Updating what's new

Author: limwainstein

articles/sentinel/sap/configure-audit-log-rules.md

@@ -19,7 +19,7 @@ You use two analytics rules to monitor and analyze your SAP audit log data:
 - **SAP - Dynamic Deterministic Audit Log Monitor (PREVIEW)**. Alerts on any SAP audit log events with minimal configuration. You can configure the rule for an even lower false-positive rate. [Learn how to configure the rule](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-for-sap-news-dynamic-sap-security-audit-log/ba-p/3326842). 
 - **SAP - Dynamic Anomaly based Audit Log Monitor Alerts (PREVIEW)**. Alerts on SAP audit log events when anomalies are detected, using machine learning capabilities and with no coding required. [Learn how to configure the rule](#set-up-the-sap---dynamic-deterministic-audit-log-monitor-for-anomaly-detection).
 
-The two [SAP Audit log monitor rules](sap-solution-security-content.md#built-in-sap-analytics-rules-for-monitoring-the-sap-audit-log) are delivered as ready to run out of the box, and allow for further fine tuning using the [SAP_Dynamic_Audit_Log_Monitor_Configuration and SAP_User_Config watchlist](sap-solution-security-content.md#available-watchlists).
+The two [SAP Audit log monitor rules](sap-solution-security-content.md#built-in-sap-analytics-rules-for-monitoring-the-sap-audit-log) are delivered as ready to run out of the box, and allow for further fine tuning using the [SAP_Dynamic_Audit_Log_Monitor_Configuration and SAP_User_Config watchlists](sap-solution-security-content.md#available-watchlists).
 
 ## Anomaly detection
 

articles/sentinel/whats-new.md

@@ -27,13 +27,17 @@ If you're looking for items older than six months, you'll find them in the [Arch
 
 ## September 2022
 
+- [Out of the box anomaly detection on the SAP audit log (Preview)](#out-of-the-box-anomaly-detection-on-the-sap-audit-log-preview)
+
 ### Out of the box anomaly detection on the SAP audit log (Preview)
 
-The SAP audit log records audit and security actions on SAP systems, like failed sign-in attempts or other suspicious actions. You can monitor the SAP audit log using Microsoft Sentinel built-in analytics rules. 
+The SAP audit log records audit and security events on SAP systems, like failed sign-in attempts or other over 200 security related actions. Customers monitor the SAP audit log and generate alerts and incidents out of the box using Microsoft Sentinel built-in analytics rules.
+
+The Microsoft Sentinel for SAP solution now includes the [**SAP - Dynamic Anomaly Detection analytics**](configure-audit-log-rules.md#anomaly-detection) rule, adding an out of the box capability to identify suspicious anomalies across the SAP audit log events.
 
-Previously, the existing **SAP - Dynamic Deterministic Audit Log Monitor (PREVIEW)** rule alerts on any SAP audit log events with [minimal configuration](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-for-sap-news-dynamic-sap-security-audit-log/ba-p/3326842).
+Now, together with the existing ability to identify threats deterministically based on predefined patterns and thresholds, customers can easily identify suspicious anomalies in the SAP security log, out of the box, with no coding required.
 
-The latest version of the Microsoft Sentinel for SAP solution includes the **SAP - Dynamic Anomaly based Audit Log Monitor Alerts (PREVIEW)** rule, providing [anomaly detection](configure-audit-log-rules.md#anomaly-detection) for SAP audit log events. With this feature, you can instruct Microsoft Sentinel to check specific event types deterministically (based on predefined patterns), or to check the event type for anomalies, using the [SAP_Dynamic_Audit_Log_Monitor_Configuration and SAP_User_Config watchlists](sap-solution-security-content.md#available-watchlists) and with no coding required.   
+The new capability can be fine-tuned by editing the [SAP_Dynamic_Audit_Log_Monitor_Configuration and SAP_User_Config watchlists](sap-solution-security-content.md#available-watchlists).
 
 ## August 2022