changes per PR Review

Hunting Queries/SecurityEvent/Suspicious_Windows_Login_outside_normal_hours.yaml

@@ -1,5 +1,5 @@
 id: e7bfbc3f-98c7-4aaa-a64c-de9c058b86b2
-name: Suspicious Login outside normal hours
+name: Suspicious Windows Login outside normal hours
 description: |
   Looking for suspiciopus interactive logon events which are outside normal logon hours for the user. Current day logon events are comapred with last 14 days activity 
   and filtered for events which are above or below of historical logon hour range seen for the user.
@@ -104,4 +104,5 @@ query: |
   // Also populating additional column showing historical days of week when logon was seen
   | extend historical_DayofWeek = tostring(historical_DayofWeek)
   | summarize Total= count(), max(HourOfLogin), min(HourOfLogin), current_DayofWeek =make_set(DayofWeek), StartTime=max(StartTime), EndTime = min(StartTime), SourceIP = make_set(IpAddress), SourceHost = make_set(WorkstationName), SubjectUserName = make_set(SubjectUserName), HostLoggedOn = make_set(Computer) by EventID, Activity, TargetDomainName, TargetUserName , ProcessName , LogonTypeName, StatusDesc, SubStatusDesc, historical_DayofWeek
-  | extend historical_DayofWeek = todynamic(historical_DayofWeek) 
+  | extend historical_DayofWeek = todynamic(historical_DayofWeek) 
+  | extend timestamp = StartTime, AccountCustomEntity = TargetUserName