diff --git a/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml b/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml
index d65932bdbf..1a576c5202 100644
--- a/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOAgentPoolCreatedDeleted.yaml
@@ -35,7 +35,7 @@ query: |
   | extend AgentPoolId = tostring(Data.AgentPoolId)
   | extend timekey = bin(TimeGenerated, timewindow)) on AgentPoolId, timekey
   | project-reorder TimeGenerated, ActorUPN, UserAgent, IpAddress, AuthenticationMechanism, OperationName, AgentPoolName, IsHosted, IsLegacy, Data
-  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity =  IpAddress
+  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity = IpAddress
 entityMappings:
   - entityType: Account
     fieldMappings:
diff --git a/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml b/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml
index b62ba79ec5..7a1000ebd1 100644
--- a/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOAuditStreamDisabled.yaml
@@ -17,7 +17,7 @@ query: |
   | where OperationName =~ "AuditLog.StreamDisabledByUser"
   | extend StreamType = tostring(Data.ConsumerType)
   | project-reorder TimeGenerated, Details, ActorUPN, IpAddress, UserAgent, StreamType
-  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity =  IpAddress
+  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity = IpAddress
 entityMappings:
   - entityType: Account
     fieldMappings:
diff --git a/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml b/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml
index c97469b596..84d682f96b 100644
--- a/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml
+++ b/Detections/AzureDevOpsAuditing/ADONewExtensionAdded.yaml
@@ -20,7 +20,7 @@ query: |
   | extend PublisherName = tostring(Data.PublisherName)
   | where PublisherName !in (allowed_publishers)
   | project-reorder TimeGenerated, OperationName, ExtensionName, PublisherName, ActorUPN, IpAddress, UserAgent, ScopeDisplayName, ScopeType, Data
-  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity =  IpAddress
+  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity = IpAddress
 entityMappings:
   - entityType: Account
     fieldMappings:
diff --git a/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml b/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml
index 50ae354a46..7e034afeac 100644
--- a/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOPATUsedWithBrowser.yaml
@@ -17,7 +17,7 @@ query: |
   | where AuthenticationMechanism startswith "PAT"
   // Look for useragents that include a redenring engine
   | where UserAgent has_any ("Gecko", "WebKit", "Presto", "Trident", "EdgeHTML", "Blink")
-  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity =  IpAddress
+  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity = IpAddress
 entityMappings:
   - entityType: Account
     fieldMappings:
diff --git a/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml b/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml
index 956faf3956..6f5d8a0318 100644
--- a/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOPipelineModifiedbyNewUser.yaml
@@ -44,7 +44,7 @@ query: |
   | extend Alerts = iif(isnotempty(Alerts), Alerts, 0)
   // Uncomment the line below to only show results where the user as AADIdP alerts
   //| where Alerts > 0
-  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity =  IpAddress
+  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity = IpAddress
 entityMappings:
   - entityType: Account
     fieldMappings:
diff --git a/Hunting Queries/AzureDevOpsAuditing/ADOInternalUpstreamPacakgeFeedAdded.yaml b/Hunting Queries/AzureDevOpsAuditing/ADOInternalUpstreamPacakgeFeedAdded.yaml
index ceafdc01a7..6040ec1cfb 100644
--- a/Hunting Queries/AzureDevOpsAuditing/ADOInternalUpstreamPacakgeFeedAdded.yaml	
+++ b/Hunting Queries/AzureDevOpsAuditing/ADOInternalUpstreamPacakgeFeedAdded.yaml	
@@ -26,7 +26,7 @@ query: |
   | where UpstreamsAdded.UpstreamSourceType =~ "internal"
   | extend SourceLocation = tostring(UpstreamsAdded.Location)
   | summarize by SourceLocation);
-  // Look for internal feeds being added from a new location 
+  // Look for internal feeds being added from a new location
   AzureDevOpsAuditing
   | where TimeGenerated > ago(timeframe)
   | where OperationName matches regex "Artifacts.Feed.(Org|Project).Modify"
@@ -52,7 +52,7 @@ query: |
   | where OperationName matches regex "Artifacts.Feed.(Org|Project).Create"
   | extend FeedId = tostring(Data.FeedId)
   | project FeedId, FeedCreatedBy=ActorUPN, TimeCreated=TimeGenerated) on FeedId, $left.ActorUPN==$right.FeedCreatedBy
-  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity =  IpAddress
+  | extend timestamp = TimeGenerated, AccountCustomEntity = ActorUPN, IPCustomEntity = IpAddress
 entityMappings:
   - entityType: Account
     fieldMappings: