Validation updates

oshezaf · oshezaf · commit cdd967b6aa01 · 2022-12-12T13:27:30.000+02:00
diff --git a/articles/sentinel/dns-normalization-schema.md b/articles/sentinel/dns-normalization-schema.md
@@ -189,8 +189,8 @@ Fields that appear in the table below are common to all ASIM schemas. Any guidel
 | Field | Class | Type | Description |
 |-------|-------|------|-------------|
 | <a name="srcuserid"></a>**SrcUserId**   | Optional  | String     |   A machine-readable, alphanumeric, unique representation of the source user. For more information, and for alternative fields for additional IDs, see [The User entity](normalization-about-schemas.md#the-user-entity).  <br><br>Example: `S-1-12-1-4141952679-1282074057-627758481-2916039507`    |
-| **SrcUserScope** | Optional | String | The scope, such as Azure AD tenant, in which [SrcUserId](#srcusrid) and [SrcUsername](#srcusername) are defined. or more information and list of allowed values, see [UserScope](normalization-about-schemas.md#userscope) in the [Schema Overview article](normalization-about-schemas.md).|
-| <a name="srcuseridtype"></a>**SrcUserIdType** | Optional  | UserIdType |  The type of the ID stored in the [SrcUserId](#asrcuserid) field. For more information and list of allowed values, see [UserIdType](normalization-about-schemas.md#useridtype) in the [Schema Overview article](normalization-about-schemas.md).|
+| **SrcUserScope** | Optional | String | The scope, such as Azure AD tenant, in which [SrcUserId](#srcuserid) and [SrcUsername](#srcusername) are defined. or more information and list of allowed values, see [UserScope](normalization-about-schemas.md#userscope) in the [Schema Overview article](normalization-about-schemas.md).|
+| <a name="srcuseridtype"></a>**SrcUserIdType** | Optional  | UserIdType |  The type of the ID stored in the [SrcUserId](#srcuserid) field. For more information and list of allowed values, see [UserIdType](normalization-about-schemas.md#useridtype) in the [Schema Overview article](normalization-about-schemas.md).|
 | <a name="srcusername"></a>**SrcUsername** | Optional    | Username     | The source username, including domain information when available. For more information, see [The User entity](normalization-about-schemas.md#the-user-entity).<br><br>Example: `AlbertE`     |
 | <a name="srcusernametype"></a>**SrcUsernameType**  | Optional    | UsernameType |   Specifies the type of the user name stored in the [SrcUsername](#srcusername) field. For more information, and list of allowed values, see [UsernameType](normalization-about-schemas.md#usernametype) in the [Schema Overview article](normalization-about-schemas.md). <br><br>Example: `Windows`       |
 | <a name="user"></a>**User** | Alias | | Alias to [SrcUsername](#srcusername) |
diff --git a/articles/sentinel/normalization-about-schemas.md b/articles/sentinel/normalization-about-schemas.md
@@ -19,7 +19,7 @@ Schema references outline the fields that comprise each schema. ASIM currently d
 
 | Schema | Version | Status |
 | ------ | ------- | ------ |
-| [Audit Event](normalization-schame-audit.md) | 0.1 | Preview |
+| [Audit Event](normalization-schema-audit.md) | 0.1 | Preview |
 | [Authentication Event](authentication-normalization-schema.md) | 0.1.2 | Preview |
 | [DNS Activity](dns-normalization-schema.md) | 0.1.5 | Preview |
 | [DHCP Activity](dhcp-normalization-schema.md) | 0.1 | Preview |
@@ -188,7 +188,7 @@ When the value provided by the source is an FQDN, or when the value may be eithe
 | Field               | Class       | Type       |  Description        |
 |---------------------|-------------|------------|--------------------|
 | <a name ="dvcid"></a>**DvcId**               | Optional    | String     | The unique ID of the device . For example: `41502da5-21b7-48ec-81c9-baeea8d7d669`   |
-| <a name="scopedid"></a>**ScopeId** | Optional | String | The cloud platform scope ID the device belongs to. **Scope** map to a subscription ID on Azure and to an account ID on AWS. | 
+| <a name="scopeid"></a>**ScopeId** | Optional | String | The cloud platform scope ID the device belongs to. **Scope** map to a subscription ID on Azure and to an account ID on AWS. | 
 | <a name="scope"></a>**Scope** | Optional | String | The cloud platform scope the device belongs to. **Scope** map to a subscription on Azure and to an account on AWS. | 
 | <a name="dvcidtype"></a>**DvcIdType** | Optional | Enumerated | The type of [DvcId](#dvcid). Typically this field will also identify the type of [Scope](#scope) and [ScopeId](#scopeid). This field is required if the [DvcId](#dvcid) field is used. |
 | **DvcAzureResourceId**, **DvcMDEid**, **DvcMD4IoTid**, **DvcVMConnectionId**, **DvcVectraId**, **DvcAwsVpcId** |  Optional | String | Fields used to store additional device IDs, if the original event includes multiple device IDs. Select the device ID most associated with the event as the primary ID stored in [DvcId](#dvcid). |
diff --git a/articles/sentinel/normalization-schema-audit.md b/articles/sentinel/normalization-schema-audit.md
@@ -102,11 +102,12 @@ Fields that appear in the table below are common to all ASIM schemas. Any guidel
 |---------------|--------------|------------|-----------------|
 | <a name="targetappid"></a>**TargetAppId** |Optional | String| The ID of the application to which the authorization is required, often assigned by the reporting device. <br><br>Example: `89162` |
 |<a name="targetappname"></a>**TargetAppName** |Optional |String |The name of the application to which the authorization is required, including a service, a URL, or a SaaS application. <br><br>Example: `Saleforce` |
-|<a name="application"></a>**Application** | Alias || Alias to [TargetAppName](#targetappname)
+|<a name="application"></a>**Application** | Alias || Alias to [TargetAppName](#targetappname) |
 | **TargetAppType**|Optional |AppType |The type of the application authorizing on behalf of the Actor. For more information, and allowed list of values, see [AppType](normalization-about-schemas.md#apptype) in the [Schema Overview article](normalization-about-schemas.md).|
 | <a name="targeturl"></a>**TargetUrl** |Optional |URL |The URL associated with the target application. <br><br>Example: `https://console.aws.amazon.com/console/home?fromtb=true&hashArgs=%23&isauthcode=true&nc2=h_ct&src=header-signin&state=hashArgsFromTB_us-east-1_7596bc16c83d260b` |
-| <a name="targetprocessname"></a>**TargetProcessName**              | Optional     | String     |   The file name of the process that initiated the audit event. This name is typically considered to be the process name.  <br><br>Example: `C:\Windows\explorer.exe`  || **TargetProcessId**| Optional    | String | The process ID (PID) of the process that initiated the audit event.<br><br>Example:  `48610176` <br><br>**Note**: The type is defined as *string* to support varying systems, but on Windows and Linux this value must be numeric. <br><br>If you are using a Windows or Linux machine and used a different type, make sure to convert the values. For example, if you used a hexadecimal value, convert it to a decimal value.    |
-| **TargetProcessGuid** | Optional     | String     |  A generated unique identifier (GUID) of the process that initiated the audit evnet. <br><br> Example: `EF3BD0BD-2B74-60C5-AF5C-010000001E00`     
+| <a name="targetprocessname"></a>**TargetProcessName**              | Optional     | String     |   The file name of the process that initiated the audit event. This name is typically considered to be the process name.  <br><br>Example: `C:\Windows\explorer.exe`  |
+| **TargetProcessId**| Optional    | String | The process ID (PID) of the process that initiated the audit event.<br><br>Example:  `48610176` <br><br>**Note**: The type is defined as *string* to support varying systems, but on Windows and Linux this value must be numeric. <br><br>If you are using a Windows or Linux machine and used a different type, make sure to convert the values. For example, if you used a hexadecimal value, convert it to a decimal value.    |
+| **TargetProcessGuid** | Optional     | String     |  A generated unique identifier (GUID) of the process that initiated the audit evnet. <br><br> Example: `EF3BD0BD-2B74-60C5-AF5C-010000001E00` |
 
 
 ### Target system fields
@@ -148,7 +149,7 @@ Fields that appear in the table below are common to all ASIM schemas. Any guidel
 | Field | Class | Type | Description |
 |-------|-------|------|-------------|
 | <a name="src"></a>**Src** | Recommended       | Alias     |    A unique identifier of the source device. <br><br>This field might alias the [SrcDvcId](#srcdvcid), [SrcHostname](#srchostname), or [SrcIpAddr](#srcipaddr) fields. <br><br>Example: `192.168.12.1`       |
-| <a name="srcipaddr"></a>**SrcIpAddr** | Recommended | IP address | The IP address from which the connection or session originated. This value is mandatory if **SrcHostname** is specified. If the session uses network address translation, `SrcIpAddr` is the publicly visible address, and not the original address of the source, which is stored in [SrcNatIpAddr](#srcnatipaddr)<br><br>Example: `77.138.103.108` |
+| <a name="srcipaddr"></a>**SrcIpAddr** | Recommended | IP address | The IP address from which the connection or session originated. <br><br>Example: `77.138.103.108` |
 | **IpAddr** | Alias || Alias to [SrcIpAddr](#srcipaddr), or to [TargetIpAddr](#targetipaddr) if [SrcIpAddr](#srcipaddr) is not provided. |
 | **SrcPortNumber** | Optional | Integer | The IP port from which the connection originated. Might not be relevant for a session comprising multiple connections.<br><br>Example: `2335` |
 | <a name="srchostname"></a> **SrcHostname** | Recommended | Hostname | The source device hostname, excluding domain information. If no device name is available, store the relevant IP address in this field.<br><br>Example: `DESKTOP-1282V4D` |
