Update near-real-time-rules.md

Author: yelevin

articles/sentinel/near-real-time-rules.md

@@ -37,9 +37,7 @@ The following limitations currently govern the use of NRT rules:
 
     (Since the NRT rule type is supposed to approximate **real-time** data ingestion, it doesn't afford you any advantage to use NRT rules on log sources with significant ingestion delay, even if it's far less than 12 hours.)
 
-1. As this type of rule is new, its syntax is currently limited but will gradually evolve. Therefore, at this time the following restrictions are in effect:
-
-    1. The query defined in an NRT rule can reference **only one table**. Queries can, however, refer to multiple watchlists.
+1. The syntax for this type of rule is gradually evolving. At this time the following limitations remain in effect:
 
     1. Because this rule type is in near real time, we have reduced the built-in delay to a minimum (two minutes).
 
@@ -49,6 +47,8 @@ The following limitations currently govern the use of NRT rules:
 
     1. Event grouping is now configurable to a limited degree. NRT rules can produce up to 30 single-event alerts. A rule with a query that results in more than 30 events will produce alerts for the first 29, then a 30th alert that summarizes all the applicable events.
 
+    1. Queries defined in an NRT rule can now reference **more than one table**.
+
 ## Next steps
 
 In this document, you learned how near-real-time (NRT) analytics rules work in Microsoft Sentinel.