Adding what's new

limwainstein · limwainstein · commit efd5f888e2e6 · 2022-09-07T17:53:42.000+03:00
diff --git a/articles/sentinel/sap/configure-audit-log-rules.md b/articles/sentinel/sap/configure-audit-log-rules.md
@@ -16,10 +16,10 @@ With these rules, you can monitor all audit log events, or get alerts only when
 
 You use two analytics rules to monitor and analyze your SAP audit log data:
 
-- **SAP - Dynamic Deterministic Audit Log Monitor**. Alerts on SAP audit log events only when anomalies are detected, using machine learning capabilities and with no coding required. [Learn how to configure the rule](#set-up-the-sap---dynamic-deterministic-audit-log-monitor-for-anomaly-detection).
-- **SAP - Dynamic Anomaly based Audit Log Monitor Alerts (PREVIEW)**. Alerts on any SAP audit log events with minimal configuration. You can configure the rule for an even lower false-positive rate. [Learn how to configure the rule](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-for-sap-news-dynamic-sap-security-audit-log/ba-p/3326842).
+- **SAP - Dynamic Deterministic Audit Log Monitor (PREVIEW)**. Alerts on any SAP audit log events with minimal configuration. You can configure the rule for an even lower false-positive rate. [Learn how to configure the rule](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-for-sap-news-dynamic-sap-security-audit-log/ba-p/3326842). 
+- **SAP - Dynamic Anomaly based Audit Log Monitor Alerts (PREVIEW)**. Alerts on SAP audit log events when anomalies are detected, using machine learning capabilities and with no coding required. [Learn how to configure the rule](#set-up-the-sap---dynamic-deterministic-audit-log-monitor-for-anomaly-detection).
 
-The two [SAP Audit log monitor rules](sap-solution-security-content.md#built-in-sap-analytics-rules-for-monitoring-the-sap-audit-log) are delivered as ready to run out of the box, and allow for further fine tuning using the [SAP_Dynamic_Audit_Log_Monitor_Configuration and SAP_User_Config watchlists](sap-solution-security-content.md#available-watchlists).
+The two [SAP Audit log monitor rules](sap-solution-security-content.md#built-in-sap-analytics-rules-for-monitoring-the-sap-audit-log) are delivered as ready to run out of the box, and allow for further fine tuning using the [SAP_Dynamic_Audit_Log_Monitor_Configuration and SAP_User_Config watchlist](sap-solution-security-content.md#available-watchlists).
 
 ## Anomaly detection
  
@@ -35,7 +35,7 @@ Microsoft Sentinel checks an event or group of events for anomalies. It tries to
 
 With this ability, you can look for anomalies in previously quieted event types, such as user sign-in events. For example, if the user JohnDoe signs in hundreds of times an hour, you can now let Microsoft Sentinel decide if behavior is suspicious. Is this John from accounting, repeatedly refreshing a financial dashboard with multiple data source, or a DDoS attack forming up?
 
-## Set up the SAP - Dynamic Deterministic Audit Log Monitor rule for anomaly detection
+## Set up the SAP - Dynamic Anomaly based Audit Log Monitor Alerts (PREVIEW) rule for anomaly detection
 
 If your SAP audit log data isn't already streaming data into the Microsoft Sentinel workspace, learn how to [deploy the solution](deployment-overview.md).
 
diff --git a/articles/sentinel/whats-new.md b/articles/sentinel/whats-new.md
@@ -25,6 +25,16 @@ If you're looking for items older than six months, you'll find them in the [Arch
 >
 > You can also contribute! Join us in the [Microsoft Sentinel Threat Hunters GitHub community](https://github.com/Azure/Azure-Sentinel/wiki).
 
+## September 2022
+
+### Out of the box anomaly detection on the SAP audit log (Preview)
+
+The SAP audit log records audit and security actions on SAP systems, like failed sign-in attempts or other suspicious actions. You can monitor the SAP audit log using Microsoft Sentinel built-in analytics rules. 
+
+Previously, the existing **SAP - Dynamic Deterministic Audit Log Monitor (PREVIEW)** rule alerts on any SAP audit log events with [minimal configuration](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/microsoft-sentinel-for-sap-news-dynamic-sap-security-audit-log/ba-p/3326842).
+
+The latest version of the Microsoft Sentinel for SAP solution includes the **SAP - Dynamic Anomaly based Audit Log Monitor Alerts (PREVIEW)** rule, providing [anomaly detection](configure-audit-log-rules.md#anomaly-detection) for SAP audit log events. With this feature, you can instruct Microsoft Sentinel to check specific event types deterministically (based on predefined patterns), or to check the event type for anomalies, using the [SAP_Dynamic_Audit_Log_Monitor_Configuration and SAP_User_Config watchlists](sap-solution-security-content.md#available-watchlists) and with no coding required.   
+
 ## August 2022
 
 - [Azure resource entity page (Preview)](#azure-resource-entity-page-preview)
