diff --git a/Detections/MultipleDataSources/SOURGUM_IOC.yaml b/Detections/MultipleDataSources/SOURGUM_IOC.yaml
index 100cd60eb79..74484b65446 100644
--- a/Detections/MultipleDataSources/SOURGUM_IOC.yaml
+++ b/Detections/MultipleDataSources/SOURGUM_IOC.yaml
@@ -90,7 +90,7 @@ query:  |
   | where EventID == 3
   | extend EvData = parse_xml(EventData)
   | extend EventDetail = EvData.DataItem.EventData.Data
-  | extend SourceIP = EventDetail.[9].["#text"], DestinationIP = EventDetail.[14].["#text"], Image = EventDetail.[4].["#text"]
+  | extend SourceIP = tostring(EventDetail.[9].["#text"]), DestinationIP = tostring(EventDetail.[14].["#text"]), Image = EventDetail.[4].["#text"]
   | where Image has_any (file_path1) or Image has_any (file_path3)
   | project TimeGenerated, SourceIP, DestinationIP, Image, UserName, Computer, EventDetail, Type
   | extend timestamp = TimeGenerated, AccountCustomEntity = UserName, ProcessCustomEntity = tostring(split(Image, '\\', -1)[-1]), HostCustomEntity = Computer , IPCustomEntity = DestinationIP, Alert = 'SOURGUM IOC detected'
@@ -179,5 +179,5 @@ entityMappings:
         columnName: AlgorithmCustomEntity
       - identifier: Value
         columnName: FileHashCustomEntity
-version: 1.0.1
-kind: Scheduled
\ No newline at end of file
+version: 1.0.2
+kind: Scheduled