adding kind property to exisitng templates

2021-09-29 15:22:39 +03:00 · 2021-09-29 15:22:39 +03:00 · 236af239c5
--- a/Detections/ASimAuthentication/imAuthBruteForce.yaml
+++ b/Detections/ASimAuthentication/imAuthBruteForce.yaml
@ -43,3 +43,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/ASimAuthentication/imAuthPasswordSpray.yaml
+++ b/Detections/ASimAuthentication/imAuthPasswordSpray.yaml
@ -37,3 +37,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml
+++ b/Detections/ASimAuthentication/imAuthSigninsMultipleCountries.yaml
@ -38,4 +38,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.1.0
-
+kind: scheduled
--- a/Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml
+++ b/Detections/ASimAuthentication/imSigninAttemptsByIPviaDisabledAccounts.yaml
@ -50,3 +50,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/ASimDNS/imDNS_Miners.yaml
+++ b/Detections/ASimDNS/imDNS_Miners.yaml
@ -40,3 +40,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.2.0
+kind: scheduled
--- a/Detections/ASimDNS/imDNS_TorProxies.yaml
+++ b/Detections/ASimDNS/imDNS_TorProxies.yaml
@ -35,3 +35,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.2.0
+kind: scheduled
--- a/Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml
+++ b/Detections/ASimDNS/imDns_DomainEntity_DnsEvents.yaml
@ -66,3 +66,4 @@ customDetails:
  DnsQuery: DnsQuery
  QueryType: QueryType
 version: 1.0.0
+kind: scheduled
--- a/Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml
+++ b/Detections/ASimDNS/imDns_ExcessiveNXDOMAINDNSQueries.yaml
@ -35,3 +35,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.2.0
+kind: scheduled
--- a/Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml
+++ b/Detections/ASimDNS/imDns_HighNXDomainCount_detection.yaml
@ -49,3 +49,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml
+++ b/Detections/ASimDNS/imDns_IPEntity_DnsEvents.yaml
@ -75,3 +75,4 @@ customDetails:
  SubType: SubType 
  DnsQuery: DnsQuery
 version: 1.0.0
+kind: scheduled
--- a/Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml
+++ b/Detections/ASimFileEvent/imFileESolarWindsSunburstSupernova.yaml
@ -46,3 +46,4 @@ entityMappings:
      - identifier: Value
        columnName: FileHashCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/ASimProcess/imProcess_AdFind_Usage.yaml
+++ b/Detections/ASimProcess/imProcess_AdFind_Usage.yaml
@ -53,3 +53,4 @@ entityMappings:
      - identifier: Value
        columnName: FileHashCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/ASimProcess/imProcess_NOBELIUM_SuspiciousRundll32Exec.yaml
+++ b/Detections/ASimProcess/imProcess_NOBELIUM_SuspiciousRundll32Exec.yaml
@ -37,3 +37,4 @@ entityMappings:
      - identifier: FullName
        columnName: HostCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml
+++ b/Detections/ASimProcess/imProcess_SolarWinds_SUNBURST_Process-IOCs.yaml
@ -51,3 +51,4 @@ entityMappings:
      - identifier: Value
        columnName: FileHashCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml
+++ b/Detections/ASimProcess/imProcess_base64_encoded_pefile.yaml
@ -39,3 +39,4 @@ entityMappings:
      - identifier: FullName
        columnName: HostCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml
+++ b/Detections/ASimProcess/imProcess_malware_in_recyclebin.yaml
@ -39,3 +39,4 @@ entityMappings:
      - identifier: FullName
        columnName: HostCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml
+++ b/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml
@ -36,3 +36,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml
+++ b/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml
@ -38,3 +38,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml
+++ b/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml
@ -37,3 +37,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml
+++ b/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml
@ -40,3 +40,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml
+++ b/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml
@ -37,3 +37,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml
+++ b/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml
@ -70,3 +70,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml
+++ b/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml
@ -37,3 +37,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml
+++ b/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml
@ -38,3 +38,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/ADAttacksPathways.yaml
+++ b/Detections/AlsidForAD/ADAttacksPathways.yaml
@ -28,3 +28,4 @@ query: |
  | lookup kind=leftouter SeverityTable on Severity
  | order by Level
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/DCShadow.yaml
+++ b/Detections/AlsidForAD/DCShadow.yaml
@ -19,3 +19,4 @@ query: |
    afad_parser
    | where MessageType == 2 and Codename == "DCShadow"
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/DCSync.yaml
+++ b/Detections/AlsidForAD/DCSync.yaml
@ -19,3 +19,4 @@ query: |
    afad_parser
    | where MessageType == 2 and Codename == "DCSync"
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/GoldenTicket.yaml
+++ b/Detections/AlsidForAD/GoldenTicket.yaml
@ -19,3 +19,4 @@ query: |
    afad_parser
    | where MessageType == 2 and Codename == "Golden Ticket"
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/IndicatorsOfAttack.yaml
+++ b/Detections/AlsidForAD/IndicatorsOfAttack.yaml
