Minor edits before publishing

windows/security/threat-protection/windows-defender-application-control/wdac-wizard-parsing-event-logs.md

@@ -29,14 +29,14 @@ ms.technology: itpro-security
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-As of [version 2.2.0.0](https://webapp-wdac-wizard.azurewebsites.net/archives.html), the WDAC Wizard supports creating WDAC policy rules the follow: 
+As of [version 2.2.0.0](https://webapp-wdac-wizard.azurewebsites.net/archives.html), the WDAC Wizard supports creating WDAC policy rules from the following event log types: 
 
-1. The WDAC event log events on the system
+1. [The WDAC event log events on the system](#WDAC-Event-Viewer-Log-Parsing)
-2. Exported .EVTX log files from any system
+2. [Exported .EVTX log files from any system](#WDAC-Event-Log-File-Parsing)
-3. Exported WDAC events from [MDE Advanced Hunting](querying-application-control-events-centrally-using-advanced-hunting.md) WDAC events
+3. [Exported WDAC events from MDE Advanced Hunting WDAC events](#MDE-Advanced-Hunting-WDAC-Event-Parsing)
 
 
-## WDAC Event Log File Parsing
+## WDAC Event Viewer Log Parsing
 
 To create rules from the WDAC event logs on the system:
 
@@ -50,7 +50,7 @@ The Wizard will parse the relevant audit and block events from the CodeIntegrity
 > ![Parse WDAC and AppLocker event log system events](images/wdac-wizard-event-log-system.png)
 
 4. Select the Next button to navigate to the table of software to view the audit and block events and create rules from
-5. <Link to generic parsing instructions>
+5. [Generate rules from the events](#Creating-Policy-Rules-from-the-Events)
 
 ## WDAC Event Log File Parsing
 
@@ -66,14 +66,14 @@ The Wizard will parse the relevant audit and block events from the selected log
 > [!div class="mx-imgBorder"]
 > ![Parse evtx file WDAC events](images/wdac-wizard-event-log-files.png)
 
-4. Select the Next button to navigate to the table of software to view the audit and block events and create rules from
+5. Select the Next button to navigate to the table of software to view the audit and block events and create rules from
-5. <Link to generic parsing instructions>
+6. [Generate rules from the events](#Creating-Policy-Rules-from-the-Events)
 
 ## MDE Advanced Hunting WDAC Event Parsing
 
 To create rules from the WDAC events in [MDE Advanced Hunting](querying-application-control-events-centrally-using-advanced-hunting.md):
 
-1. Export the WDAC events from MDE Advanced Hunting. **The Wizard requires the following fields** in the Advanced Hunting csv file export: 
+1. Navigate to the Advanced Hunting section within the MDE console and query the WDAC events. **The Wizard requires the following fields** in the Advanced Hunting csv file export: 
 
 ```KQL
 | project Timestamp, DeviceId, DeviceName, ActionType, FileName, FolderPath, SHA1, SHA256, IssuerName, IssuerTBSHash, PublisherName, PublisherTBSHash, AuthenticodeHash, PolicyId, PolicyName
@@ -114,22 +114,22 @@ The Wizard will parse the relevant audit and block events from the selected Adva
 > ![Parse the Advanced Hunting CSV WDAC event files](images/wdac-wizard-event-log-mde-ah-parsing.png)
 
 7. Select the Next button to navigate to the table of software to view the audit and block events and create rules from
-8. <Link to generic parsing instructions>
+8. [Generate rules from the events](#Creating-Policy-Rules-from-the-Events)
 
 
 ## Creating Policy Rules from the Events
 
-On the "Configure Event Log Rules" page, the unique log events will be shown in the table. Event Ids, filenames, product names, the policy name that audited or blocked the file, as well as the file publisher is shown in the table. The table can be sorted alphabetically by clicking on any of the headers. 
+On the "Configure Event Log Rules" page, the unique WDAC log events will be shown in the table. Event Ids, filenames, product names, the policy name that audited or blocked the file, as well as the file publisher are all shown in the table. The table can be sorted alphabetically by clicking on any of the headers. 
 
-To create a rule: 
+To create a rule and add it to the WDAC policy: 
 
 1. Select an audit or block event in the table by selecting the row of interest
-2. Select a rule type from the dropdown. The supported types are: Publisher, Path, File Attribute, Packaged App or Hash rules
+2. Select a rule type from the dropdown. The Wizard supports creating Publisher, Path, File Attribute, Packaged App and Hash rules
-3. Select the attributes and fields that should be added to the policy rules using the checkboxes provider per rule type
+3. Select the attributes and fields that should be added to the policy rules using the checkboxes provider for the rule type
-4. Select the **Add Allow Rule** button to add the configured rule to the policy generated by the Wizard. The "Added to policy" label will be added to the selected row confirming that the rule will be generated in the WDAC policy
+4. Select the **Add Allow Rule** button to add the configured rule to the policy generated by the Wizard. The "Added to policy" label will be added to the selected row confirming that the rule will be generated
 
 > [!div class="mx-imgBorder"]
-> ![Adding a publisher WDAC rule to the policy](images/wdac-wizard-event-rule-creation.png)
+> ![Adding a publisher rule to the WDAC policy](images/wdac-wizard-event-rule-creation.png)
 
 5. Select the **Next** button to output the policy. Once generated, the event log policy should be merged with your base or supplemental policies. It is not recommended to deploy the event log policy on its own, as it likely lacks rules to authorize Windows and may cause blue screens