Update ASimUserManagementSentinelOne.yaml

Azure · Mar 7, 2024 · 9367a3b · 9367a3b
1 parent 64b9100
commit 9367a3b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Parsers/ASimUserManagement/Parsers/ASimUserManagementSentinelOne.yaml b/Parsers/ASimUserManagement/Parsers/ASimUserManagementSentinelOne.yaml
@@ -63,7 +63,7 @@ ParserQuery: |
       | parse-kv DataFields_s as (byUser: string, username: string, email: string, ipAddress: string, group: string, groupName: string, name: string, oldDescription: string, oldRole: string, description: string, role: string, userScope: string, scopeLevelName: string, scopeName: string, roleName: string, modifiedFields: string, deactivationPeriodInDays: string, descriptionChanged: string, groupType: string, newValue: string) with (pair_delimiter=",", kv_delimiter=":", quote='"')
       | parse modifiedFields with 'Modified fields: ' ModifiedFields: string
       | parse description_s with * "with id=" id: string "," restOfMessage
-      | lookup EventTypeLookup on activityType_d//;
+      | lookup EventTypeLookup on activityType_d
       | extend
           EventType = case (
                 activityType_d in (67, 42) and primaryDescription_s has "enabled",