diff --git a/docs/user/security/audit-logging.asciidoc b/docs/user/security/audit-logging.asciidoc
index 58f61b79f3ba6..58677141ab0c8 100644
--- a/docs/user/security/audit-logging.asciidoc
+++ b/docs/user/security/audit-logging.asciidoc
@@ -213,6 +213,10 @@ Refer to the corresponding {es} logs for potential write errors.
 | `success` | User has accessed a rule.
 | `failure` | User is not authorized to access a rule.
 
+.2+| `rule_get_execution_log`
+| `success` | User has accessed execution log for a rule.
+| `failure` | User is not authorized to access execution log for a rule.
+
 .2+| `rule_find`
 | `success` | User has accessed a rule as part of a search operation.
 | `failure` | User is not authorized to search for rules.
diff --git a/x-pack/plugins/alerting/server/rules_client/audit_events.ts b/x-pack/plugins/alerting/server/rules_client/audit_events.ts
index a789a5ae6bfca..22820a162db54 100644
--- a/x-pack/plugins/alerting/server/rules_client/audit_events.ts
+++ b/x-pack/plugins/alerting/server/rules_client/audit_events.ts
@@ -45,7 +45,7 @@ const eventVerbs: Record<RuleAuditAction, VerbsTuple> = {
   rule_aggregate: ['access', 'accessing', 'accessed'],
   rule_get_execution_log: [
     'access execution log for',
-    'accessing executiog log for',
+    'accessing execution log for',
     'accessed execution log for',
   ],
 };