diff --git a/scripts/bzar_config_options.zeek b/scripts/bzar_config_options.zeek
index 933e84e..ce57d05 100644
--- a/scripts/bzar_config_options.zeek
+++ b/scripts/bzar_config_options.zeek
@@ -383,6 +383,9 @@ export
 
 	# 1- SumStats Analytics for ATTACK::Lateral_Movement_and_Execution
 
+	## BZAR uses SumStats to detect co-occurrence of lateral movement and file
+	## execution. This interval controls how closely in time the two need to
+	## co-occur.
 	option bzar1_epoch = 10min;
 	option bzar1_limit = 1001.0; # SMB_WRITE == 1; RPC_EXEC == 1000;
 
@@ -390,14 +393,28 @@ export
 	#    Use threshold vector for greater fidelity and to assist in tuning
 	#    the threshold for each unique environment.
 
+	## BZAR uses SumStats to track multiple lateral movement events and trigger
+	## notices when exceeding thresholds. This interval controls how closely in
+	## time the events need to occur.
 	option bzar2_epoch = 5min;
+
+	## A comma-separated list of unsigned integers that define the thresholds
+	## of lateral movement events per observation interval at which to trigger
+	## notices. These must be sorted in increasing order.
 	option bzar2_limit = vector(5.0, 10.0, 15.0, 20.0, 30.0, 40.0, 50.0, 100.0);
 
 	# 3- SumStats Analytics for ATTACK::Discovery
 	#    Use threshold vector for greater fidelity and to assist in tuning
 	#    the threshold for each unique environment.
 
+	## BZAR uses SumStats to track multiple infrastructure discovery events and
+	## trigger notices when exceeding thresholds. This interval, in seconds,
+	## controls how closely in time the events need to occur.
 	option bzar3_epoch = 5min;
+
+	## A comma-separated list of unsigned integers that define the thresholds
+	## of discovery events per observation interval at which to trigger
+	## notices. These must be sorted in increasing order.
 	option bzar3_limit = vector(5.0, 10.0, 15.0, 20.0, 30.0, 40.0, 50.0, 100.0);
 }
 #end export
diff --git a/scripts/main.zeek b/scripts/main.zeek
index f167d97..e4b5e84 100644
--- a/scripts/main.zeek
+++ b/scripts/main.zeek
@@ -32,15 +32,38 @@ export
 
 	redef enum Notice::Type +=
 	{
+		## DCE-RPC Credential Access was observed.
 		ATTACK::Credential_Access,
+
+		## DCE-RPC Defense Evasion was observed.
 		ATTACK::Defense_Evasion,
+
+		## Detected T1077 Admin File Share activity - multiple instances of
+		## DCE-RPC Discovery indicators are observed originating from the
+		## same host within a specified period of time.
 		ATTACK::Discovery,
+
+		## DCE-RPC Remote Execution was observed.
 		ATTACK::Execution,
+
+		## DEC-RPC calls associated with system shutdown/reboot observed.
 		ATTACK::Impact,
+
+		## SMB::FILE_WRITE to admin file share.
 		ATTACK::Lateral_Movement,
+
+		## Detected T1077 Admin File Share activity - at least one RPC_EXEC and
+		## one SMB_WRITE was observed.
 		ATTACK::Lateral_Movement_and_Execution,
+
+		## Saved a copy of the file written to SMB admin file share.
 		ATTACK::Lateral_Movement_Extracted_File,
+
+		## Detected T1077 Admin File Share activity - multiple SMB Lateral
+		## Movement indicators are observed originating from the same host.
 		ATTACK::Lateral_Movement_Multiple_Attempts,
+
+		## DCE-RPC Persistence was observed.
 		ATTACK::Persistence,
 	};