@ -27,3 +27,4 @@ query: |
    | lookup kind=leftouter SeverityTable on Severity
    | order by Level
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/IndicatorsOfExposures.yaml
+++ b/Detections/AlsidForAD/IndicatorsOfExposures.yaml
@ -27,3 +27,4 @@ query: |
    | lookup kind=leftouter SeverityTable on Severity
    | order by Level
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/LSASSMemory.yaml
+++ b/Detections/AlsidForAD/LSASSMemory.yaml
@ -19,3 +19,4 @@ query: |
    afad_parser
    | where MessageType == 2 and Codename == "OS Credential Dumping: LSASS Memory"
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/PasswordGuessing.yaml
+++ b/Detections/AlsidForAD/PasswordGuessing.yaml
@ -19,3 +19,4 @@ query: |
    afad_parser
    | where MessageType == 2 and Codename == "Password Guessing"
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/PasswordIssues.yaml
+++ b/Detections/AlsidForAD/PasswordIssues.yaml
@ -28,3 +28,4 @@ query: |
  | lookup kind=leftouter SeverityTable on Severity
  | order by Level
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/PasswordSpraying.yaml
+++ b/Detections/AlsidForAD/PasswordSpraying.yaml
@ -19,3 +19,4 @@ query: |
    afad_parser
    | where MessageType == 2 and Codename == "Password Spraying"
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/PrivilegedAccountIssues.yaml
+++ b/Detections/AlsidForAD/PrivilegedAccountIssues.yaml
@ -28,3 +28,4 @@ query: |
  | lookup kind=leftouter SeverityTable on Severity
  | order by Level
 version: 1.0.0
+kind: scheduled
--- a/Detections/AlsidForAD/UserAccountIssues.yaml
+++ b/Detections/AlsidForAD/UserAccountIssues.yaml
@ -28,3 +28,4 @@ query: |
  | lookup kind=leftouter SeverityTable on Severity
  | order by Level
 version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/ADFSDomainTrustMods.yaml
+++ b/Detections/AuditLogs/ADFSDomainTrustMods.yaml
@ -58,3 +58,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml
+++ b/Detections/AuditLogs/CredentialAddedAfterAdminConsent.yaml
@ -67,3 +67,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml
+++ b/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml
@ -56,3 +56,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/MailPermissionsAddedToApplication.yaml
+++ b/Detections/AuditLogs/MailPermissionsAddedToApplication.yaml
@ -55,3 +55,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml
+++ b/Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml
@ -71,3 +71,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml
+++ b/Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml
@ -71,3 +71,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml
+++ b/Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml
@ -58,3 +58,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/RareApplicationConsent.yaml
+++ b/Detections/AuditLogs/RareApplicationConsent.yaml
@ -78,3 +78,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml
+++ b/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml
@ -69,3 +69,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml
+++ b/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml
@ -58,3 +58,4 @@ entityMappings:
      - identifier: FullName
        columnName: TargetUserPrincipalName
 version: 1.0.1
+kind: scheduled
--- a/Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml
+++ b/Detections/AzureActivity/AADHybridHealthADFSNewServer.yaml
@ -40,3 +40,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml
+++ b/Detections/AzureActivity/AADHybridHealthADFSServiceDelete.yaml
@ -41,3 +41,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml
+++ b/Detections/AzureActivity/AADHybridHealthADFSSuspApp.yaml
@ -46,3 +46,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml
+++ b/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml
@ -61,3 +61,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml
+++ b/Detections/AzureActivity/Creation_of_Expensive_Computes_in_Azure.yaml
@ -43,3 +43,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml
+++ b/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml
@ -46,3 +46,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/AzureActivity/New-CloudShell-User.yaml
+++ b/Detections/AzureActivity/New-CloudShell-User.yaml
@ -35,3 +35,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml
+++ b/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml
@ -47,3 +47,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureActivity/RareOperations.yaml
+++ b/Detections/AzureActivity/RareOperations.yaml
@ -51,3 +51,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.1.0
+kind: scheduled
--- a/Detections/AzureAppServices/AVScan_Failure.yaml
+++ b/Detections/AzureAppServices/AVScan_Failure.yaml
@ -20,3 +20,4 @@ entityMappings:
      - identifier: FullName
        columnName: HostCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml
+++ b/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml
@ -20,3 +20,4 @@ entityMappings:
      - identifier: FullName
        columnName: HostCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml
@ -46,3 +46,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml
@ -28,3 +28,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml
+++ b/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml
@ -31,3 +31,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml
@ -28,3 +28,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml
@ -55,3 +55,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADORetentionReducedto0.yaml
+++ b/Detections/AzureDevOpsAuditing/ADORetentionReducedto0.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml
@ -34,3 +34,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ADOVariableModifiedByNewUser.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOVariableModifiedByNewUser.yaml
@ -43,3 +43,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml
@ -39,3 +39,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml
@ -40,3 +40,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml
@ -59,3 +59,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml
@ -42,3 +42,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml
@ -57,3 +57,4 @@ entityMappings:
      - identifier: Address
        columnName: DeletingIP
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/AzDOServiceConnectionUsage.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOServiceConnectionUsage.yaml
@ -39,3 +39,4 @@ query: |
    strcat('https://dev.azure.com/', OrganizationName, '/', ProjectName, '/_release?_a=releases&view=mine&definitionId=', DefId))
  | extend timestamp = StartTime
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml
+++ b/Detections/AzureDevOpsAuditing/ExternalUpstreamSourceAddedtoAzureDevOpsFeed.yaml
@ -45,3 +45,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/NewAgentAddedToPoolbyNewUserorofNewOS.yaml
+++ b/Detections/AzureDevOpsAuditing/NewAgentAddedToPoolbyNewUserorofNewOS.yaml
@ -62,3 +62,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml
+++ b/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml
@ -40,3 +40,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml
+++ b/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml
@ -41,3 +41,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml
+++ b/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml
@ -53,3 +53,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml
+++ b/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml
@ -57,3 +57,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml
+++ b/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml
@ -74,3 +74,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml
+++ b/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml
@ -44,3 +44,4 @@ entityMappings:
      - identifier: Url
        columnName: URLCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaConnectionNon-CorporatePrivateNetwork.yaml
@ -34,3 +34,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaConnectionToUnpopularWebsiteDetected.yaml
@ -41,3 +41,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaCryptoMinerUserAgentDetected.yaml
@ -32,3 +32,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaEmptyUserAgentDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaEmptyUserAgentDetected.yaml
@ -32,3 +32,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaHackToolUserAgentDetected.yaml
@ -80,3 +80,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaPowershellUserAgentDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaPowershellUserAgentDetected.yaml
@ -33,3 +33,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaRareUserAgentDetected.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaRareUserAgentDetected.yaml
@ -38,3 +38,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaRequestAllowedHarmfulMaliciousURICategory.yaml
@ -51,3 +51,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaRequestBlocklistedFileType.yaml
@ -36,3 +36,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml
+++ b/Detections/CiscoUmbrella/CiscoUmbrellaURIContainsIPAddress.yaml
@ -33,3 +33,4 @@ entityMappings:
      - identifier: Address
        columnName: IPCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniHighRiskBusinessIncidents.yaml
+++ b/Detections/Cognni/CognniHighRiskBusinessIncidents.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniHighRiskFinancialIncidents.yaml
+++ b/Detections/Cognni/CognniHighRiskFinancialIncidents.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniHighRiskGovernanceIncidents.yaml
+++ b/Detections/Cognni/CognniHighRiskGovernanceIncidents.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniHighRiskHRIncidents.yaml
+++ b/Detections/Cognni/CognniHighRiskHRIncidents.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniHighRiskLegalIncidents.yaml
+++ b/Detections/Cognni/CognniHighRiskLegalIncidents.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniLowRiskBusinessIncidents.yaml
+++ b/Detections/Cognni/CognniLowRiskBusinessIncidents.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniLowRiskFinancialIncidents.yaml
+++ b/Detections/Cognni/CognniLowRiskFinancialIncidents.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniLowRiskGovernanceIncidents.yaml
+++ b/Detections/Cognni/CognniLowRiskGovernanceIncidents.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniLowRiskHRIncidents.yaml
+++ b/Detections/Cognni/CognniLowRiskHRIncidents.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniLowRiskLegalIncidents.yaml
+++ b/Detections/Cognni/CognniLowRiskLegalIncidents.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Detections/Cognni/CognniMediumRiskBusinessIncidents.yaml
+++ b/Detections/Cognni/CognniMediumRiskBusinessIncidents.yaml
@ -29,3 +29,4 @@ entityMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
 version: 1.0.0
+kind: scheduled
--- a/Показать больше
+++ b/Показать больше