Merge pull request #296513 from yelevin/yelevin/fix-dns-api-samples

Fix DNS API samples

Author: rmca14

articles/sentinel/connect-dns-ama.md

@@ -1,9 +1,9 @@
 ---
 title: Stream and filter Windows DNS logs with the AMA connector 
-description: Use the AMA connector to upload and filter data from your Windows DNS server logs. You can then dive into your logs to protect your DNS servers from threats and attacks.
+description: Ingest and filter data from your Windows DNS server logs with this data connector. Query this data to protect your DNS servers from threats and attacks.
 author: yelevin
 ms.topic: how-to
-ms.date: 11/11/2024
+ms.date: 03/25/2025
 ms.author: yelevin
 
 #Customer intent: As a security engineer, I want to stream and filter DNS server logs using a cloud-based monitoring agent so that analysts can detect and mitigate potential threats efficiently.
@@ -70,18 +70,20 @@ Use the following example as a template to create or update a DCR:
 
 ### Request URL and header  
 
-```rest
+```http
+PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dataCollectionRuleName}?api-version={latest-supported-version}
+```
 
-PUT 
+For the latest supported API version, see [Data Collection Rules - REST API (Azure Monitor) | Microsoft Learn](/rest/api/monitor/data-collection-rules).
 
-    https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Insights/dataCollectionRules/{dataCollectionRuleName}?api-version=2019-11-01-preview 
-```
- 
-### Request body
+:::image type="content" source="media/connect-dns-ama/windows-dns-ama-connector-dcr-api-version.png" border="false" alt-text="Screenshot of the API version's appearance in the DCR documentation.":::
 
-```rest
+### Request body
 
+```json
 {
+    "location": "eastus2",
+    "kind" : "Windows",
     "properties": {
         "dataSources": {
             "windowsEventLogs": [],
@@ -113,9 +115,9 @@ PUT
         "destinations": {
             "logAnalytics": [
                 {
-                    "workspaceResourceId": "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.OperationalInsights/workspaces/{sentinelWorkspaceName}",
-                    "workspaceId": {WorkspaceGuid}",
-                    "name": "WorkspaceDestination"
+                    "name" : "WorkspaceDestination",
+                    "workspaceId" : "{WorkspaceGuid}",
+                    "workspaceResourceId" : "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.OperationalInsights/workspaces/{sentinelWorkspaceName}"
                 }
             ]
         },
@@ -125,17 +127,12 @@ PUT
                     "Microsoft-ASimDnsActivityLogs"
                 ],
                 "destinations": [
-                    " WorkspaceDestination "
+                    "WorkspaceDestination"
                 ]
             }
         ],
     },
-    "location": "eastus2",
-    "tags": {},
-    "kind": "Windows",
-    "id":"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroup}/providers/Microsoft.Insights/dataCollectionRules/{workspaceName}-microsoft-sentinel-asimdnsactivitylogs ",
-    "name": " {workspaceName}-microsoft-sentinel-asimdnsactivitylogs ",
-    "type": "Microsoft.Insights/dataCollectionRules",
+    "tags" : {}
 }
 ```
 
@@ -203,7 +200,7 @@ This filter instructs the connector not to collect EventID 256 or EventID 257 or
 
 **Using the API**:
 
-```rest
+```json
 "Filters": [
     {
         "FilterName": "SampleFilter",
@@ -260,32 +257,20 @@ To define different values in a single field, use the **OR** operator.
 
 Review these considerations for [using wildcards](#use-wildcards). 
 
-```rest
+```json
 "Filters": [ 
-
     { 
-
         "FilterName": "SampleFilter", 
-
         "Rules": [ 
-
             { 
-
                 "Field": "DnsQuery", 
-
                 "FieldValues": [ 
-
                     "*.microsoft.com", "*.google.com", "facebook.com", "*.amazon.com","center.local"                                                                               
-
-                ] 
-
-            }, 
-
-         } 
-
-    } 
-
-] 
+                ]
+            }
+        ]
+    }
+]
 ```
 
 ## Normalization using ASIM