Apply suggestions from code review

Co-authored-by: gchaps <[email protected]>

docs/osquery/osquery.asciidoc

@@ -51,7 +51,7 @@ and you'll get suggestions for agents by name, ID, platform, and policy.
 [role="screenshot"]
 image::images/enter-query.png[Select saved query dropdown name showing query name and description]
 
-. (Optional) Expand the **Advanced** section to view or set <<osquery-map-fields,mapped ECS fields>>. The results from the live query include the mapped fields.
+. (Optional) Expand the **Advanced** section to view or set <<osquery-map-fields,mapped ECS fields>> included in the results from the live query.
 
 . Click **Submit**.
 
@@ -74,11 +74,11 @@ image::images/live-query-check-results.png[Results of OSquery]
 
 [float]
 [[osquery-schedule-query]]
-== Schedule queries with Packs
+== Schedule queries with packs
 
 Create packs to organize sets of queries. For example, you might create a pack that checks
 for IT compliance-type issues, and another pack that monitors for evidence of malware. 
-Packs can be scheduled to run for one or more agent policies. When scheduled, queries in the pack are run at the set intervals for all agents in those policies. Scheduling packs is optional. 
+You can schedule packs to run for one or more agent policies. When scheduled, queries in the pack are run at the set intervals for all agents in those policies. Scheduling packs is optional. 
 
 . Open the **Packs** tab.
 
@@ -90,14 +90,14 @@ Packs can be scheduled to run for one or more agent policies. When scheduled, qu
 
 * A short description of the pack.
 
-* The agent policies where this pack should be run. If no agent policies are set, then the pack is not scheduled.
+* The agent policies where this pack should run. If no agent policies are set, then the pack is not scheduled.
 
 . Add queries to schedule:
 
 * To add a query to the pack, click *Add query*, and then either add a saved query or enter a new query.
 Each query must include a unique query ID and the interval at which it should run. 
 Optionally, set the minimum Osquery version and platform,
-or <<osquery-map-fields,map ECS fields>>. Note that when you add a saved query to a pack, this adds a copy of the query. A connection is not maintained between saved queries and packs.
+or <<osquery-map-fields,map ECS fields>>. When you add a saved query to a pack, this adds a copy of the query. A connection is not maintained between saved queries and packs.
 
 * To upload queries from a .conf query pack, drag the pack to the drop zone under the query table. To explore the community packs that Osquery publishes, click *Example packs*.
 
@@ -117,7 +117,7 @@ If there are errors, expand the row to view the details.
 [role="screenshot"]
 image::images/scheduled-pack.png[Shows queries in the pack and details about each query, including the last time it ran, how many results were returned, the number of agents it ran against, and if there are errors]
 
-. View scheduled query results in <<discover,*Discover*> or the drag-and-drop <<lens,*Lens*>> editor.
+. View scheduled query results in <<discover,*Discover*>> or the drag-and-drop <<lens,*Lens*>> editor.
 
 [float]
 [[osquery-manage-query]]
@@ -146,7 +146,7 @@ Add or edit saved queries from the *Saved queries* tab.
 
 . Click *Test configuration* to test the query and any mapped fields: 
 
-* From the *Test query* panel, select agents or groups to test the query, then click *Submit*. This runs a live query for those selected. Result columns that are mapped are marked with image:images/mapped-icon.png[mapping icon]. Hover over the icon to see the mapped ECS field.
+* From the *Test query* panel, select agents or groups to test the query, then click *Submit*. This runs a live query. Result columns that are mapped are marked with image:images/mapped-icon.png[mapping icon]. Hover over the icon to see the mapped ECS field.
 
 . Click **Save query**.
 
