I've been using an awesome access denied log that I discovered on this site (which I'd link to but can't re-find for the life of me).
The Body.Modified property might work for you.
In my 188.8.131.52 version, I put it after the Antimalware rule and it triggers when a script was stripped out. I have mine logging to a separate modified.log file.
However, I can't find any reason property that describes what or why it was modified.
Body.Modified equals true
Set User-Defined.logLine = DateTime.ToWebReporterString
+ " ""
+ String.ReplaceIfEquals (IP.ToString (Client.IP), "", "-")
+ "" ""
+ "" "
+ List.OfString.ToString (Antimalware.VirusNames<Gateway Anti-Malware: Standard Setting>)
I've created a similar rule but as you say there's no indication of what was modified or why. I've been getting really inconsistent behaviour from the MWG7 in my testing compared to v6... Without the logging I can't work out what's going on and have been holding off upgrading to v7.