Update custom_rules.md (DataDog#23326)

Author: michaelcretzman

content/en/security/threats/workload_security_rules/custom_rules.md

@@ -48,7 +48,7 @@ To use the simple rule creator:
 
 1. In [Agent Configuration][4] or [Threat Detection Rules][3], select **New Rule**, and then select **Simple rule creator**.
 2. Define the detection. To monitor your resource effectively, you have the following detection type options:
-   - To detect unauthorized changes to files, select **File integrity monitoring (FIM)**.
+   - To detect nonstandard and suspicious changes to files, select **File integrity monitoring (FIM)**.
    - To track and analyze system software processes for malicious behavior or policy violations, select **Process activity monitoring**.
    - Enter the file/process names or paths to monitor. 
 3. Specify more conditions. Enter any arguments to add to the threat rule expression. For example, the argument `foo` is added as `process.argv in ["foo"]`.
@@ -196,4 +196,4 @@ To disable a default Agent rule, navigate to the [**Agent Configuration**][6] pa
 [7]: /security/threats/workload_security_rules
 [8]: /security/threats/
 [9]: /security/cloud_siem/log_detection_rules/?tab=threshold#set-a-rule-case
-[10]: https://app.datadoghq.com/notebook/list?type=runbook
+[10]: https://app.datadoghq.com/notebook/list?type=runbook