Undo changes to API topics

windows/security/threat-protection/microsoft-defender-atp/exposed-apis-full-sample-powershell.md

@@ -32,7 +32,7 @@ In this section we share PowerShell samples to
 
 >**Prerequisite**: You first need to [create an app](apis-intro.md).
 
-## Preparation Instructions
+## Preparation instructions
 
 - Open a PowerShell window.
 - If your policy does not allow you to run the PowerShell commands, you can run the below command:
@@ -99,7 +99,7 @@ Foreach($alert in $alerts)
 
 $commaSeparatedMachines = '"{0}"' -f ($machinesToInvestigate -join '","')
 
-$query = "DeviceNetworkEvents
+$query = "NetworkCommunicationEvents
 | where MachineId in ($commaSeparatedMachines)
 | where RemoteUrl  == `"$suspiciousUrl`"
 | summarize ConnectionsCount = count() by MachineId"

windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-api.md

@@ -81,7 +81,7 @@ Here is an example of the request.
 POST https://api.securitycenter.windows.com/api/advancedqueries/run
 Content-type: application/json
 {
-	"Query":"DeviceProcessEvents  
+	"Query":"ProcessCreationEvents  
 | where InitiatingProcessFileName =~ \"powershell.exe\"
 | where ProcessCommandLine contains \"appdata\"
 | project EventTime, FileName, InitiatingProcessFileName 

windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-powershell.md

@@ -70,7 +70,7 @@ where
 Run the following query:
 
 ```
-$query = 'DeviceRegistryEvents | limit 10' # Paste your own query here
+$query = 'RegistryEvents | limit 10' # Paste your own query here
 
 $url = "https://api.securitycenter.windows.com/api/advancedqueries/run"
 $headers = @{ 

windows/security/threat-protection/microsoft-defender-atp/run-advanced-query-sample-python.md

@@ -73,7 +73,7 @@ where
  Run the following query:
 
 ```
-query = 'DeviceRegistryEvents | limit 10' # Paste your own query here
+query = 'RegistryEvents | limit 10' # Paste your own query here
 
 url = "https://api.securitycenter.windows.com/api/advancedqueries/run"
 headers = {