upd parser schema; fix rule query

.script/tests/KqlvalidationsTests/CustomTables/CiscoDuo.json

@@ -5,6 +5,10 @@
             "Name": "AccessDvcBrowser",
             "Type": "String"
         },
+        {
+            "Name": "TimeGenerated",
+            "Type": "DateTime"
+        },
         {
             "Name": "AccessDvcBrowserVersion",
             "Type": "String"

Solutions/CiscoDuoSecurity/Analytic Rules/CiscoDuoNewAccessDevice.yaml

@@ -21,7 +21,7 @@ query: |
   | where EventResult =~ 'success'
   | where isnotempty(AccessDvcIpAddr)
   | summarize dvc_ip = makeset(AccessDvcIpAddr) by DstUserName
-  | extend k=1;
+  | extend k=1
   join (CiscoDuo
   | where EventType =~ 'authentication'
   | where EventResult =~ 'success'