changes

2021-05-11 08:52:54 +03:00 · 2021-05-11 08:52:54 +03:00 · f63fc0ed91
--- a/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml
+++ b/Detections/AWSCloudTrail/AWS_ChangeToRDSDatabase.yaml
@ -35,5 +35,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml
+++ b/Detections/AWSCloudTrail/AWS_ChangeToVPC.yaml
@ -37,5 +37,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml
+++ b/Detections/AWSCloudTrail/AWS_ClearStopChangeTrailLogs.yaml
@ -36,5 +36,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml
+++ b/Detections/AWSCloudTrail/AWS_ConsoleLogonWithoutMFA.yaml
@ -39,5 +39,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml
+++ b/Detections/AWSCloudTrail/AWS_CredentialHijack.yaml
@ -36,5 +36,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml
+++ b/Detections/AWSCloudTrail/AWS_FullAdminPolicyAttachedToRolesUsersGroups.yaml
@ -69,5 +69,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml
+++ b/Detections/AWSCloudTrail/AWS_IngressEgressSecurityGroupChange.yaml
@ -36,5 +36,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml
+++ b/Detections/AWSCloudTrail/AWS_LoadBalancerSecGroupChange.yaml
@ -37,5 +37,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AlsidForAD/DCShadow.yaml
+++ b/Detections/AlsidForAD/DCShadow.yaml
@ -18,5 +18,4 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "DCShadow"
-
 version: 1.0.0
--- a/Detections/AlsidForAD/DCSync.yaml
+++ b/Detections/AlsidForAD/DCSync.yaml
@ -18,5 +18,4 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "DCSync"
-
 version: 1.0.0
--- a/Detections/AlsidForAD/GoldenTicket.yaml
+++ b/Detections/AlsidForAD/GoldenTicket.yaml
@ -18,5 +18,4 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "Golden Ticket"
-
 version: 1.0.0
--- a/Detections/AlsidForAD/IndicatorsOfAttack.yaml
+++ b/Detections/AlsidForAD/IndicatorsOfAttack.yaml
@ -26,5 +26,4 @@ query: |
    | where MessageType == 2
    | lookup kind=leftouter SeverityTable on Severity
    | order by Level
-
 version: 1.0.0
--- a/Detections/AlsidForAD/LSASSMemory.yaml
+++ b/Detections/AlsidForAD/LSASSMemory.yaml
@ -18,5 +18,4 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "OS Credential Dumping: LSASS Memory"
-
 version: 1.0.0
--- a/Detections/AlsidForAD/PasswordGuessing.yaml
+++ b/Detections/AlsidForAD/PasswordGuessing.yaml
@ -18,5 +18,4 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "Password Guessing"
-
 version: 1.0.0
--- a/Detections/AlsidForAD/PasswordSpraying.yaml
+++ b/Detections/AlsidForAD/PasswordSpraying.yaml
@ -18,5 +18,4 @@ relevantTechniques:
 query: |
    afad_parser
    | where MessageType == 2 and Codename == "Password Spraying"
-
 version: 1.0.0
--- a/Detections/AuditLogs/ADFSDomainTrustMods.yaml
+++ b/Detections/AuditLogs/ADFSDomainTrustMods.yaml
@ -57,5 +57,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml
+++ b/Detections/AuditLogs/FirstAppOrServicePrincipalCredential.yaml
@ -55,5 +55,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AuditLogs/RareApplicationConsent.yaml
+++ b/Detections/AuditLogs/RareApplicationConsent.yaml
@ -73,5 +73,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml
+++ b/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml
@ -68,5 +68,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml
+++ b/Detections/AuditLogs/UseraddedtoPrivilgedGroups.yaml
@ -52,5 +52,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml
+++ b/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml
@ -60,5 +60,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureActivity/Creation_of_Expensive_Computes_in
+++ b/Detections/AzureActivity/Creation_of_Expensive_Computes_in
@ -42,5 +42,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml
+++ b/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml
@ -45,5 +45,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml
+++ b/Detections/AzureActivity/NewResourceGroupsDeployedTo.yaml
@ -46,5 +46,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureActivity/RareOperations.yaml
+++ b/Detections/AzureActivity/RareOperations.yaml
@ -51,5 +51,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureAppServices/AVScan_Failure.yaml
+++ b/Detections/AzureAppServices/AVScan_Failure.yaml
@ -19,5 +19,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml
+++ b/Detections/AzureAppServices/AVScan_Infected_Files_Found.yaml
@ -19,5 +19,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml
+++ b/Detections/AzureDevOpsAuditing/ADOSecretNotSecured.yaml
@ -33,5 +33,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOAdminGroupAdditions.yaml
@ -38,5 +38,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOHistoricPrPolicyBypassing.yaml
@ -39,5 +39,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOHistoricServiceConnectionAdds.yaml
@ -58,5 +58,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOPatSessionMisuse.yaml
@ -41,5 +41,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml
+++ b/Detections/AzureDevOpsAuditing/AzDOPipelineCreatedDeletedOneDay.yaml
@ -56,5 +56,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: DeletingIP
-
 version: 1.0.0
--- a/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml
+++ b/Detections/AzureDevOpsAuditing/NewPAPCAPCASaddedtoADO.yaml
@ -39,5 +39,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml
+++ b/Detections/AzureDiagnostics/KeyVaultSensitiveOperations.yaml
@ -40,5 +40,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml
+++ b/Detections/AzureDiagnostics/KeyvaultMassSecretRetrieval.yaml
@ -52,5 +52,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml
+++ b/Detections/AzureDiagnostics/MaliciousWAFSessions.yaml
@ -56,5 +56,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml
+++ b/Detections/AzureDiagnostics/TimeSeriesKeyvaultAccessAnomaly.yaml
@ -73,5 +73,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml
+++ b/Detections/AzureFirewall/SeveralDenyActionsRegistered.yaml
@ -43,5 +43,4 @@ entityMappings:
    fieldMappings:
      - identifier: Url
        columnName: URLCustomEntity
-
 version: 1.0.0
--- a/Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml
+++ b/Detections/CommonSecurityLog/CiscoASA-AvgAttackDetectRateIncrease.yaml
@ -69,5 +69,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml
+++ b/Detections/CommonSecurityLog/CiscoASA-ThreatDetectionMessage.yaml
@ -34,5 +34,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml
+++ b/Detections/CommonSecurityLog/Fortinet-NetworkBeaconPattern.yaml
@ -79,5 +79,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml
+++ b/Detections/CommonSecurityLog/MultiVendor-PossibleDGAContacts.yaml
@ -121,5 +121,4 @@ entityMappings:
    fieldMappings:
      - identifier: DomainName
        columnName: Name
-
 version: 1.0.0
--- a/Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml
+++ b/Detections/CommonSecurityLog/PaloAlto-NetworkBeaconing.yaml
@ -63,5 +63,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml
+++ b/Detections/CommonSecurityLog/PaloAlto-PortScanning.yaml
@ -58,5 +58,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml
+++ b/Detections/CommonSecurityLog/TimeSeriesAnomaly-MultiVendor_NetworkTraffic.yaml
@ -82,5 +82,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/CommonSecurityLog/Wazuh-Large
+++ b/Detections/CommonSecurityLog/Wazuh-Large
@ -32,5 +32,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/CommonSecurityLog/Zscaler-LowVolumeDomainRequests.yaml
+++ b/Detections/CommonSecurityLog/Zscaler-LowVolumeDomainRequests.yaml
@ -50,5 +50,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml
+++ b/Detections/DeviceEvents/SolarWinds_TEARDROP_Process-IOCs.yaml
@ -49,5 +49,4 @@ entityMappings:
        columnName: FileHashType
      - identifier: Value
        columnName: FileHashCustomEntity
-
 version: 1.0.0
--- a/Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml
+++ b/Detections/DeviceFileEvents/SolarWinds_SUNBURST_&_SUPERNOVA_File-IOCs.yaml
@ -45,5 +45,4 @@ entityMappings:
        columnName: MD5
      - identifier: Value
        columnName: FileHashCustomEntity
-
 version: 1.0.0
--- a/Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml
+++ b/Detections/DeviceProcessEvents/SolarWinds_SUNBURST_Process-IOCs.yaml
@ -48,5 +48,4 @@ entityMappings:
        columnName: MD5
      - identifier: Value
