Yaml format fixes for ASIM schemas

ASIM/schemas/ASimAuthentication.yaml

@@ -117,7 +117,7 @@ Fields:
 
 - Name: LogonMethod
   Class: Optional
-  Type:  string
+  Type: string
   Description: The method used to perform authentication.
   Example: Username & Password
 

ASIM/schemas/ASimDHCPEvent.yaml

@@ -22,7 +22,7 @@ Include:
 
 # Entities
 - Name: Dvc
-  File: common/ASimDvc.yaml
+  File: entities/ASimDvc.yaml
 - Name: Source user entity
   File: entities/ASimUser.yaml
   Role: Src
@@ -69,7 +69,7 @@ Fields:
 # DHCP event fields
 - Name: RequestedIpAddr
   Class: Optional
-  Type:  string
+  Type: string
   Description: The IP address requested by the DHCP client, when available.
   Example: '192.168.12.3'
 
@@ -81,7 +81,7 @@ Fields:
 - Name: DhcpSessionId
   Class: Optional
   Type: string
-  Description: 	The session identifier as reported by the reporting device. For the Windows DHCP server, set this to the TransactionID field.
+  Description: The session identifier as reported by the reporting device. For the Windows DHCP server, set this to the TransactionID field.
   Example: '2099570186'
 
 - Name: SessionId
@@ -92,44 +92,44 @@ Fields:
 
 - Name: DhcpSessionDuration
   Class: Optional
-  Type:  Integer
+  Type: integer
   Description: The amount of time, in milliseconds, for the completion of the DHCP session.
   Example: 1500
 
 - Name: Duration
   Class: Alias
-  Type: Integer
+  Type: integer
   Description: Alias to DhcpSessionDuration
   Aliases: DhcpSessionDuration
 
 - Name: DhcpSrcDHCId
   Class: Optional
-  Type:  string
-  Description: 	The DHCP client ID, as defined by RFC4701.
+  Type: string
+  Description: The DHCP client ID, as defined by RFC4701.
 
 - Name: DhcpCircuitId
-  Class:  Recommended
-  Type:  string
-  Description:  The DHCP circuit ID, as defined by RFC3046.
+  Class: Recommended
+  Type: string
+  Description: The DHCP circuit ID, as defined by RFC3046.
 
 - Name: DhcpSubscriberId
   Class: Optional
   Type: string
   Description: The DHCP subscriber ID, as defined by RFC3993.
 
-- Name: DhcpVendorClassId  
+- Name: DhcpVendorClassId
   Class: Optional
   Type: string
-  Description: 	The DHCP Vendor Class Id, as defined by RFC3925.
+  Description: The DHCP Vendor Class Id, as defined by RFC3925.
 
-- Name: DhcpVendorClass  
+- Name: DhcpVendorClass
   Class: Optional
-  Type:  string
+  Type: string
   Description: The DHCP Vendor Class, as defined by RFC3925.
 
-- Name: DhcpUserClassId  
+- Name: DhcpUserClassId
   Class: Optional
-  Type:  string
+  Type: string
   Description: The DHCP User Class Id, as defined by RFC3004.
 
 - Name: DhcpUserClass 

ASIM/schemas/ASimDns.yaml

@@ -51,7 +51,7 @@ Fields:
   Type: string
   Class: Mandatory
   Logical type: Enumerated
-  List of values: [ request response ]
+  List of values: [ request, response ]
   Notes: For most sources, only the responses are logged, and therefore the value is often response.
 
 - Name: EventResultDetails
@@ -74,7 +74,7 @@ Fields:
   Type: string
   Logical type: Enumerated
   Description: The field for which a threat was identified. The value is either SrcIpAddr, DstIpAddr, Domain, or DnsResponseName..
-  List of values: [SrcIpAddr DstIpAddr Domain  DnsResponseName]
+  List of values: [SrcIpAddr, DstIpAddr, Domain, DnsResponseName]
 
 - Name: ThreatIpAddr
   Class: Optional
@@ -111,7 +111,7 @@ Fields:
 # DNS event fields
 - Name: DnsQuery
   Class: Mandatory
-  Type:  string
+  Type: string
   Description: The domain that the request tries to resolve.
   Notes: |
     - Some sources send valid FQDN queries in a different format. For example, in the DNS protocol itself, the query includes a dot (.) at the end, which must be removed.
@@ -134,7 +134,7 @@ Fields:
 - Name: DnsQueryTypeName
   Class: Recommended
   Type: string
-  Logical type:  Enumerated
+  Logical type: Enumerated
   List of values: TBD
   Description: The DNS Resource Record Type names.
   Notes: |
@@ -146,7 +146,7 @@ Fields:
 
 - Name: DnsResponseName
   Class: Optional
-  Type:  string
+  Type: string
   Description: The content of the response, as included in the record.
   Notes: The DNS response data is inconsistent across reporting devices, is complex to parse, and has less value for source-agnostic analytics. Therefore the information model doesn't require parsing and normalization, and Microsoft Sentinel uses an auxiliary function to provide response information. For more information, see Handling DNS response.
 
@@ -158,37 +158,37 @@ Fields:
 
 - Name: DnsResponseCode
   Class: Optional
-  Type:  integer
+  Type: integer
   Description: The DNS numerical response code.
   Example: 3
 
 - Name: TransactionIdHex
-  Class:  Recommended
-  Type:  string
-  Description:  The DNS query unique ID as assigned by the DNS client, in hexadecimal format. Note that this value is part of the DNS protocol and different from DnsSessionId, the network layer session ID, typically assigned by the reporting device.
+  Class: Recommended
+  Type: string
+  Description: The DNS query unique ID as assigned by the DNS client, in hexadecimal format. Note that this value is part of the DNS protocol and different from DnsSessionId, the network layer session ID, typically assigned by the reporting device.
 
 - Name: NetworkProtocol
   Class: Optional
   Type: string
-  Logical type:  Enumerated
-  List of values: [TCP UDP]
+  Logical type: Enumerated
+  List of values: [TCP, UDP]
   Description: The transport protocol used by the network resolution event. The value can be UDP or TCP, and is most commonly set to UDP for DNS.
   Example: UDP
 
 - Name: NetworkProtocolVersion
   Class: Optional
   Type: string
-  Logical type:  Enumerated
+  Logical type: Enumerated
   List of values: TBD
 
 - Name: DnsQueryClass
   Class: Optional
-  Type:  integer
+  Type: integer
   Description: The DNS class ID. In practice, only the IN class (ID 1) is used, and therefore this field is less valuable.
 
 - Name: DnsQueryClassName
   Class: Optional
-  Type:  string
+  Type: string
   Logical type: Enumerated
   List of values: TBD
   Description: The DNS class name. In practice, only the IN class (ID 1) is used, and therefore this field is less valuable.
@@ -203,8 +203,8 @@ Fields:
 
 - Name: DnsNetworkDuration
   Class: Optional
-  Type:  integer
-  Description:  The amount of time, in milliseconds, for the completion of DNS request.
+  Type: integer
+  Description: The amount of time, in milliseconds, for the completion of DNS request.
   Example: 1500
 
 - Name: Duration
@@ -216,7 +216,7 @@ Fields:
 - Name: DnsFlagsAuthenticated
   Class: Optional
   Type: bool
-  Description:  The DNS AD flag, which is related to DNSSEC, indicates in a response that all data included in the answer and authority sections of the response have been verified by the server according to the policies of that server. For more information, see RFC 3655 Section 6.1 for more information.
+  Description: The DNS AD flag, which is related to DNSSEC, indicates in a response that all data included in the answer and authority sections of the response have been verified by the server according to the policies of that server. For more information, see RFC 3655 Section 6.1 for more information.
 
 - Name: DnsFlagsAuthoritative
   Class: Optional
@@ -251,7 +251,7 @@ Fields:
 - Name: DnsSessionId
   Class: Optional
   Type: string
-  Description:  The DNS session identifier as reported by the reporting device. This value is different from TransactionIdHex, the DNS query unique ID as assigned by the DNS client.
+  Description: The DNS session identifier as reported by the reporting device. This value is different from TransactionIdHex, the DNS query unique ID as assigned by the DNS client.
   Example: EB4BFA28-2EAD-4EF7-BC8A-51DF4FDF5B55
 
 - Name: SessionId
@@ -284,14 +284,14 @@ Fields:
 - Name: DnsResponseIpLatitude
   Class: Optional
   Type: float
-  Logical type:  Latitude
+  Logical type: Latitude
   Description: The latitude of the geographical coordinate associated with one of the IP addresses in the DNS response. For more information, see Logical types.
   Example: 44.475833
 
 - Name: DnsResponseIpLongitude
   Class: Optional
   Type: float
-  Logical type:  Longitude
+  Logical type: Longitude
   Description: The longitude of the geographical coordinate associated with one of the IP addresses in the DNS response. For more information, see Logical types.
   Example: 73.211944
 

ASIM/schemas/ASimFileEvent.yaml

@@ -127,23 +127,23 @@ Fields:
 - Name: TargetFileName
   Class: Recommended
   Type: string
-  Description:  The name of the target file, without a path or a location, but with an extension if relevant. This field should be similar to the final element in the TargetFilePath field.
+  Description: The name of the target file, without a path or a location, but with an extension if relevant. This field should be similar to the final element in the TargetFilePath field.
 
