Advanced Hunting - Fix code samples after WDATP service change

windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell.md

@@ -98,7 +98,7 @@ $query = "NetworkCommunicationEvents
 
 $queryUrl = "https://api.securitycenter.windows.com/advancedqueries/query"
 
-$queryBody = ConvertTo-Json -InputObject $query
+$queryBody = ConvertTo-Json -InputObject @{ 'Query' = $query }
 $queryResponse = Invoke-WebRequest -Method Post -Uri $queryUrl -Headers $headers -Body $queryBody -ErrorAction Stop
 $response =  ($queryResponse | ConvertFrom-Json).Results
 $response

windows/security/threat-protection/windows-defender-atp/run-advanced-query-api.md

@@ -77,11 +77,11 @@ Here is an example of the request.
 POST https://api.securitycenter.windows.com/advancedqueries/query
 Content-type: application/json
 {
-  "ProcessCreationEvents  
+	"Query":"ProcessCreationEvents  
 | where InitiatingProcessFileName =~ \"powershell.exe\"
 | where ProcessCommandLine contains \"appdata\"
 | project EventTime, FileName, InitiatingProcessFileName 
-| limit 2"​
+| limit 2"
 }
 ```
 

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md

@@ -65,7 +65,7 @@ If you want to use **user token** instead please refer to [this](run-advanced-qu
 			AdvancedHuntingUrl, 
 			[
 				Headers = [#"Content-Type"="application/json", #"Accept"="application/json", #"Authorization"=Bearer],
-				Content=Json.FromValue(Query)
+				Content=Json.FromValue([#"Query"=Query])
 			]
 		)),
 

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-powershell.md

@@ -71,7 +71,7 @@ $headers = @{
 	Accept = 'application/json'
 	Authorization = "Bearer $aadToken" 
 }
-$body = ConvertTo-Json -InputObject $query
+$body = ConvertTo-Json -InputObject @{ 'Query' = $query }
 $webResponse = Invoke-WebRequest -Method Post -Uri $url -Headers $headers -Body $body -ErrorAction Stop
 $response =  $webResponse | ConvertFrom-Json
 $results = $response.Results

windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md

@@ -74,7 +74,7 @@ headers = {
 	'Authorization' : "Bearer " + aadToken
 }
 
-data = json.dumps(query).encode("utf-8")
+data = json.dumps({ 'Query' : query }).encode("utf-8")
 
 req = urllib.request.Request(url, data, headers)
 response = urllib.request.urlopen(req)