        columnName: FileHashCustomEntity
-
 version: 1.0.0
--- a/Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml
+++ b/Detections/DnsEvents/DNS_HighNXDomainCount_detection.yaml
@ -49,5 +49,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml
+++ b/Detections/DnsEvents/DNS_HighReverseDNSCount_detection.yaml
@ -40,5 +40,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/DnsEvents/DNS_Miners.yaml
+++ b/Detections/DnsEvents/DNS_Miners.yaml
@ -40,5 +40,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/DnsEvents/DNS_TorProxies.yaml
+++ b/Detections/DnsEvents/DNS_TorProxies.yaml
@ -33,5 +33,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/EsetSMC/eset-sites-blocked.yaml
+++ b/Detections/EsetSMC/eset-sites-blocked.yaml
@ -36,5 +36,4 @@ entityMappings:
    fieldMappings:
      - identifier: Url
        columnName: URLCustomEntity
-
 version: 1.0.0
--- a/Detections/EsetSMC/eset-threats.yaml
+++ b/Detections/EsetSMC/eset-threats.yaml
@ -32,5 +32,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/GitHub/GitHub
+++ b/Detections/GitHub/GitHub
@ -35,5 +35,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-
 version: 1.0.0
--- a/Detections/GitHub/Security
+++ b/Detections/GitHub/Security
@ -13,5 +13,4 @@ query: |
  GitHubRepo
  | where Action == "vulnerabilityAlert"
  | project TimeGenerated, DismmisedAt, Reason, vulnerableManifestFilename, Description, Link, PublishedAt, Severity, Summary
-
 version: 1.0.0
--- a/Detections/GitHub/Threat
+++ b/Detections/GitHub/Threat
@ -43,5 +43,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/GitHub/Two
+++ b/Detections/GitHub/Two
@ -27,5 +27,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml
+++ b/Detections/InfobloxNIOS/ExcessiveNXDOMAINDNSQueries.yaml
@ -36,5 +36,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/InfobloxNIOS/PotentialDHCPStarvationAttack.yaml
+++ b/Detections/InfobloxNIOS/PotentialDHCPStarvationAttack.yaml
@ -31,5 +31,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml
+++ b/Detections/LAQueryLogs/UserSearchingForVIPUserActivity.yaml
@ -30,5 +30,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: AccountCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml
+++ b/Detections/MultipleDataSources/AADAWSConsoleCorrelation.yaml
@ -64,5 +64,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml
+++ b/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml
@ -77,5 +77,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml
+++ b/Detections/MultipleDataSources/AAD_PAVPN_Correlation.yaml
@ -75,5 +75,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml
+++ b/Detections/MultipleDataSources/ADFS-DKM-MasterKey-Export.yaml
@ -51,5 +51,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml
+++ b/Detections/MultipleDataSources/AWSConsoleAADCorrelation.yaml
@ -50,5 +50,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml
+++ b/Detections/MultipleDataSources/AdditionalFilesUploadedByActor.yaml
@ -89,5 +89,4 @@ entityMappings:
        columnName: HashAlgorithm
      - identifier: Value
        columnName: FileHashCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml
+++ b/Detections/MultipleDataSources/AnomalousIPUsageFollowedByTeamsAction.yaml
@ -125,5 +125,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml
+++ b/Detections/MultipleDataSources/AuditPolicyManipulation_using_auditpol.yaml
@ -89,5 +89,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/BariumDomainIOC112020.yaml
+++ b/Detections/MultipleDataSources/BariumDomainIOC112020.yaml
@ -152,5 +152,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/BariumIPIOC112020.yaml
+++ b/Detections/MultipleDataSources/BariumIPIOC112020.yaml
@ -171,5 +171,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/CERIUMOct292020IOCs.yaml
+++ b/Detections/MultipleDataSources/CERIUMOct292020IOCs.yaml
@ -81,5 +81,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml
+++ b/Detections/MultipleDataSources/EmailAccessviaActiveSync.yaml
@ -70,5 +70,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml
+++ b/Detections/MultipleDataSources/GainCodeExecutionADFSviaWMI.yaml
