Rulebooks are a collection of rules that determine what type of access is considered a risk. They can contain both SEN and SoD rules. To determine risks, rules use business functions and their related permissions to identify potentially risky access.
This is the companion discussion topic for the documentation at https://documentation.sailpoint.com/access-risk-mgmt/help/rulebooks/understanding_rulebooks.html