MicrosoftDocs
diff --git a/‎articles/sentinel/audit-table-reference.md
Lines changed: 10 additions & 10 deletions b/‎articles/sentinel/audit-table-reference.md
Lines changed: 10 additions & 10 deletions
diff --git a/‎articles/sentinel/health-audit.md
Lines changed: 2 additions & 1 deletion b/‎articles/sentinel/health-audit.md
Lines changed: 2 additions & 1 deletion
diff --git a/‎articles/sentinel/media/monitor-analytics-rule-integrity/activity-by-rule-name-and-caller.png
41.5 KB b/‎articles/sentinel/media/monitor-analytics-rule-integrity/activity-by-rule-name-and-caller.png
41.5 KB
diff --git a/‎articles/sentinel/media/monitor-analytics-rule-integrity/analytics-health-workbook-audit-tab.png
20.4 KB b/‎articles/sentinel/media/monitor-analytics-rule-integrity/analytics-health-workbook-audit-tab.png
20.4 KB
diff --git a/‎articles/sentinel/media/monitor-analytics-rule-integrity/analytics-health-workbook-health-tab.png
20.6 KB b/‎articles/sentinel/media/monitor-analytics-rule-integrity/analytics-health-workbook-health-tab.png
20.6 KB
diff --git a/‎articles/sentinel/media/monitor-analytics-rule-integrity/analytics-health-workbook-overview.png
57.9 KB b/‎articles/sentinel/media/monitor-analytics-rule-integrity/analytics-health-workbook-overview.png
57.9 KB
diff --git a/‎articles/sentinel/media/monitor-analytics-rule-integrity/analytics-rule-runs-over-time.png
30.9 KB b/‎articles/sentinel/media/monitor-analytics-rule-integrity/analytics-rule-runs-over-time.png
30.9 KB
diff --git a/‎articles/sentinel/media/monitor-analytics-rule-integrity/audit-activity-for-rule.png
51.5 KB b/‎articles/sentinel/media/monitor-analytics-rule-integrity/audit-activity-for-rule.png
51.5 KB
diff --git a/‎articles/sentinel/media/monitor-analytics-rule-integrity/audit-trending-by-activity.png
23.3 KB b/‎articles/sentinel/media/monitor-analytics-rule-integrity/audit-trending-by-activity.png
23.3 KB
diff --git a/‎articles/sentinel/media/monitor-analytics-rule-integrity/health-events-for-rule.png
54.1 KB b/‎articles/sentinel/media/monitor-analytics-rule-integrity/health-events-for-rule.png
54.1 KB
@@ -28,13 +28,13 @@ The following table describes the columns and data generated in the SentinelAudi
 | ColumnName               | ColumnType     | Description                                                    |
 | ------------------------ | -------------- | -------------------------------------------------------------- |
 | **TenantId**             | String         | The tenant ID for your Microsoft Sentinel workspace.           |
-| **TimeGenerated**        | Datetime       | The time (UTC) at which the audit event occurred.              |
+| **TimeGenerated**        | Datetime       | The time (UTC) at which the audited activity occurred.              |
 | <a name="operationname_audit"></a>**OperationName** | String   | The Azure operation being recorded. For example:<br>- `Microsoft.SecurityInsights/alertRules/Write`<br>- `Microsoft.SecurityInsights/alertRules/Delete` |
-| <a name="sentinelresourceid_audit"></a>**SentinelResourceId** | String         | The unique identifier of the Microsoft Sentinel workspace and the associated resource on which the audit event occurred. |
+| <a name="sentinelresourceid_audit"></a>**SentinelResourceId** | String         | The unique identifier of the Microsoft Sentinel workspace and the associated resource on which the audited activity occurred. |
 | **SentinelResourceName** | String         | The resource name. For analytics rules, this is the rule name. |
 | <a name="status_audit"></a>**Status**     | String         | Indicates `Success` or `Failure` for the [OperationName](#operationname_audit). |
 | **Description**          | String         | Describes the operation, including extended data as needed. For example, for failures, this column might indicate the failure reason. |
-| **WorkspaceId**          | String         | The workspace GUID on which the audit issue occurred. The full Azure Resource Identifier is available in the [SentinelResourceID](#sentinelresourceid_audit) column. |
+| **WorkspaceId**          | String         | The workspace GUID on which the audited activity occurred. The full Azure Resource Identifier is available in the [SentinelResourceID](#sentinelresourceid_audit) column. |
 | **SentinelResourceType** | String         | The Microsoft Sentinel resource type being monitored.          |
 | **SentinelResourceKind** | String         | The specific type of resource being monitored. For example, for analytics rules: `NRT`. |
 | **CorrelationId**        | String         | The event correlation ID in GUID format.                       |
@@ -59,15 +59,15 @@ Extended properties for analytics rules reflect certain [rule settings](detect-t
 | **CallerName**           | String         | The user or application that initiated the action.              |
 | **OriginalResourceState** | Dynamic (json) | A JSON bag that describes the rule before the change.          |
 | **Reason**               | String     | The reason why the operation failed. For example: `No permissions`. |
-| **ResourceDiffMemberNames** | Array\[String\] | An array of the properties that changed on the relevant resource. For example: `['custom_details','look_back']`. |
-| **ResourceDisplayName**  | String         | Name of the analytics rule on which the audit issue occurred.   |
-| **ResourceGroupName**    | String      | Resource group of the workspace on which the audit issue occurred. |
-| **ResourceId**      | String     | The resource ID of the analytics rule on which the audit issue occurred. |
-| **SubscriptionId**  | String      | The subscription ID of the workspace on which the audit issue occurred. |
+| **ResourceDiffMemberNames** | Array\[String\] | An array of the properties of the rule that were changed by the audited activity. For example: `['custom_details','look_back']`. |
+| **ResourceDisplayName**  | String         | Name of the analytics rule on which the audited activity occurred.   |
+| **ResourceGroupName**    | String      | Resource group of the workspace on which the audited activity occurred. |
+| **ResourceId**      | String     | The resource ID of the analytics rule on which the audited activity occurred. |
+| **SubscriptionId**  | String      | The subscription ID of the workspace on which the audited activity occurred. |
 | **UpdatedResourceState** | Dynamic (json) | A JSON bag that describes the rule after the change.            |
 | **Uri**                  | String         | The full-path resource ID of the analytics rule.                |
-| **WorkspaceId**        | String       | The resource ID of the workspace on which the audit issue occurred. |
-| **WorkspaceName**        | String         | The name of the workspace on which the audit issue occurred.    |
+| **WorkspaceId**        | String       | The resource ID of the workspace on which the audited activity occurred. |
+| **WorkspaceName**        | String         | The name of the workspace on which the audited activity occurred.    |
 
 
 ## Next steps
 
@@ -66,9 +66,10 @@ To start collecting health and audit data, you need to [enable health and audit
     - [Automation rules and playbooks](monitor-automation-health.md#get-the-complete-automation-picture) (join query with Azure Logic Apps diagnostics)
     - [Analytics rules](monitor-analytics-rule-integrity.md#run-queries-to-detect-health-and-integrity-issues)
 
-- Use the health monitoring workbooks provided in Microsoft Sentinel.
+- Use the auditing and health monitoring workbooks provided in Microsoft Sentinel.
     - [Data connectors](monitor-data-connector-health.md#use-the-health-monitoring-workbook)
     - [Automation rules and playbooks](monitor-automation-health.md#use-the-health-monitoring-workbook)
+    - [Analytics rules](monitor-analytics-rule-integrity.md#use-the-auditing-and-health-monitoring-workbook)
 
 - Export the data into various destinations, like your Log Analytics workspace, archiving to a storage account, and more. Learn about the [supported destinations](../azure-monitor/essentials/diagnostic-settings.md) for your logs.