Fixing typo

2020-12-03 09:54:18 -08:00 · 2020-12-03 09:54:18 -08:00 · f886a062e0
--- a/Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml
+++ b/Detections/AuditLogs/MaliciousOAuthApp_O365AttackToolkit.yaml
@ -60,7 +60,7 @@ query: |
  | project GrantAuthentication, GrantOperation, CorrelationId
  ) on CorrelationId
  | project TimeGenerated, GrantConsentType, GrantScope1, GrantInitiatedBy, AppDisplayName, AppReplyURLs, GrantIpAddress, GrantUserAgent, AppClientId, GrantAuthentication, OperationName, GrantOperation, CorrelationId, ConsentFull
-  | extend timestamp = TimeGenerated, AccountCustomEntity = GrantInitiatedBy, IPCusomtEntity = GrantIpAddress
+  | extend timestamp = TimeGenerated, AccountCustomEntity = GrantInitiatedBy, IPCustomEntity = GrantIpAddress
 entityMappings:
  - entityType: Account
    fieldMappings:
--- a/Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml
+++ b/Detections/AuditLogs/MaliciousOAuthApp_PwnAuth.yaml
@ -60,7 +60,7 @@ query: |
  | project GrantAuthentication, GrantOperation, CorrelationId
  ) on CorrelationId
  | project TimeGenerated, GrantConsentType, GrantScope1, GrantInitiatedBy, AppDisplayName, AppReplyURLs, GrantIpAddress, GrantUserAgent, AppClientId, GrantAuthentication, OperationName, GrantOperation, CorrelationId, ConsentFull
-  | extend timestamp = TimeGenerated, AccountCustomEntity = GrantInitiatedBy, IPCusomtEntity = GrantIpAddress
+  | extend timestamp = TimeGenerated, AccountCustomEntity = GrantInitiatedBy, IPCustomEntity = GrantIpAddress
 entityMappings:
  - entityType: Account
    fieldMappings:
--- a/Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml
+++ b/Detections/AuditLogs/NewAppOrServicePrincipalCredential.yaml
@ -44,7 +44,7 @@ query: |
  //| where targetType =~ "Application" // or targetType =~ "ServicePrincipal"
  | project-away keyEvents
  | project-reorder TimeGenerated, OperationName, InitiatingUserOrApp, InitiatingIpAddress, UserAgent, targetDisplayName, targetId, targetType, keyDisplayName, keyType, keyUsage, keyIdentifier, CorrelationId, TenantId
-  | extend timestamp = TimeGenerated, AccountCustomEntity = InitiatingUserOrApp, IPCusomtEntity = InitiatingIpAddress
+  | extend timestamp = TimeGenerated, AccountCustomEntity = InitiatingUserOrApp, IPCustomEntity = InitiatingIpAddress
 entityMappings:
  - entityType: Account
    fieldMappings:
--- a/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml
+++ b/Detections/AuditLogs/SuspiciousOAuthApp_OfflineAccess.yaml
@ -58,7 +58,7 @@ query: |
  | project GrantAuthentication, GrantOperation, CorrelationId
  ) on CorrelationId
  | project TimeGenerated, GrantConsentType, GrantScope1, GrantInitiatedBy, AppDisplayName, AppReplyURLs, GrantIpAddress, GrantUserAgent, AppClientId, GrantAuthentication, OperationName, GrantOperation, CorrelationId, ConsentFull
-  | extend timestamp = TimeGenerated, AccountCustomEntity = GrantInitiatedBy, IPCusomtEntity = GrantIpAddress
+  | extend timestamp = TimeGenerated, AccountCustomEntity = GrantInitiatedBy, IPCustomEntity = GrantIpAddress
 entityMappings:
  - entityType: Account
    fieldMappings: