From 7d9a84fc778f33455be87ce5004395d17f53d47c Mon Sep 17 00:00:00 2001
From: MrSharpBones <127972050+MrSharpBones@users.noreply.github.com>
Date: Thu, 10 Oct 2024 11:29:28 -0400
Subject: [PATCH] Update readme.md

---
 Playbooks/MDTI-Actor-Lookup/readme.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Playbooks/MDTI-Actor-Lookup/readme.md b/Playbooks/MDTI-Actor-Lookup/readme.md
index dcb5d4ab5f..65c58b1543 100644
--- a/Playbooks/MDTI-Actor-Lookup/readme.md
+++ b/Playbooks/MDTI-Actor-Lookup/readme.md
@@ -52,7 +52,9 @@ Good question!  Organizations struggle to operationalize threat intel, meaning h
 
 To get started with the MDTI Actor Lookup project, you'll need to have an Azure account and the necessary permissions to deploy resources.  Also this playbook will use Copilot for Security to provide threat actor summaries.  The MDTI API is a licensed feature, if you do not have the license please reach out to your account representative for purchase info and/or trial assistance.
 
-You can however just use the MDTI API and the function app and hook them into whichever system you'd like.  You'll lose the SOAR functionality but you'll stil get the benefit of lightning fast infra chaining.
+You can however just use the MDTI API and the function app and hook them into whichever system you'd like.  You'll lose the SOAR functionality but you'll stil get the benefit of lightning fast infra chaining.  Also you could use Copilot for more enrichment also, consider also adding a teams card or an email to alert your internal groups that an actor group has been found.
+
+There is no current condition to limit the history of the lookup, this is because if you're too recent you might miss that you had some interaction months ago, as well you'd not be able to link groups together like in this video - 
 
 ## Deployment of the Function App