adding kind property to exisitng templates

2021-09-29 15:22:39 +03:00 · 2021-09-29 15:22:39 +03:00 · 236af239c5
--- a/Detections/ASimAuthentication/imAuthBruteForce.yaml
+++ b/Detections/ASimAuthentication/imAuthBruteForce.yaml
@ -43,3 +43,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/ASimAuthentication/imAuthPasswordSpray.yaml
+++ b/Detections/ASimAuthentication/imAuthPasswordSpray.yaml
@ -36,4 +36,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.1.0
+version: 1.1.0
+kind: scheduled
--- a/Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml
+++ b/Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml
@ -38,4 +38,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.1.0
-
+kind: scheduled
--- a/Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml
+++ b/Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml
@ -50,3 +50,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/ASimDNS/imDNS_Miners.yaml
+++ b/Detections/ASimDNS/imDNS_Miners.yaml
@ -39,4 +39,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.2.0
+version: 1.2.0
+kind: scheduled
--- a/Detections/ASimDNS/imDNS_TorProxies.yaml
+++ b/Detections/ASimDNS/imDNS_TorProxies.yaml
@ -34,4 +34,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.2.0
+version: 1.2.0
+kind: scheduled
--- a/Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml
+++ b/Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml
@ -66,3 +66,4 @@ customDetails:
  DnsQuery: DnsQuery
  QueryType: QueryType
 version: 1.0.0
+kind: scheduled
--- a/Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml
+++ b/Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml
@ -34,4 +34,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.2.0
+version: 1.2.0
+kind: scheduled
--- a/Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml
+++ b/Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml
@ -48,4 +48,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml
+++ b/Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml
@ -75,3 +75,4 @@ customDetails:
  SubType: SubType 
  DnsQuery: DnsQuery
 version: 1.0.0
+kind: scheduled
--- a/Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml
+++ b/Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml
@ -46,3 +46,4 @@ entityMappings:
      - identifier: Value
        columnName: FileHashCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/ASimProcess/imProcess_AdFind_Usage.yaml
+++ b/Detections/ASimProcess/imProcess_AdFind_Usage.yaml
@ -53,3 +53,4 @@ entityMappings:
      - identifier: Value
        columnName: FileHashCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/ASimProcess/imProcess_NOBELIUM_SuspiciousRundll32Exec.yaml
+++ b/Detections/ASimProcess/imProcess_NOBELIUM_SuspiciousRundll32Exec.yaml
@ -36,4 +36,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-version: 1.1.0
+version: 1.1.0
+kind: scheduled
--- a/Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml
+++ b/Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml
@ -50,4 +50,5 @@ entityMappings:
        columnName: MD5
      - identifier: Value
        columnName: FileHashCustomEntity
-version: 1.1.0
+version: 1.1.0
+kind: scheduled
--- a/Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml
+++ b/Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml
@ -38,4 +38,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-version: 1.1.0
+version: 1.1.0
+kind: scheduled
--- a/Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml
+++ b/Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml
@ -38,4 +38,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-version: 1.1.0
+version: 1.1.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml
+++ b/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml
@ -35,4 +35,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml
+++ b/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml
@ -37,4 +37,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml
+++ b/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml
@ -36,4 +36,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml
+++ b/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml
@ -39,4 +39,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml
+++ b/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml
@ -36,4 +36,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml
+++ b/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml
@ -69,4 +69,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml
+++ b/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml
@ -36,4 +36,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml
+++ b/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml
@ -37,4 +37,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/ADAttacksPathways.yaml
+++ b/Detections/AlsidForAD/ADAttacksPathways.yaml
@ -27,4 +27,5 @@ query: |
  | where MessageType == 0 and Codename in~ (codeNameList)
  | lookup kind=leftouter SeverityTable on Severity
  | order by Level
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/DCShadow.yaml
+++ b/Detections/AlsidForAD/DCShadow.yaml
@ -18,4 +18,5 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "DCShadow"
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/DCSync.yaml
+++ b/Detections/AlsidForAD/DCSync.yaml
@ -18,4 +18,5 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "DCSync"
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/GoldenTicket.yaml
+++ b/Detections/AlsidForAD/GoldenTicket.yaml
@ -18,4 +18,5 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "Golden Ticket"
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/IndicatorsOfAttack.yaml
+++ b/Detections/AlsidForAD/IndicatorsOfAttack.yaml
@ -26,4 +26,5 @@ query: |
    | where MessageType == 2
    | lookup kind=leftouter SeverityTable on Severity
    | order by Level
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/IndicatorsOfExposures.yaml
+++ b/Detections/AlsidForAD/IndicatorsOfExposures.yaml
@ -26,4 +26,5 @@ query: |
    | where MessageType == 0
    | lookup kind=leftouter SeverityTable on Severity
    | order by Level
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/LSASSMemory.yaml
+++ b/Detections/AlsidForAD/LSASSMemory.yaml
@ -18,4 +18,5 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "OS Credential Dumping: LSASS Memory"
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/PasswordGuessing.yaml
+++ b/Detections/AlsidForAD/PasswordGuessing.yaml
@ -18,4 +18,5 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "Password Guessing"
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/PasswordIssues.yaml
+++ b/Detections/AlsidForAD/PasswordIssues.yaml
@ -27,4 +27,5 @@ query: |
  | where MessageType == 0 and Codename in~ (codeNameList)
  | lookup kind=leftouter SeverityTable on Severity
  | order by Level
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/PasswordSpraying.yaml
+++ b/Detections/AlsidForAD/PasswordSpraying.yaml
@ -18,4 +18,5 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "Password Spraying"
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/PrivilegedAccountIssues.yaml
+++ b/Detections/AlsidForAD/PrivilegedAccountIssues.yaml
@ -27,4 +27,5 @@ query: |
  | where MessageType == 0 and Codename in~ (codeNameList)
  | lookup kind=leftouter SeverityTable on Severity
  | order by Level
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/UserAccountIssues.yaml
+++ b/Detections/AlsidForAD/UserAccountIssues.yaml
@ -27,4 +27,5 @@ query: |
  | where MessageType == 0 and Codename in~ (codeNameList)
  | lookup kind=leftouter SeverityTable on Severity
  | order by Level
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/ADFSDomainTrustMods.yaml
+++ b/Detections/AuditLogs/ADFSDomainTrustMods.yaml
@ -57,4 +57,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml
+++ b/Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml
@ -66,4 +66,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml
+++ b/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml
@ -55,4 +55,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/MailPermissionsAddedToApplication.yaml
+++ b/Detections/AuditLogs/MailPermissionsAddedToApplication.yaml
@ -54,4 +54,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml
+++ b/Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml
@ -70,4 +70,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml
+++ b/Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml
@ -70,4 +70,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml
+++ b/Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml
@ -57,4 +57,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/RareApplicationConsent.yaml
+++ b/Detections/AuditLogs/RareApplicationConsent.yaml
@ -78,3 +78,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml
+++ b/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml
@ -68,4 +68,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml
+++ b/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml
@ -58,3 +58,4 @@ entityMappings:
      - identifier: FullName
        columnName: TargetUserPrincipalName
 version: 1.0.1
+kind: scheduled
--- a/Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml
+++ b/Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml
@ -39,4 +39,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml
+++ b/Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml
@ -40,4 +40,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml
+++ b/Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml
@ -45,4 +45,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml
+++ b/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml
@ -61,3 +61,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml
+++ b/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml
@ -43,3 +43,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml
+++ b/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml
@ -46,3 +46,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/AzureActivity/New-CloudShell-User.yaml
+++ b/Detections/AzureActivity/New-CloudShell-User.yaml
@ -34,4 +34,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml
+++ b/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml
@ -46,4 +46,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureActivity/RareOperations.yaml
+++ b/Detections/AzureActivity/RareOperations.yaml
@ -51,3 +51,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/AzureAppServices/AVScan_Failure.yaml
+++ b/Detections/AzureAppServices/AVScan_Failure.yaml
@ -20,3 +20,4 @@ entityMappings:
      - identifier: FullName
        columnName: HostCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml
+++ b/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml
@ -19,4 +19,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml
@ -45,4 +45,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml
@ -27,4 +27,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml
+++ b/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml
@ -30,4 +30,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml
@ -27,4 +27,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml
@ -54,4 +54,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADORetentionReducedto0.yaml
+++ b/Detections/AzureDevOpsAuditing/ADORetentionReducedto0.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml
@ -33,4 +33,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOVariableModifiedByNewUser.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOVariableModifiedByNewUser.yaml
@ -42,4 +42,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml
@ -38,4 +38,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml
@ -39,4 +39,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml
@ -58,4 +58,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml
@ -41,4 +41,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml
@ -56,4 +56,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: DeletingIP
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOServiceConnectionUsage.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOServiceConnectionUsage.yaml
@ -38,4 +38,5 @@ query: |
    Type == "Build", strcat('https://dev.azure.com/', OrganizationName, '/', ProjectName, '/_build?definitionId=', DefId),
    strcat('https://dev.azure.com/', OrganizationName, '/', ProjectName, '/_release?_a=releases&view=mine&definitionId=', DefId))
  | extend timestamp = StartTime
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml
+++ b/Detections/AzureDevOpsAuditing/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml
@ -44,4 +44,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/NewAgentAddedToPoolbyNewUserorofNewOS.yaml
+++ b/Detections/AzureDevOpsAuditing/NewAgentAddedToPoolbyNewUserorofNewOS.yaml
@ -61,4 +61,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml
+++ b/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml
@ -39,4 +39,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml
+++ b/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml
@ -40,4 +40,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml
+++ b/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml
@ -52,4 +52,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml
+++ b/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml
@ -56,4 +56,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml
+++ b/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml
@ -73,4 +73,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml
+++ b/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml
@ -43,4 +43,5 @@ entityMappings:
    fieldMappings:
      - identifier: Url
        columnName: URLCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
@ -33,4 +33,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml
@ -40,4 +40,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml
@ -31,4 +31,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaEmptyUserAgentDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaEmptyUserAgentDetected.yaml
@ -31,4 +31,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml
@ -79,4 +79,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaPowershellUserAgentDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaPowershellUserAgentDetected.yaml
@ -32,4 +32,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaRareUserAgentDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaRareUserAgentDetected.yaml
@ -37,4 +37,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml
@ -50,4 +50,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml
@ -35,4 +35,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml
@ -32,4 +32,5 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniHighRiskBusinessIncidents.yaml
+++ b/Detections/Cognni/CognniHighRiskBusinessIncidents.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniHighRiskFinancialIncidents.yaml
+++ b/Detections/Cognni/CognniHighRiskFinancialIncidents.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniHighRiskGovernanceIncidents.yaml
+++ b/Detections/Cognni/CognniHighRiskGovernanceIncidents.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniHighRiskHRIncidents.yaml
+++ b/Detections/Cognni/CognniHighRiskHRIncidents.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniHighRiskLegalIncidents.yaml
+++ b/Detections/Cognni/CognniHighRiskLegalIncidents.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniLowRiskBusinessIncidents.yaml
+++ b/Detections/Cognni/CognniLowRiskBusinessIncidents.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniLowRiskFinancialIncidents.yaml
+++ b/Detections/Cognni/CognniLowRiskFinancialIncidents.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniLowRiskGovernanceIncidents.yaml
+++ b/Detections/Cognni/CognniLowRiskGovernanceIncidents.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniLowRiskHRIncidents.yaml
+++ b/Detections/Cognni/CognniLowRiskHRIncidents.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniLowRiskLegalIncidents.yaml
+++ b/Detections/Cognni/CognniLowRiskLegalIncidents.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniMediumRiskBusinessIncidents.yaml
+++ b/Detections/Cognni/CognniMediumRiskBusinessIncidents.yaml
@ -28,4 +28,5 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-version: 1.0.0
+version: 1.0.0
+kind: scheduled
--- a/Показать больше
+++ b/Показать больше