tables

Author: AyeshaAz36

docs/threatprevention/7.5/reportingmodule/investigations/auditcompliance.md

@@ -31,16 +31,17 @@ Every report generated by an investigation query displays the same type of infor
 
 By default, this folder contains the following saved investigations:
 
-| Investigation               | Description                                                                   | Filters                                                                                                                                                                                                   |
-| --------------------------- | ----------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| AD Changes                  | All Active Directory changes                                                  | One filter statement set: - Attribute = Event Operation - Operator = Equals - Filter = Active Directory Change                                                                                            |
-| AD Changes by Domain Admins | All Active Directory changes by Domain Admins                                 | Two filter statements set: - Attribute 1 = Event Operation - Operator 1 = Equals - Filter 1 = Active Directory Change AND - Attribute 2 = Tag (Effective) - Operator 2 = Equals - Filter 2 = Domain Admin |
-| AD Logins                   | Active Directory logins including Kerberos and NTLM authentication            | One filter statement set: - Attribute = Event Operation - Operator = Equals - Filter = Active Directory Authentication                                                                                    |
-| All Events                  | New Investigation                                                             | No filters set                                                                                                                                                                                            |
-| Failed AD Logins            | All failed Active Directory logins including Kerberos and NTLM authentication | Two filter statements set: - Attribute 1 = Event Operation - Operator 1 = Equals - Filter 1 = Active Directory Authentication AND - Attribute 2 = Success - Operator 2 = Equals - Filter 2 = false        |
-| LDAP Search                 | All LDAP search events                                                        | One filter statement set: - Attribute = Event Operation - Operator = Equals - Filter = LDAP Search                                                                                                        |
-| Privileged Account Activity | All activity by privileged accounts                                           | One filter statement set: - Attribute = Tag (Direct) - Operator = Equals - Filter = Privileged                                                                                                            |
-| Service Account Activity    | All activity by service accounts                                              | One filter statement set: - Attribute = Tag (Direct) - Operator = Equals - Filter = Service Account                                                                                                       |
-| Watchlist User Activity     | All activity by watchlist users                                               | One filter statement set: - Attribute = Tag (Effective) - Operator = Equals - Filter = Watchlist                                                                                                          |
+| Investigation        | Description         | Filters       |
+| ----------------------- | ----------------- | ------------- |
+| AD Changes             | All Active Directory changes        | One filter statement set: <ul><li>Attribute = Event Operation</li><li>Operator = Equals</li><li>Filter = Active Directory Change</li></ul>       |
+| AD Changes by Domain Admins | All Active Directory changes by Domain Admins                                 | Two filter statements set: <ul><li>Attribute 1 = Event Operation</li><li>Operator 1 = Equals</li><li>Filter 1 = Active Directory Change</li></ul> AND <ul><li>Attribute 2 = Tag (Effective)</li><li>Operator 2 = Equals</li><li>Filter 2 = Domain Admin</li></ul> |
+| AD Logins        | Active Directory logins including Kerberos and NTLM authentication            | One filter statement set: <ul><li>Attribute = Event Operation</li><li>Operator = Equals</li><li>Filter = Active Directory Authentication</li></ul>     |
+| All Events        | New Investigation       | No filters set     |
+| Failed AD Logins            | All failed Active Directory logins including Kerberos and NTLM authentication | Two filter statements set: <ul><li>Attribute 1 = Event Operation</li><li>Operator 1 = Equals</li><li>Filter 1 = Active Directory Authentication</li></ul> AND<ul><li>Attribute 2 = Success</li><li>Operator 2 = Equals</li><li>Filter 2 = false</li></ul>        |
+| LDAP Search                 | All LDAP search events       | One filter statement set: <ul><li>Attribute = Event Operation</li><li>Operator = Equals</li><li>Filter = LDAP Search</li></ul>          |
+| Privileged Account Activity | All activity by privileged accounts          | One filter statement set: <ul><li>Attribute = Tag (Direct)</li><li>Operator = Equals</li><li>Filter = Privileged</li></ul>       |
+| Service Account Activity    | All activity by service accounts       | One filter statement set: <ul><li>Attribute = Tag (Direct)</li><li>Operator = Equals</li><li>Filter = Service Account</li></ul>        |
+| Watchlist User Activity     | All activity by watchlist users         | One filter statement set: <ul><li>Attribute = Tag (Effective)</li><li>Operator = Equals</li><li>Filter = Watchlist</li></ul>      |
+
 
 You can save additional investigations to this folder.