From fd6560403517eab103cd6300bc5f63500bb92ef0 Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Wed, 5 Dec 2018 15:26:34 -0800
Subject: [PATCH] edited syntax

---
 ...ication-control-events-centrally-using-advanced-hunting  .md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting  .md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting  .md
index c3cb5b6e67..e37ec6a7c4 100644
--- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting  .md	
+++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting  .md	
@@ -23,7 +23,7 @@ This capability is supported beginning with Windows version 1607.
 
 Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Windows Defender ATP:
 
-```Kusto
+```kusto
 MiscEvents
 | where EventTime > ago(7d) and
 ActionType startswith "AppControl"