@@ -155,8 +155,8 @@ Add or edit saved queries from the *Saved queries* tab.
 == Map result fields to ECS
 
 When you save queries or add queries to a pack, you can optionally map osquery results or static values to fields in
-the {ecs-ref}/ecs-reference.html[Elastic Common Schema] (ECS),
-which standardizes your Osquery data for use across detections, machine learning,
+the {ecs-ref}/ecs-reference.html[Elastic Common Schema] (ECS).
+This standardizes your Osquery data for use across detections, machine learning,
 and any other areas that rely on ECS-compliant data.
 When the query is run, the results include the original `osquery.<fields>`
 and the mapped ECS fields. For example, if you update a query to map `osquery.name` to `user.name`, the query results include both fields. 
@@ -165,7 +165,7 @@ and the mapped ECS fields. For example, if you update a query to map `osquery.na
 
 * For *Saved queries*: Open the *Saved queries* tab, and then click the edit icon for the query that you want to map.
 
-* For *Packs*: Open the *Packs* tab, edit a pack, and then click the edit icon for the query that you want to map.
+* For *packs*: Open the *Packs* tab, edit a pack, and then click the edit icon for the query that you want to map.
 
 . In the **ECS mapping** section, select an **ECS field** to map. 
 
@@ -189,8 +189,8 @@ Note:
 
 ** Some ECS fields are restricted to a set of allowed values, like {ecs-ref}/ecs-event.html#field-event-category[event.category]. Use the {ecs-ref}/ecs-field-reference.html[ECS Field Reference] for help when mapping fields. 
 
-** Osquery date fields have a variety of data types (including integer, text, or bigint). When mapping an Osquery date field to an ECS date field, you may need to use SQL operators in the query to get an {es}-compatible 
-{es-ref}/date.html[date] type. 
+** Osquery date fields have a variety of data types (including integer, text, or bigint). When mapping an Osquery date field to an ECS date field, you might need to use SQL operators in the query to get an {es}-compatible 
+{ref}/date.html[date] type. 
 
 [float]
 [[osquery-extended-tables]]
@@ -231,15 +231,15 @@ the results are still returned.
 [[osquery-results]]
 == Osquery results
 
-To see a list of the Osquery fields that can be returned in query results,
+For a list of the Osquery fields that can be returned in query results,
 refer to https://docs.elastic.co/en/integrations/osquery_manager#exported-fields[exported fields].
 Query results can also include ECS fields, if the query has a defined ECS mapping.
 
 Osquery responses include the following information:
 
 * Everything prefaced with `osquery.` is part of the query response. These fields are not mapped to ECS by default.
 
-* Results include some ECS fields by default, like `host.*` and `agent.*`, that provide information about the host that was queried.
+* Results include some ECS fields by default, such as `host.*` and `agent.*`, which provide information about the host that was queried.
 
 * For live queries, the `action_data.query` is the query that was sent.
 
@@ -286,17 +286,17 @@ This is useful for teams who need in-depth and detailed control.
 === Customize Osquery configuration
 By default, all Osquery Manager integrations share the same osquery configuration. However, you can customize how osquery is configured by editing the Osquery Manager integration for each agent policy
 you want to adjust. The custom configuration is then applied to all agents in the policy. 
-This is an incredibly powerful feature, because it allows you to configure
-things like https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring[File Integrity Monitoring], https://osquery.readthedocs.io/en/stable/deployment/process-auditing[Process auditing], 
+This powerful feature allows you to configure
+https://osquery.readthedocs.io/en/stable/deployment/file-integrity-monitoring[File Integrity Monitoring], https://osquery.readthedocs.io/en/stable/deployment/process-auditing[Process auditing], 
 and https://osquery.readthedocs.io/en/stable/deployment/configuration/#configuration-specification[others].
 
-NOTE: Take caution when editing this configuration. The changes you make are distributed to all agents in the policy.
+IMPORTANT: Take caution when editing this configuration. The changes you make are distributed to all agents in the policy.
 
 . From the {kib} main menu, click *Fleet*, then the *Agent policies* tab.
 
 . Click the name of the agent policy where you want to adjust the Osquery configuration. The configuration changes you make only apply to the policy you select.
 
-. Click the name of the Osquery Manager integration, or add the integration first if the agent policy does not yet have it.
+. Click the name of the *Osquery Manager* integration, or add the integration first if the agent policy does not yet have it.
 
 . From the *Edit Osquery Manager integration* page, expand the *Advanced* section.