@ -95,5 +95,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/GalliumIOCs.yaml
+++ b/Detections/MultipleDataSources/GalliumIOCs.yaml
@ -102,5 +102,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/HAFNIUMUmServiceSuspiciousFile.yaml
+++ b/Detections/MultipleDataSources/HAFNIUMUmServiceSuspiciousFile.yaml
@ -53,5 +53,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/HostAADCorrelation.yaml
+++ b/Detections/MultipleDataSources/HostAADCorrelation.yaml
@ -70,5 +70,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/IridiumIOCs.yaml
+++ b/Detections/MultipleDataSources/IridiumIOCs.yaml
@ -143,5 +143,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/KnownPHOSPHORUSDomainsIP-October2020.yaml
+++ b/Detections/MultipleDataSources/KnownPHOSPHORUSDomainsIP-October2020.yaml
@ -95,5 +95,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/MFADisable.yaml
+++ b/Detections/MultipleDataSources/MFADisable.yaml
@ -47,5 +47,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/MalformedUserAgents.yaml
+++ b/Detections/MultipleDataSources/MalformedUserAgents.yaml
@ -95,5 +95,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml
+++ b/Detections/MultipleDataSources/Manganese_VPN-IOCs.yaml
@ -52,5 +52,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml
+++ b/Detections/MultipleDataSources/MultiplePasswordresetsbyUser.yaml
@ -88,5 +88,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/NOBELIUM_DomainIOCsMarch2021.yaml
+++ b/Detections/MultipleDataSources/NOBELIUM_DomainIOCsMarch2021.yaml
@ -101,5 +101,4 @@ entityMappings:
    fieldMappings:
      - identifier: DomainName
        columnName: DNSName
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml
+++ b/Detections/MultipleDataSources/NetworkEndpointCorrelation.yaml
@ -52,5 +52,4 @@ entityMappings:
    fieldMappings:
      - identifier: Url
        columnName: URLCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/NewUserAgentLast24h.yaml
+++ b/Detections/MultipleDataSources/NewUserAgentLast24h.yaml
@ -81,5 +81,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml
+++ b/Detections/MultipleDataSources/PHOSPHORUSMarch2019IOCs.yaml
@ -107,5 +107,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml
+++ b/Detections/MultipleDataSources/PotentialBuildProcessCompromiseMDE.yaml
@ -53,5 +53,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml
+++ b/Detections/MultipleDataSources/STRONTIUMJuly2019IOCs.yaml
@ -71,5 +71,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/STRONTIUMOct292020IOCs.yaml
+++ b/Detections/MultipleDataSources/STRONTIUMOct292020IOCs.yaml
@ -33,5 +33,4 @@ query: |
  | where authAttempts > 500
  | extend timestamp = firstAttempt
  | sort by uniqueAccounts
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/SUNSPOTHashes.yaml
+++ b/Detections/MultipleDataSources/SUNSPOTHashes.yaml
@ -35,5 +35,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/SUNSPOTLogFile.yaml
+++ b/Detections/MultipleDataSources/SUNSPOTLogFile.yaml
@ -40,5 +40,4 @@ entityMappings:



-
 version: 1.0.0
--- a/Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml
+++ b/Detections/MultipleDataSources/SecurityServiceRegistryACLModification.yaml
@ -82,5 +82,4 @@ entityMappings:
    fieldMappings:
      - identifier: FullName
        columnName: HostCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/SigninFirewallCorrelation.yaml
+++ b/Detections/MultipleDataSources/SigninFirewallCorrelation.yaml
@ -54,5 +54,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml
+++ b/Detections/MultipleDataSources/Solorigate-Network-Beacon.yaml
@ -98,5 +98,4 @@ entityMappings:
    fieldMappings:
      - identifier: DomainName
        columnName: DNSName
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/ThalliumIOCs.yaml
+++ b/Detections/MultipleDataSources/ThalliumIOCs.yaml
@ -81,5 +81,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml
+++ b/Detections/MultipleDataSources/TimeSeriesAnomaly-MultiVendor_DataExfiltration.yaml
@ -114,5 +114,4 @@ entityMappings:
    fieldMappings:
      - identifier: Address
        columnName: IPCustomEntity
-
 version: 1.0.0
--- a/Показать больше
+++ b/Показать больше