diff --git a/rules/okta_rules/okta_app_refresh_access_token_reuse.yml b/rules/okta_rules/okta_app_refresh_access_token_reuse.yml
index 4126aed47..8afafca42 100644
--- a/rules/okta_rules/okta_app_refresh_access_token_reuse.yml
+++ b/rules/okta_rules/okta_app_refresh_access_token_reuse.yml
@@ -1,5 +1,9 @@
 AnalysisType: rule
-Description: https://developer.okta.com/docs/guides/refresh-tokens/main/#refresh-token-reuse-detection
+Description: |-
+  When a client wants to renew an access token, it sends the refresh token with the access token request to the /token Okta endpoint. 
+  Okta validates the incoming refresh token, issues a new set of tokens and invalidates the refresh token that was passed with the initial request.
+  This detection alerts when a previously used refresh token is used again with the token request
+Reference: https://developer.okta.com/docs/guides/refresh-tokens/main/#refresh-token-reuse-detection
 DisplayName: "Okta App Refresh Access Token Reuse"
 Enabled: true
 Filename: okta_app_refresh_access_token_reuse.py
diff --git a/rules/okta_rules/okta_threatinsight_security_threat_detected.yml b/rules/okta_rules/okta_threatinsight_security_threat_detected.yml
index d9d908d84..4a22aa534 100644
--- a/rules/okta_rules/okta_threatinsight_security_threat_detected.yml
+++ b/rules/okta_rules/okta_threatinsight_security_threat_detected.yml
@@ -1,5 +1,6 @@
 AnalysisType: rule
-Description: https://help.okta.com/en-us/Content/Topics/Security/threat-insight/configure-threatinsight-system-log.htm
+Description: Okta ThreatInsight identified request from potentially malicious IP address
+Reference: https://help.okta.com/en-us/Content/Topics/Security/threat-insight/configure-threatinsight-system-log.htm
 DisplayName: "Okta ThreatInsight Security Threat Detected"
 Enabled: true
 Filename: okta_threatinsight_security_threat_detected.py
diff --git a/rules/okta_rules/okta_user_reported_suspicious_activity.yml b/rules/okta_rules/okta_user_reported_suspicious_activity.yml
index b5f9bc135..558fa976b 100644
--- a/rules/okta_rules/okta_user_reported_suspicious_activity.yml
+++ b/rules/okta_rules/okta_user_reported_suspicious_activity.yml
@@ -2,7 +2,7 @@ AnalysisType: rule
 Description: |-
     Suspicious Activity Reporting provides an end user with the option to report unrecognized activity from an account activity email notification.
     This detection alerts when a user marks the raised activity as suspicious. 
-    https://help.okta.com/en-us/Content/Topics/Security/suspicious-activity-reporting.htm
+Reference: https://help.okta.com/en-us/Content/Topics/Security/suspicious-activity-reporting.htm
 DisplayName: "Okta User Reported Suspicious Activity"
 Enabled: true
 Filename: okta_user_reported_suspicious_activity.py