Add tip on passing dynamic parameters

Author: oshezaf

articles/sentinel/dns-normalization-schema.md

@@ -125,6 +125,9 @@ To filter only DNS queries for a specified list of domain names, use:
 let torProxies=dynamic(["tor2web.org", "tor2web.com", "torlink.co",...]);
 _Im_Dns (domain_has_any = torProxies)
 ```
+> [!TIP]
+> To pass a literal list to parameters that expect a dynamic value, explicitly use a [dynamic literal](/azure/data-explorer/kusto/query/scalar-data-types/dynamic#dynamic-literals.md). For example: `dynamic(['192.168.','10.'])`.
+>
 
 ## Normalized content
 

articles/sentinel/network-normalization-schema.md

@@ -81,7 +81,7 @@ The following filtering parameters are available:
 | **eventresult** | String | Filter only network sessions with a specific **EventResult** value. |
 | | | |
 
-For example, to filter only web sessions for a specified list of domain names, use:
+For example, to filter only network sessions for a specified list of domain names, use:
 
 ```kql
 let torProxies=dynamic(["tor2web.org", "tor2web.com", "torlink.co",...]);

articles/sentinel/web-normalization-schema.md

@@ -99,6 +99,10 @@ let torProxies=dynamic(["tor2web.org", "tor2web.com", "torlink.co",...]);
 _Im_WebSession (url_has_any = torProxies)
 ```
 
+> [!TIP]
+> To pass a literal list to parameters that expect a dynamic value, explicitly use a [dynamic literal](/azure/data-explorer/kusto/query/scalar-data-types/dynamic#dynamic-literals.md). For example: `dynamic(['192.168.','10.'])`.
+>
+
 ## Schema details
 
 The Web Session information model is aligned with the [OSSEM Network entity schema](https://github.com/OTRF/OSSEM/blob/master/docs/cdm/entities/network.md) and the [OSSEM HTTP entity schema](https://github.com/OTRF/OSSEM/blob/master/docs/cdm/entities/http.md).