Apply suggestions from code review

batamig · web-flow · commit bb09a61695e4 · 2024-10-01T12:07:14.000+03:00
diff --git a/articles/sentinel/entities-reference.md b/articles/sentinel/entities-reference.md
@@ -153,7 +153,7 @@ The following section contains a more in-depth look at the full schemas of each
 | **NetBiosName** | String | The host name (pre-Windows 2000). |
 | **IoTDevice** | Entity ([IoT Device](#iot-device)) | The IoT Device entity (if this host represents an IoT Device). |
 | **AzureID** | String | The Azure resource ID of the VM, if known. |
-| **OMSAgentID** | String | The agent ID, if the host has an agent installed. |
+| **OMSAgentID** | String | The OMS agent ID, if the host has OMS agent installed. |
 | **OSFamily** | Enum? | One of the following values: <li>Linux<li>Windows<li>Android<li>IOS<li>Mac |
 | **OSVersion** | String | A free-text representation of the operating system.<br>This field is meant to hold specific versions the are more fine-grained than OSFamily, or future values not supported by OSFamily enumeration. |
 | **IsDomainJoined** | Bool | Indicates whether this host belongs to a domain. |
diff --git a/articles/sentinel/normalization-schema-dns.md b/articles/sentinel/normalization-schema-dns.md
@@ -332,7 +332,12 @@ The changes in version 0.1.7 of the schema are:
 
 The goal of normalizing is to ensure that all sources provide consistent telemetry. A source that doesn't provide the required telemetry, such as mandatory schema fields, cannot be normalized. However, sources that typically provide all required telemetry, even if there are some discrepancies, can be normalized. Discrepancies may affect the completeness of query results.
 
-A known discrepancy includes Corelight Zeek, which may not provide the mandatory DnsQuery field. We have observed such behavior in certain cases in which the DNS response code name is `NXDOMAIN`.
+The following table lists known discrepancies:
+
+| Source | Discrepancies |
+| ------ | ------------- |
+| Microsoft DNS Server Collected using the DNS connector and the Log Analytics Agent | The connector doesn't provide the mandatory DnsQuery field for original event ID 264 (Response to a dynamic update). The data is available at the source, but not forwarded by the connector. |
+| Corelight Zeek | Corelight Zeek may not provide the mandatory DnsQuery field. We have observed such behavior in certain cases in which the DNS response code name is `NXDOMAIN`. |
 
 ## Handling DNS response
 
