diff --git a/Hunting Queries/AzureDevOpsAuditing/ADOVariableCreatedDeleted.yaml b/Hunting Queries/AzureDevOpsAuditing/ADOVariableCreatedDeleted.yaml
index 0505aa5653..12f42b53f6 100644
--- a/Hunting Queries/AzureDevOpsAuditing/ADOVariableCreatedDeleted.yaml	
+++ b/Hunting Queries/AzureDevOpsAuditing/ADOVariableCreatedDeleted.yaml	
@@ -26,7 +26,7 @@ query: |
   | extend VariablesRemoved = set_difference(bag_keys(variables), bag_keys(variables1)) 
   | project-rename TimeCreated=TimeGenerated, TimeDeleted = TimeGenerated1, CreatingUser = ActorUPN, DeletingUser = ActorUPN1, CreatingIP = IpAddress, DeletingIP = IpAddress1, CreatingUA = UserAgent, DeletingUA = UserAgent1
   | project-reorder VariableGroupName, TimeCreated, TimeDeleted, VariablesRemoved, CreatingUser, CreatingIP, CreatingUA, DeletingUser, DeletingIP, DeletingUA
-  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity = IpAddress
+  | extend timestamp = TimeDeleted, AccountCustomEntity = DeletingUser, IPCustomEntity = DeletingIP
 entityMappings:
   - entityType: Account
     fieldMappings:
@@ -35,4 +35,4 @@ entityMappings:
   - entityType: IP
     fieldMappings:
       - identifier: Address
-        columnName: IPCustomEntity
\ No newline at end of file
+        columnName: IPCustomEntity