diff --git a/Detections/MultipleDataSources/PhosphorusIOCs.yaml b/Detections/MultipleDataSources/PhosphorusIOCs.yaml
index 459d55074f..0c95e60c52 100644
--- a/Detections/MultipleDataSources/PhosphorusIOCs.yaml
+++ b/Detections/MultipleDataSources/PhosphorusIOCs.yaml
@@ -55,7 +55,8 @@ query: |
   | where isnotempty(SourceIP) or isnotempty(DestinationIP) or isnotempty(DNSName)
   | where SourceIP in (IPList) or DestinationIP in (IPList) or Message has_any (IPList) or DNSName in~ (DomainNames)
   | extend IPMatch = case( SourceIP in (IPList), "SourceIP", DestinationIP in (IPList), "DestinationIP", "Message") 
-  | extend timestamp = TimeGenerated , IPCustomEntity = case(IPMatch == "SourceIP", SourceIP, IPMatch == "DestinationIP", DestinationIP, "IP in Message Field"), Account = SourceUserID, Host = DeviceName),
+ | extend timestamp = TimeGenerated , IPCustomEntity = case(IPMatch == "SourceIP", SourceIP, IPMatch == "DestinationIP", DestinationIP, "IP in Message Field"), Account = SourceUserID, Host = DeviceName
+  ),
   (DnsEvents 
   | where TimeGenerated >= ago(timeframe) 
   | extend DestinationIPAddress = IPAddresses, DNSName = Name, Host = Computer