From f1f0bf2f6e5dcf4b0d7d095d0d194aca864925e4 Mon Sep 17 00:00:00 2001
From: exa-content-sec <exa-content-sec@exabeam.com>
Date: Thu, 9 Feb 2023 17:17:29 +0000
Subject: [PATCH] Update

---
 .../Data_Security_Platform/Ps/pC_qvaronisfileactivity.md      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/DataSources/Varonis/Data_Security_Platform/Ps/pC_qvaronisfileactivity.md b/DataSources/Varonis/Data_Security_Platform/Ps/pC_qvaronisfileactivity.md
index 4a89cf8e28..bd1a787593 100644
--- a/DataSources/Varonis/Data_Security_Platform/Ps/pC_qvaronisfileactivity.md
+++ b/DataSources/Varonis/Data_Security_Platform/Ps/pC_qvaronisfileactivity.md
@@ -22,12 +22,12 @@ Name = q-varonis-file-activity
     """Affected_Object_Path=(|({file_path}[^=]{1,2000}?))\s{1,10}(\w{1,100}=|$)""",
     """Affected_Object_Path=({file_parent}[^=]{1,2000}?)\\[^\\]{1,2000}\s{1,10}(\w{1,100}=|$)""",
     """cat=({category}[^=]{1,2000}?)\s{1,10}(\w{1,100}=|$)""",
-    """DatAdvantage\|[^\\]{1,1000}?\|({additional_info}[^\\]{1,2000}?)\|""",
+    """DatAdvantage\|[^\\]{1,1000}?\|({alert_name}[^\\]{1,2000}?)\|""",
     """Device_Name =({src_host}[^=]{1,2000}?)\s{1,10}(\w{1,100}=|$)""",
     """usrName =(({domain}[^\\]{1,100})\\)?({user}[^=]{1,1000}?)\s{1,10}(\w{1,100}=|$)""",
     """accountName =({user}[^=]{1,2000}?)\s{1,10}(\w{1,100}=|$)""",
   ]
-  DupFields = [ "accesses->event_code" ]
+  DupFields = [ "accesses->event_code", "alert_name->additional_info" ]
 
 
 }