From 2ec1499ab80c2f9748670f6a561378224391e7aa Mon Sep 17 00:00:00 2001
From: Samik Roy <samik.n.roy@gmail.com>
Date: Tue, 1 Feb 2022 21:16:27 +0530
Subject: [PATCH 1/2] Fix for #4060

Fix for #4060
Converted the objects to strings to ensure only one column is being generated for Source & destination IP addresses.
---
 Detections/MultipleDataSources/SOURGUM_IOC.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Detections/MultipleDataSources/SOURGUM_IOC.yaml b/Detections/MultipleDataSources/SOURGUM_IOC.yaml
index 100cd60eb79..b59d2c54832 100644
--- a/Detections/MultipleDataSources/SOURGUM_IOC.yaml
+++ b/Detections/MultipleDataSources/SOURGUM_IOC.yaml
@@ -90,7 +90,7 @@ query:  |
   | where EventID == 3
   | extend EvData = parse_xml(EventData)
   | extend EventDetail = EvData.DataItem.EventData.Data
-  | extend SourceIP = EventDetail.[9].["#text"], DestinationIP = EventDetail.[14].["#text"], Image = EventDetail.[4].["#text"]
+  | extend SourceIP = tostring(EventDetail.[9].["#text"]), DestinationIP = tostring(EventDetail.[14].["#text"]), Image = EventDetail.[4].["#text"]
   | where Image has_any (file_path1) or Image has_any (file_path3)
   | project TimeGenerated, SourceIP, DestinationIP, Image, UserName, Computer, EventDetail, Type
   | extend timestamp = TimeGenerated, AccountCustomEntity = UserName, ProcessCustomEntity = tostring(split(Image, '\\', -1)[-1]), HostCustomEntity = Computer , IPCustomEntity = DestinationIP, Alert = 'SOURGUM IOC detected'
@@ -180,4 +180,4 @@ entityMappings:
       - identifier: Value
         columnName: FileHashCustomEntity
 version: 1.0.1
-kind: Scheduled
\ No newline at end of file
+kind: Scheduled

From ae46770caea0866b19e45bde0fa0ce5ce6fcbbc0 Mon Sep 17 00:00:00 2001
From: Samik Roy <samik.n.roy@gmail.com>
Date: Tue, 1 Feb 2022 21:18:45 +0530
Subject: [PATCH 2/2] Update SOURGUM_IOC.yaml

---
 Detections/MultipleDataSources/SOURGUM_IOC.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Detections/MultipleDataSources/SOURGUM_IOC.yaml b/Detections/MultipleDataSources/SOURGUM_IOC.yaml
index b59d2c54832..74484b65446 100644
--- a/Detections/MultipleDataSources/SOURGUM_IOC.yaml
+++ b/Detections/MultipleDataSources/SOURGUM_IOC.yaml
@@ -179,5 +179,5 @@ entityMappings:
         columnName: AlgorithmCustomEntity
       - identifier: Value
         columnName: FileHashCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled