removed unecessary extend

2021-03-03 15:57:36 -08:00 · 2021-03-03 15:57:36 -08:00 · c31d1cdd79
--- a/Queries/SecurityEvent/NewChildProcessOfW3WP.yaml
+++ b/Queries/SecurityEvent/NewChildProcessOfW3WP.yaml
@ -28,7 +28,6 @@ query: |
  | where ParentProcessName hassuffix "w3wp.exe"
  | extend ProcessHost = strcat(Process, "-", Computer)
  | where ProcessHost !in (known_procs)
-  | extend timekey = bin(TimeGenerated, 1h)
  | project-reorder TimeGenerated, Computer, NewProcessName, ParentProcessName, Account, NewProcessId
  | extend timestamp = TimeGenerated, HostCustomEntity = Computer, AccountCustomEntity = Account
 entityMappings: