Merge pull request #11294 from atombravo/atombravo-patch-AADHostLogin…

…Correlations Update AADHostLoginCorrelation.yaml
Azure · Oct 18, 2024 · a462930 · a462930
2 parents 7f7bd10 + e1c0f70
commit a462930
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml b/Detections/MultipleDataSources/AADHostLoginCorrelation.yaml
@@ -41,7 +41,7 @@ query: |
   let suspicious_signins =
   table(tableName)
   | where ResultType !in ("0", "50125", "50140")
-  | where IPAddress !in ('127.0.0.1', '::1')
+  | where IPAddress !in ('127.0.0.1', '::1', '')
   | summarize count() by IPAddress
   | where count_ > signin_threshold
   | summarize make_set(IPAddress);
@@ -115,7 +115,7 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpAddress
-version: 1.3.1
+version: 1.3.2
 kind: Scheduled
 metadata:
     source:
@@ -125,4 +125,4 @@ metadata:
     support:
         tier: Community
     categories:
-        domains: [ "Security - Others", "Identity" ]
+        domains: [ "Security - Others", "Identity" ]