fix spelling

GitHubber17 · web-flow · commit 2aa8757bc2ae · 2022-08-11T10:02:20.000-07:00
diff --git a/articles/sentinel/sap/sap-solution-security-content.md b/articles/sentinel/sap/sap-solution-security-content.md
@@ -163,7 +163,7 @@ These watchlists provide the configuration for the Microsoft Sentinel Solution f
 | <a name="transactions"></a>**SAP - Transactions for ABAP Generations** | Transactions for ABAP generations whose execution should be governed. <br><br>- **TransactionCode**:Transaction Code, such as SE11.  <br>- **Description**: A meaningful Transaction Code description |
 | <a name="servers"></a>**SAP - FTP Servers** | FTP Servers for identification of unauthorized connections.    <br><br>- **Client**:such as 100.  <br>- **FTP_Server_Name**: FTP server name, such as http://contoso.com/ <br>-**FTP_Server_Port**:FTP server port, such as 22. <br>- **Description**A meaningful FTP Server description |
 | <a name="objects"></a>**SAP_Dynamic_Audit_Log_Monitor_Configuration** | Configure the SAP audit log alerts by assigning each message ID a severity level as required by you, per system role (production, non-production).  This watchlist details all available SAP standard audit log message IDs and can be extended to contain additional message IDs you might create on your own using ABAP enhancements on their SAP NetWeaver systems. This watchlist also allows for configuring a designated team to handle each of the event types, and excluding users by SAP roles, SAP profiles or by tags from the SAP_User_Config watchlist. This watchlist is one of the core components used for [configuring  ](deployment-solution-configuration.md#configuring-the-sap-audit-log-monitoring-analytics-rules) the [built-inSAP analytics rules for monitoring the SAP audit log](#built-in-sap-analytics-rules-for-monitoring-the-sap-audit-log)     <br><br>- **MessageID**:  The SAP Message ID, or event type, such as `AUD` (User master record changes), or `AUB ` (authorization changes)  <br>- **DetailedDescription**: A markdown enabled description to be shown on the incident pane  <br>- **ProductionSeverity**:  The desired severity for the incident to be created with for production systems `High`, `Medium`. Can be set as `Disabled` <br>- **NonProdSeverity**:  The desired severity for the incident to be created with for non-production systems `High`, `Medium`. Can be set as `Disabled`  <br>- **ProductionThreshold**     The "Per hour" count of events to be considered as suspicious for production systems `60` <br>- **NonProdThreshold**     The "Per hour" count of events to be considered as suspicious for non-production systems `10` <br>- **RolesTagsToExclude**: This field accepts SAP role name, SAP profile names or tags from the SAP_User_Config watchlist. These are then used to exclude the associated users from specific event types <br>- **RuleType**: Use `Deterministic` for the event type to be sent off to the [SAP - Dynamic Deterministic Audit Log Monitor](#sap---dynamic-deterministic-audit-log-monitor), or `AnomaliesOnly` to have this event covered by the [SAP - Dynamic Anomaly based Audit Log Monitor Alerts (PREVIEW)](#sap---dynamic-anomaly-based-audit-log-monitor-alerts-preview) 
-| <a name="objects"></a>**SAP_User_Config** | allows for fine tunning alerts by excluding /including users in specific contexts and is also used for [configuring  ](deployment-solution-configuration.md#configuring-the-sap-audit-log-monitoring-analytics-rules) the [built-inSAP analytics rules for monitoring the SAP audit log](#built-in-sap-analytics-rules-for-monitoring-the-sap-audit-log) <br><br> **SAPUser**: The SAP user <br> **Tags**: Tags are used to identify users against certain activity. For example Adding the tags ["GenericTablebyRFCOK"] to user SENTINEL_SRV will prevent RFC related incidents to be created for this specific user <br>**Other active directory user identifiers** <br>-  AD User Identifier <br>- User On-Premises Sid <br>- User Principal Name
+| <a name="objects"></a>**SAP_User_Config** | allows for fine tuning alerts by excluding /including users in specific contexts and is also used for [configuring  ](deployment-solution-configuration.md#configuring-the-sap-audit-log-monitoring-analytics-rules) the [built-inSAP analytics rules for monitoring the SAP audit log](#built-in-sap-analytics-rules-for-monitoring-the-sap-audit-log) <br><br> **SAPUser**: The SAP user <br> **Tags**: Tags are used to identify users against certain activity. For example Adding the tags ["GenericTablebyRFCOK"] to user SENTINEL_SRV will prevent RFC related incidents to be created for this specific user <br>**Other active directory user identifiers** <br>-  AD User Identifier <br>- User On-Premises Sid <br>- User Principal Name
 |
 
