Merge pull request #4189 from ep3p/patch-21

Remove unnecessary summarize in SigninPasswordSpray.yaml

Detections/SigninLogs/SigninPasswordSpray.yaml

@@ -44,7 +44,6 @@ query: |
     table(tableName)
     | where TimeGenerated > ago(timeRange)
     | where ResultType in(failureCodes)
-    | summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), make_set(ClientAppUsed), count() by bin(TimeGenerated, authenticationWindow), IPAddress, AppDisplayName, UserPrincipalName, Type
     | summarize FailedPrincipalCount = dcount(UserPrincipalName) by bin(TimeGenerated, authenticationWindow), IPAddress, AppDisplayName, Type
     | where FailedPrincipalCount >= authenticationThreshold
     | summarize WindowThresholdBreaches = count() by IPAddress, Type
@@ -85,5 +84,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.0
+version: 1.0.1
 kind: Scheduled