Open bittib010 opened 2 weeks ago
Hi @bittib010, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates.Thanks!
Hi @bittib010, We are working on fixing this indentation issue, but in below files there are no issue found.
Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_CountOfRecipientsEmailaddressbySubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_Countofrecipientsemailaddressesbysubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_CountOfSendersEmailaddressbySubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_SummaryOfSenders.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_URLClickedinEmail.YAML
Not all the "MDO", "MDE" prefixed file had these issues. That is correct. I think the list i gave was almost all of them. Thanks for fixing it!
Describe the bug The following files are faulty indented on the listed dataTypes, most of them are missing one space, some are missing two spaces. Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Device Inventory\MDE_FindOutOfDateClients.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_AVScanTimesAndType.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_BlockingASRRules.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_BrowserExtensionInstalled.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_DeviceHealth.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_DeviceInventory-LastUserLoggedIn.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_Evidenceforasingledevice.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_FindDefenderSettingsOnEndpoints.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_FindLNKFilesOnEndpoints.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_FindMountedISOandDriveLetters.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_FindsPowerShellExecutionEvents.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_FindstatuschangefromExposurelevel.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_ListAllNotOnboardedEnpoints.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_ListAlPnPDevicesAllowedorBlocked.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_Networktrafficgoingtoport-DNS.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_Networktrafficgoingtoport.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_ProxyChangesViaRegistry.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_ShowUSBMountedandfilescopied.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_ShowUSBMountedDevicesAndDriveLetter.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_SmartScreenCheck.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_SoftwareInventorybyOS.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDI_Objects_Moving_OUs.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_CountOfRecipientsEmailaddressbySubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_Countofrecipientsemailaddressesbysubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_CountOfSendersEmailaddressbySubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_SummaryOfSenders.YAML Azure-Sentinel\Huntin Queries365 Defender\Email Queries\Hunting\MDO_URLClickedinEmail.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_URLClickedinEmail.YAML
Steps to reproduce the behavior: Run "Get-YamlContent " on all yaml files.
Expected behavior Getting all yaml content from the file should have been possible as it is for almost all of the rest of thefiles in the repo.