Update ExcessiveNXDOMAINDNSQueries.yaml (#1021)

* Update ExcessiveNXDOMAINDNSQueries.yaml fix query * Update ExcessiveNXDOMAINDNSQueries.yaml
2020-08-31 14:53:11 +03:00 · 2020-08-31 14:53:11 +03:00 · 00ee8cf5f0
--- a/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml
+++ b/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml
@ -33,4 +33,4 @@ query: |
      | where isnotempty(ResponseCode)
      | where ResponseCode =~ "NXDOMAIN"
      ) on Client_IP
-  | extend timestamp = TimeGenerated, extend IPCustomEntity = Client_IP
+  | extend timestamp = TimeGenerated, IPCustomEntity = Client_IP