Merge branch 'more-laa' of https://github.com/batamig/azure-docs-pr into more-laa

batamig · batamig · commit 003fc6377ae9 · 2024-10-01T12:07:22.000+03:00
diff --git a/articles/sentinel/data-connectors/security-events-via-legacy-agent.md b/articles/sentinel/data-connectors/security-events-via-legacy-agent.md
@@ -11,7 +11,6 @@ ms.collection: sentinel-data-connector
 
 # Security Events via Legacy Agent connector for Microsoft Sentinel
 
-<!--should this page also be archived?-->
 You can stream all security events from the Windows machines connected to your Microsoft Sentinel workspace using the Windows agent. This connection enables you to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization’s network and improves your security operation capabilities. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2220093&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).
 
 This is autogenerated content. For changes, contact the solution provider.
diff --git a/articles/sentinel/entities-reference.md b/articles/sentinel/entities-reference.md
@@ -153,7 +153,7 @@ The following section contains a more in-depth look at the full schemas of each
 | **NetBiosName** | String | The host name (pre-Windows 2000). |
 | **IoTDevice** | Entity ([IoT Device](#iot-device)) | The IoT Device entity (if this host represents an IoT Device). |
 | **AzureID** | String | The Azure resource ID of the VM, if known. |
-| **OMSAgentID** | String | The agent ID, if the host has an agent installed. |
+| **OMSAgentID** | String | The OMS agent ID, if the host has OMS agent installed. |
 | **OSFamily** | Enum? | One of the following values: <li>Linux<li>Windows<li>Android<li>IOS<li>Mac |
 | **OSVersion** | String | A free-text representation of the operating system.<br>This field is meant to hold specific versions the are more fine-grained than OSFamily, or future values not supported by OSFamily enumeration. |
 | **IsDomainJoined** | Bool | Indicates whether this host belongs to a domain. |
diff --git a/articles/sentinel/normalization-schema-dns.md b/articles/sentinel/normalization-schema-dns.md
@@ -332,7 +332,12 @@ The changes in version 0.1.7 of the schema are:
 
 The goal of normalizing is to ensure that all sources provide consistent telemetry. A source that doesn't provide the required telemetry, such as mandatory schema fields, cannot be normalized. However, sources that typically provide all required telemetry, even if there are some discrepancies, can be normalized. Discrepancies may affect the completeness of query results.
 
-A known discrepancy includes Corelight Zeek, which may not provide the mandatory DnsQuery field. We have observed such behavior in certain cases in which the DNS response code name is `NXDOMAIN`.
+The following table lists known discrepancies:
+
+| Source | Discrepancies |
+| ------ | ------------- |
+| Microsoft DNS Server Collected using the DNS connector and the Log Analytics Agent | The connector doesn't provide the mandatory DnsQuery field for original event ID 264 (Response to a dynamic update). The data is available at the source, but not forwarded by the connector. |
+| Corelight Zeek | Corelight Zeek may not provide the mandatory DnsQuery field. We have observed such behavior in certain cases in which the DNS response code name is `NXDOMAIN`. |
 
 ## Handling DNS response
 
