diff --git a/Hunting Queries/CommonSecurityLog/B64IPInURL.yaml b/Hunting Queries/CommonSecurityLog/B64IPInURL.yaml
index 8b830dc2fa..9f4155ea31 100644
--- a/Hunting Queries/CommonSecurityLog/B64IPInURL.yaml	
+++ b/Hunting Queries/CommonSecurityLog/B64IPInURL.yaml	
@@ -61,6 +61,7 @@ query: |
   // If it's not an IP, throw it out
   | where isnotnull(ipmatch)
   | mv-expand ipmatch to typeof(string)
+  | extend timestamp = Start, IPCustomEntity = ipmatch
 entityMappings:
   - entityType: IP
     fieldMappings:
diff --git a/Hunting Queries/CommonSecurityLog/RiskyCommandB64EncodedInUrl.yaml b/Hunting Queries/CommonSecurityLog/RiskyCommandB64EncodedInUrl.yaml
index 517e16262b..b709dc9a28 100644
--- a/Hunting Queries/CommonSecurityLog/RiskyCommandB64EncodedInUrl.yaml	
+++ b/Hunting Queries/CommonSecurityLog/RiskyCommandB64EncodedInUrl.yaml	
@@ -47,6 +47,7 @@ query: |
       | mv-expand match_list to typeof(string)
   ) on $left.B64MatchData == $right.match_list
   | project TimeGenerated, B64MatchData, CommandFound, RequestURL, RequestMethod, DestinationHostName, DestinationIP, SourceIP, DeviceVendor, DeviceProduct, Activity
+  | extend timestamp = TimeGenerated, DomainCustomEntity = DestinationHostName, IPCustomEntity = DestinationIP
 entityMappings:
   - entityType: IP
     fieldMappings: