On the Alerts page (*Detect* -> *Alerts*), scroll down to view the Alerts table.
+Look for alerts that have the **Open Session View** button in the **Actions** column:
 [role="screenshot"]
 image::images/session-view-action-icon-detail.png[Detail of the Open Session View icon,width=75%]
 
-* On the Hosts page, go to *Explore* -> *Hosts*, then select either the *Sessions* or the *Events* tab.
+* On the Hosts page (*Explore* -> *Hosts*), select the *Sessions* or the *Events* tab.
 From either of these tabs, click the *Open Session View* icon for an event or session.
 Labeled below are 1) the *Sessions* tab, and 2) the *Open Session View* icon:
 [role="screenshot"]
@@ -49,7 +49,7 @@ image::images/session-view-hosts-page-sessions-tab-labeled.png[Detail of the Hos
 [discrete]
 [[session-view-ui]]
 === Session View UI
-When you click *Open Session View*, the following display appears. Labeled features are described below:
+The Session View UI has the following features:
 
 [role="screenshot"]
 image::images/session-view-terminal-labeled.png[Detail of Session view with labeled UI elements,width=150%]
@@ -60,11 +60,11 @@ The buttons on the right side of the search bar allow you to jump through search
 3. The *display settings* button. Click to toggle Timestamps and Verbose mode.
 With Verbose mode enabled, Session View shows all processes created in a session, including shell startup,
 shell completion, and forks caused by built-in commands.
-It defaults to *off* in order to highlight the data most likely to be user-generated and non-standard.
+It defaults to *off* to highlight the data most likely to be user-generated and non-standard.
 4. The *Detail panel* button. Click it to toggle the Detail panel, which appears below the button
 and displays a wide range of additional information about the selected process’s ancestry and host,
 and any associated alerts. To select a process in Session View, click on it.
-5. The startup process. In this example it shows that the session was a bash session.
+5. The startup process. In this example, it shows that the session was a bash session.
 It also shows the Linux user "Ubuntu" started the session.
 6. The *Child processes* button. Click to expand or collapse a process’s children.
 You can also expand collapsed alerts and scripts where they appear.