formatting fix

Author: yelevin

articles/sentinel/create-analytics-rules.md

@@ -78,7 +78,7 @@ In the Azure portal, stages are represented visually as tabs. In the Defender po
     | **Description** | A free-text description for your rule. |
     | **Severity** | Match the impact the activity triggering the rule might have on the target environment, should the rule be a true positive.<br><br>**Informational**: No impact on your system, but the information might be indicative of future steps planned by a threat actor.<br>**Low**: The immediate impact would be minimal. A threat actor would likely need to conduct multiple steps before achieving an impact on an environment.<br>**Medium**: The threat actor could have some impact on the environment with this activity, but it would be limited in scope or require additional activity.<br> **High**: The activity identified provides the threat actor with wide ranging access to conduct actions on the environment or is triggered by impact on the environment. |
     | **MITRE ATT&CK** | Choose those threat activities which apply to your rule. Select from among the **MITRE ATT&CK** tactics and techniques presented in the drop-down list. You can make multiple selections.<br><br>For more information on maximizing your coverage of the MITRE ATT&CK threat landscape, see [Understand security coverage by the MITRE ATT&CK® framework](mitre-coverage.md). |
-    | **Status** | If you want the rule to run immediately after you finish creating it, leave the status set to **Enabled**. Otherwise, select **Disabled**, and enable it later from your **Active rules** tab when you need it. Or enable the rule without it running immediately by scheduling the rule's first run at a specific date and time. See [Schedule and scope the query](#schedule-and-scope-the-query).
+    | **Status** | If you want the rule to run immediately after you finish creating it, leave the status set to **Enabled**. Otherwise, select **Disabled**, and enable it later from your **Active rules** tab when you need it. Or enable the rule without it running immediately by scheduling the rule's first run at a specific date and time. See [Schedule and scope the query](#schedule-and-scope-the-query). |
 
 1. Select **Next: Set rule logic**.
 
@@ -104,7 +104,6 @@ The next step is to set the rule logic which includes adding the Kusto query tha
     | **Map entities** | Expand **Entity mapping** and define up to 10 entity types recognized by Microsoft Sentinel onto fields in your query results. This mapping integrates the identified entities into the [*Entities* field in your alert schema](security-alert-schema.md).<br><br>For complete instructions on mapping entities, see [Map data fields to entities in Microsoft Sentinel](map-data-fields-to-entities.md). |
     | **Surface custom details in your alerts** | Expand **Custom details** and define any fields in your query results you wish to be surfaced in your alerts as custom details. These fields appear in any incidents that result as well.<br><br> For complete instructions on surfacing custom details, see [Surface custom event details in alerts in Microsoft Sentinel](surface-custom-details-in-alerts.md). |
     | **Customize alert details** | Expand **Alert details** and customize otherwise-standard alert properties according to the content of various fields in each individual alert. For example, customize the alert name or description to include a username or IP address featured in the alert.<br><br>For complete instructions on customizing alert details, see [Customize alert details in Microsoft Sentinel](customize-alert-details.md). |
-    |
 
 1. <a name="schedule-and-scope-the-query"></a>**Schedule and scope the query.** Set the following parameters in the **Query scheduling** section: