From a3bdefe6e9ec4cb97f42f0fe0193fd6b9ee7a197 Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Wed, 5 Dec 2018 12:12:14 -0800
Subject: [PATCH] changed syntax highlight

---
 ...ication-control-events-centrally-using-advanced-hunting  .md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting  .md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting  .md
index df80d3bdec..e37ec6a7c4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting  .md	
+++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting  .md	
@@ -23,7 +23,7 @@ This capability is supported beginning with Windows version 1607.
 
 Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Windows Defender ATP:
 
-```cs
+```kusto
 MiscEvents
 | where EventTime > ago(7d) and
 ActionType startswith "AppControl"