Wrong indentation on yaml files

[bittib010]

Describe the bug The following files are faulty indented on the listed dataTypes, most of them are missing one space, some are missing two spaces. Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Device Inventory\MDE_FindOutOfDateClients.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_AVScanTimesAndType.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_BlockingASRRules.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_BrowserExtensionInstalled.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_DeviceHealth.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_DeviceInventory-LastUserLoggedIn.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_Evidenceforasingledevice.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_FindDefenderSettingsOnEndpoints.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_FindLNKFilesOnEndpoints.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_FindMountedISOandDriveLetters.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_FindsPowerShellExecutionEvents.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_FindstatuschangefromExposurelevel.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_ListAllNotOnboardedEnpoints.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_ListAlPnPDevicesAllowedorBlocked.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_Networktrafficgoingtoport-DNS.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_Networktrafficgoingtoport.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_ProxyChangesViaRegistry.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_ShowUSBMountedandfilescopied.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_ShowUSBMountedDevicesAndDriveLetter.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_SmartScreenCheck.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDE_SoftwareInventorybyOS.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Discovery\MDI_Objects_Moving_OUs.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_CountOfRecipientsEmailaddressbySubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_Countofrecipientsemailaddressesbysubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_CountOfSendersEmailaddressbySubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_SummaryOfSenders.YAML Azure-Sentinel\Huntin Queries365 Defender\Email Queries\Hunting\MDO_URLClickedinEmail.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_URLClickedinEmail.YAML

Steps to reproduce the behavior: Run "Get-YamlContent " on all yaml files.

Expected behavior Getting all yaml content from the file should have been possible as it is for almost all of the rest of thefiles in the repo.

[v-rusraut]

Hi @bittib010, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates.Thanks!

[v-rusraut]

Hi @bittib010, We are working on fixing this indentation issue, but in below files there are no issue found.

Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_CountOfRecipientsEmailaddressbySubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_Countofrecipientsemailaddressesbysubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_CountOfSendersEmailaddressbySubject.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_SummaryOfSenders.YAML Azure-Sentinel\Hunting Queries\Microsoft 365 Defender\Email Queries\Hunting\MDO_URLClickedinEmail.YAML

[bittib010]

Not all the "MDO", "MDE" prefixed file had these issues. That is correct. I think the list i gave was almost all of them. Thanks for fixing it!