From 13ba1cdf020f9b1561a0554beecdda6513bb69cb Mon Sep 17 00:00:00 2001
From: juliango2100 <42559062+juliango2100@users.noreply.github.com>
Date: Wed, 21 Aug 2019 17:39:27 -0700
Subject: [PATCH] Update AlertsForUser.txt

---
 Hunting Queries/SecurityAlert/AlertsForUser.txt | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/Hunting Queries/SecurityAlert/AlertsForUser.txt b/Hunting Queries/SecurityAlert/AlertsForUser.txt
index 386ca9fda5..36348670c3 100644
--- a/Hunting Queries/SecurityAlert/AlertsForUser.txt	
+++ b/Hunting Queries/SecurityAlert/AlertsForUser.txt	
@@ -1,16 +1,12 @@
 // Name: Alerts related to account
 // Description: Any Alerts that fired related to a given account during the range of +6h and -3d
 //
-// Entity: User
-// Input: Account, UserName
-// Output: Alerts
-//
-// QueryPeriod: +6h and -3d default, change as needed
-//
 // Data Source: SecurityAlert
 //
 // Tactics: #Persistence, #Discovery, #LateralMovement, #Collection
 //
+// Id: 3a72ba65-00fa-4bbc-b246-be1ff3f73ce1
+//
 let GetAllAlertsForUser = (suspiciousEventTime:datetime, v_User:string){
 //-3d and +6h as some alerts fire after accumulation of events
 let v_StartTime = suspiciousEventTime-3d;