fixes location bugs 148303 and 148305

Author: Ken Lawson

learn-pr/wwl-sci/query-logs-azure-sentinel/includes/4-understand-common-tables.md

@@ -2,14 +2,14 @@ When Sentinel ingests data from the Data Connectors, the following table lists t
 
 | Table| Description|
 | :--- | :--- |
-| AzureActivity| Entries from the Azure Activity log that provides insight into any subscription-level or management group level events that have occurred in Azure.|
-| AzureDiagnostics| Stores resource logs for Azure services that use Azure Diagnostics mode. Resource logs describe the internal operation of Azure resources.|
-| AuditLogs| Audit log for Microsoft Entra ID. Includes system activity information about user and group management, managed applications, and directory activities.|
-| CommonSecurityLog| Syslog messages using the Common Event Format (CEF).|
-| McasShadowItReporting| Microsoft Defender for Cloud Apps logs|
-| OfficeActivity| Audit logs for Office 365 tenants collected by Microsoft Sentinel. Including Exchange, SharePoint and Teams logs.|
-| SecurityEvent| Security events collected from windows machines by Azure Security Center or Microsoft Sentinel|
-| SigninLogs| Azure Activity Directory Sign-in logs|
-| Syslog| Syslog events on Linux computers using the Log Analytics agent.|
-| Event| Sysmon Events collected from a Windows host.|
-| WindowsFirewall| Windows Firewall Events|
+| `AzureActivity`| Entries from the Azure Activity log that provides insight into any subscription-level or management group level events that have occurred in Azure.|
+| `AzureDiagnostics`| Stores resource logs for Azure services that use Azure Diagnostics mode. Resource logs describe the internal operation of Azure resources.|
+| `AuditLogs`| Audit log for Microsoft Entra ID. Includes system activity information about user and group management, managed applications, and directory activities.|
+| `CommonSecurityLog`| Syslog messages using the Common Event Format (CEF).|
+| `McasShadowItReporting`| Microsoft Defender for Cloud Apps logs|
+| `OfficeActivity`| Audit logs for Office 365 tenants collected by Microsoft Sentinel. Including Exchange, SharePoint and Teams logs.|
+| `SecurityEvent`| Security events collected from windows machines by Azure Security Center or Microsoft Sentinel|
+| `SigninLogs`| Azure Activity Directory Sign-in logs|
+| `Syslog`| Syslog events on Linux computers using the Log Analytics agent.|
+| `Event`| Sysmon Events collected from a Windows host.|
+| `WindowsFirewall`| Windows Firewall Events|

learn-pr/wwl-sci/query-logs-azure-sentinel/includes/5-understand-microsoft-365-defender-tables.md

@@ -3,24 +3,22 @@ The Microsoft Defender XDR Sentinel Data Connector can populate tables with raw
 
 | Table name| Description|
 | :--- | :--- |
-| AlertEvidence| Files, IP addresses, URLs, users, or devices associated with alerts|
-| CloudAppEvents| Events involving accounts and objects in Office 365 and other cloud apps and services|
-| DeviceEvents| Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection|
-| DeviceFileCertificateInfo| Certificate information of signed files obtained from certificate verification events on endpoints|
-| DeviceFileEvents| File creation, modification, and other file system events|
-| DeviceImageLoadEvents| DLL loading events|
-| DeviceInfo| Machine information, including OS information|
-| DeviceLogonEvents| Sign-ins and other authentication events on devices|
-| DeviceNetworkEvents| Network connection and related events|
-| DeviceNetworkInfo| Network properties of devices, including physical adapters, IP and MAC addresses, as well as connected networks and domains|
-| DeviceProcessEvents| Process creation and related events|
-| DeviceRegistryEvents| Creation and modification of registry entries|
-| EmailEvents| Microsoft 365 email events, including email delivery and blocking events|
-| EmailPostDeliveryEvents| Security events that occur post-delivery, after Microsoft 365 has delivered the emails to the recipient mailbox|
-| EmailUrlInfo| Information about URLs on emails|
-|EmailAttachmentInfo| Information about files attached to Office 365 emails|
-| IdentityDirectoryEvents| Events involving an on-premises domain controller running Active Directory (AD). This table covers a range of identity-related events and system events on the domain controller.|
-| IdentityLogonEvents| Authentication events on Active Directory and Microsoft online services|
-| IdentityQueryEvents| Queries for Active Directory objects, such as users, groups, devices, and domains|
-
-
+| `AlertEvidence`| Files, IP addresses, URLs, users, or devices associated with alerts|
+| `CloudAppEvents`| Events involving accounts and objects in Office 365 and other cloud apps and services|
+| `DeviceEvents`| Multiple event types, including events triggered by security controls such as Windows Defender Antivirus and exploit protection|
+| `DeviceFileCertificateInfo`| Certificate information of signed files obtained from certificate verification events on endpoints|
+| `DeviceFileEvents`| File creation, modification, and other file system events|
+| `DeviceImageLoadEvents`| DLL loading events|
+| `DeviceInfo`| Machine information, including OS information|
+| `DeviceLogonEvents`| Sign-ins and other authentication events on devices|
+| `DeviceNetworkEvents`| Network connection and related events|
+| `DeviceNetworkInfo`| Network properties of devices, including physical adapters, IP and MAC addresses, as well as connected networks and domains|
+| `DeviceProcessEvents`| Process creation and related events|
+| `DeviceRegistryEvents`| Creation and modification of registry entries|
+| `EmailEvents`| Microsoft 365 email events, including email delivery and blocking events|
+| `EmailPostDeliveryEvents`| Security events that occur post-delivery, after Microsoft 365 has delivered the emails to the recipient mailbox|
+| `EmailUrlInfo`| Information about URLs on emails|
+|`EmailAttachmentInfo`| Information about files attached to Office 365 emails|
+| `IdentityDirectoryEvents`| Events involving an on-premises domain controller running Active Directory (AD). This table covers a range of identity-related events and system events on the domain controller.|
+| `IdentityLogonEvents`| Authentication events on Active Directory and Microsoft online services|
+| `IdentityQueryEvents`| Queries for Active Directory objects, such as users, groups, devices, and domains|