 

Original file line number	Diff line number	Diff line change
`@@ -163,7 +163,7 @@ These watchlists provide the configuration for the Microsoft Sentinel Solution f`
`163`	`163`	`\| <a name="transactions"></a>SAP - Transactions for ABAP Generations \| Transactions for ABAP generations whose execution should be governed. <br><br>- TransactionCode:Transaction Code, such as SE11. <br>- Description: A meaningful Transaction Code description \|`
`164`	`164`	`\| <a name="servers"></a>SAP - FTP Servers \| FTP Servers for identification of unauthorized connections. <br><br>- Client:such as 100. <br>- FTP_Server_Name: FTP server name, such as http://contoso.com/ <br>-FTP_Server_Port:FTP server port, such as 22. <br>- DescriptionA meaningful FTP Server description \|`
`165`	`165`	\| <a name="objects"></a>SAP_Dynamic_Audit_Log_Monitor_Configuration \| Configure the SAP audit log alerts by assigning each message ID a severity level as required by you, per system role (production, non-production). This watchlist details all available SAP standard audit log message IDs and can be extended to contain additional message IDs you might create on your own using ABAP enhancements on their SAP NetWeaver systems. This watchlist also allows for configuring a designated team to handle each of the event types, and excluding users by SAP roles, SAP profiles or by tags from the SAP_User_Config watchlist. This watchlist is one of the core components used for [configuring ](deployment-solution-configuration.md#configuring-the-sap-audit-log-monitoring-analytics-rules) the [built-inSAP analytics rules for monitoring the SAP audit log](#built-in-sap-analytics-rules-for-monitoring-the-sap-audit-log) <br><br>- MessageID: The SAP Message ID, or event type, such as `AUD` (User master record changes), or `AUB ` (authorization changes) <br>- DetailedDescription: A markdown enabled description to be shown on the incident pane <br>- ProductionSeverity: The desired severity for the incident to be created with for production systems `High`, `Medium`. Can be set as `Disabled` <br>- NonProdSeverity: The desired severity for the incident to be created with for non-production systems `High`, `Medium`. Can be set as `Disabled` <br>- ProductionThreshold The "Per hour" count of events to be considered as suspicious for production systems `60` <br>- NonProdThreshold The "Per hour" count of events to be considered as suspicious for non-production systems `10` <br>- RolesTagsToExclude: This field accepts SAP role name, SAP profile names or tags from the SAP_User_Config watchlist. These are then used to exclude the associated users from specific event types <br>- RuleType: Use `Deterministic` for the event type to be sent off to the [SAP - Dynamic Deterministic Audit Log Monitor](#sap---dynamic-deterministic-audit-log-monitor), or `AnomaliesOnly` to have this event covered by the [SAP - Dynamic Anomaly based Audit Log Monitor Alerts (PREVIEW)](#sap---dynamic-anomaly-based-audit-log-monitor-alerts-preview)
`166`		-\| <a name="objects"></a>SAP_User_Config \| allows for fine tunning alerts by excluding /including users in specific contexts and is also used for [configuring ](deployment-solution-configuration.md#configuring-the-sap-audit-log-monitoring-analytics-rules) the [built-inSAP analytics rules for monitoring the SAP audit log](#built-in-sap-analytics-rules-for-monitoring-the-sap-audit-log) <br><br> SAPUser: The SAP user <br> Tags: Tags are used to identify users against certain activity. For example Adding the tags ["GenericTablebyRFCOK"] to user SENTINEL_SRV will prevent RFC related incidents to be created for this specific user <br>Other active directory user identifiers <br>- AD User Identifier <br>- User On-Premises Sid <br>- User Principal Name
	`166`	+\| <a name="objects"></a>SAP_User_Config \| allows for fine tuning alerts by excluding /including users in specific contexts and is also used for [configuring ](deployment-solution-configuration.md#configuring-the-sap-audit-log-monitoring-analytics-rules) the [built-inSAP analytics rules for monitoring the SAP audit log](#built-in-sap-analytics-rules-for-monitoring-the-sap-audit-log) <br><br> SAPUser: The SAP user <br> Tags: Tags are used to identify users against certain activity. For example Adding the tags ["GenericTablebyRFCOK"] to user SENTINEL_SRV will prevent RFC related incidents to be created for this specific user <br>Other active directory user identifiers <br>- AD User Identifier <br>- User On-Premises Sid <br>- User Principal Name
`167`	`167`	`\|`
`168`	`168`
`169`	`169`