Learn Editor: Update run-advanced-query-api.md

anderagto-hub · anderagto-hub · commit e60bb6b15a06 · 2025-07-31T17:15:50.000-06:00
diff --git a/defender-endpoint/api/run-advanced-query-api.md b/defender-endpoint/api/run-advanced-query-api.md
@@ -105,13 +105,11 @@ POST https://api.securitycenter.microsoft.com/api/advancedqueries/run
 ```
 
 ```json
+
 {
-    "Query":"DeviceProcessEvents
-|where InitiatingProcessFileName =~ 'powershell.exe'
-|where ProcessCommandLine contains 'appdata'
-|project Timestamp, FileName, InitiatingProcessFileName, DeviceId
-|limit 2"
+    "Query":"DeviceProcessEvents |where InitiatingProcessFileName =~ 'powershell.exe' |where ProcessCommandLine contains 'appdata'|project Timestamp, FileName, InitiatingProcessFileName, DeviceId|limit 2"
 }
+
 ```
 
 ### Response example