 - Name: FileName
   Type: string
   Class: Alias
   Aliases: TargetFileName
 
 - Name: TargetFilePath
-  Class:  Mandatory
+  Class: Mandatory
   Type: String
   Description: The full, normalized path of the target file, including the folder or location, the file name, and the extension. If the record does not include folder or location information, store the filename only here.
   Example: C:\Windows\System32\notepad.exe
 
 - Name: TargetFilePathType
   Class: Conditional
   Type: string
-  Logical type:  Enumerated
+  Logical type: Enumerated
   Description: The type of TargetFilePath. For more information.
   List of values: [ Windows Local, Windows Share, Unix, URL ]
   Follows: TargetFilePath
@@ -157,21 +157,21 @@ Fields:
 - Name: TargetFileMD5
   Class: Optional
   Type: string
-  Logical type:  MD5
+  Logical type: MD5
   Description: The MD5 hash of the target file.
   Example: 75a599802f1fa166cdadb360960b1dd0
 
 - Name: TargetFileSHA1
   Class: Optional
   Type: string
-  Logical type:  SHA1
+  Logical type: SHA1
   Description: The SHA-1 hash of the target file.
   Example: d55c5a4df19b46db8c54c801c4665d3338acdab0
 
 - Name: TargetFileSHA256
   Class: Optional
   Type: string
-  Logical type:  SHA256
+  Logical type: SHA256
   Description: The SHA-256 hash of the target file.
   Example: e81bb824c4a09a811af17deae22f22dd2e1ec8cbb00b22629d2899f7c68da274
 
@@ -196,7 +196,7 @@ Fields:
 
 - Name: TargetFileSize
   Class: Optional
-  Type:  long
+  Type: long
   Description: The size of the target file in bytes.
 
 # Source file fields
@@ -225,40 +225,40 @@ Fields:
 - Name: SrcFileName
   Class: Recommended
   Type: string
-  Description:  The name of the target file, without a path or a location, but with an extension if relevant. This field should be similar to the final element in the SrcFilePath field.
+  Description: The name of the target file, without a path or a location, but with an extension if relevant. This field should be similar to the final element in the SrcFilePath field.
 
 - Name: SrcFilePath
-  Class:  Mandatory
+  Class: Mandatory
   Type: String
   Description: The full, normalized path of the target file, including the folder or location, the file name, and the extension. If the record does not include folder or location information, store the filename only here.
   Example: C:\Windows\System32\notepad.exe
 
 - Name: SrcFilePathType
   Class: Conditional
   Type: string
-  Logical type:  Enumerated
+  Logical type: Enumerated
   Description: The type of SrcFilePath. For more information.
   List of values: [ Windows Local, Windows Share, Unix, URL ]
   Follows: SrcFilePath
 
 - Name: SrcFileMD5
   Class: Optional
   Type: string
-  Logical type:  MD5
+  Logical type: MD5
   Description: The MD5 hash of the target file.
   Example: 75a599802f1fa166cdadb360960b1dd0
 
 - Name: SrcFileSHA1
   Class: Optional
   Type: string
-  Logical type:  SHA1
+  Logical type: SHA1
   Description: The SHA-1 hash of the target file.
   Example: d55c5a4df19b46db8c54c801c4665d3338acdab0
 
 - Name: SrcFileSHA256
   Class: Optional
   Type: string
-  Logical type:  SHA256
+  Logical type: SHA256
   Description: The SHA-256 hash of the target file.
   Example: e81bb824c4a09a811af17deae22f22dd2e1ec8cbb00b22629d2899f7c68da274
 
@@ -270,17 +270,17 @@ Fields:
 
 - Name: SrcFileSize
   Class: Optional
-  Type:  long
+  Type: long
   Description: The size of the target file in bytes.
 
 # Additional fields
 - Name: HttpUserAgent
   Class: Optional
-  Type:  string
-  Description:   When the operation is initiated by a remote system using HTTP or HTTPS, the user agent used.
+  Type: string
+  Description: When the operation is initiated by a remote system using HTTP or HTTPS, the user agent used.
   Example: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
 
 - Name: NetworkApplicationProtocol
   Class: Optional
-  Type:  string
-  Description:   When the operation is initiated by a remote system, this value is the application layer protocol used in the OSI model. While this field is not enumerated, and any value is accepted, preferable values include HTTP, HTTPS, SMB,FTP, and SSH.
+  Type: string
+  Description: When the operation is initiated by a remote system, this value is the application layer protocol used in the OSI model. While this field is not enumerated, and any value is accepted, preferable values include HTTP, HTTPS, SMB,FTP, and SSH.