From b2be59a9e6821cef4010c4e6f026e0ae18fad89c Mon Sep 17 00:00:00 2001
From: "Ido Scapa (from Dev Box)" <idoscapa@microsoft.com>
Date: Thu, 9 Jan 2025 12:17:44 +0200
Subject: [PATCH] MDIoT DOS analytic rule entities

---
 .../Analytic Rules/IoTDenialofService.yaml           | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml
index fd5155628ed..558deafcb29 100644
--- a/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml	
+++ b/Solutions/IoTOTThreatMonitoringwithDefenderforIoT/Analytic Rules/IoTDenialofService.yaml	
@@ -47,14 +47,8 @@ query: |
     AlertManagementUri,
     Techniques
 entityMappings:
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: SourceDeviceAddress
-  - entityType: IP
-    fieldMappings:
-      - identifier: Address
-        columnName: DestDeviceAddress
+sentinelEntitiesMappings:
+  - columnName: Entities
 eventGroupingSettings:
   aggregationKind: AlertPerResult
 customDetails:
@@ -78,5 +72,5 @@ alertDetailsOverride:
       value: ProductComponentName
     - alertProperty: AlertLink
       value: AlertLink
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled