Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage
  1. Microsoft Sentinel Analytics Rules
  2. /
  3. Analytic Rules
  4. /
  5. Cyble Vision Alerts Github

Cyble Vision Alerts Github

Back
Id117e8f7c-8f44-4061-bcc2-b444b98a3838
RulenameCyble Vision Alerts Github
DescriptionThis alert generates incidents for Github
SeverityLow
TacticsCollection
CredentialAccess
TechniquesT1213
T1530
T1552
Required data connectorsCybleVisionAlerts
KindScheduled
Query frequency30m
Query period30m
Trigger threshold0
Trigger operatorGreaterThan
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_github.yaml
Version1.0.1
Arm template117e8f7c-8f44-4061-bcc2-b444b98a3838.json
Deploy To Azure
Alerts_github
| where Service contains "github"
| extend MappedSeverity = Severity

eventGroupingSettings:
  aggregationKind: AlertPerResult
triggerThreshold: 0
entityMappings:
- entityType: Account
  fieldMappings:
  - identifier: Name
    columnName: owner_login
- entityType: URL
  fieldMappings:
  - identifier: Url
    columnName: html_url
- entityType: File
  fieldMappings:
  - identifier: Name
    columnName: file_name
  - identifier: Directory
    columnName: file_path
requiredDataConnectors:
- dataTypes:
  - CybleVisionAlerts_CL
  connectorId: CybleVisionAlerts
subTechniques: []
enabled: true
incidentConfiguration:
  createIncident: true
  groupingConfiguration:
    enabled: false
    reopenClosedIncident: false
    matchingMethod: AllEntities
    lookbackDuration: PT5H
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_github.yaml
name: Cyble Vision Alerts Github
alertDetailsOverride:
  alertDisplayNameFormat: Cyble Vision Alert for Github
  alertDynamicProperties: []
  alertDescriptionFormat: This Rule generate incidents for Serviec Github
relevantTechniques:
- T1213
- T1530
- T1552
status: Available
version: 1.0.1
queryPeriod: 30m
customDetails:
  SHA: sha
  MappedSeverity: Severity
  GitURl: git_url
  OriginalSeverity: Severity
  FileName: file_name
  Status: Status
  AlertID: AlertID
  URL: html_url
  Owner: owner_login
  Score: score
  Repository: repo_full_name
  Service: Service
kind: Scheduled
id: 117e8f7c-8f44-4061-bcc2-b444b98a3838
query: |
  Alerts_github
  | where Service contains "github"
  | extend MappedSeverity = Severity  
description: |
    'This alert generates incidents for Github'
queryFrequency: 30m
suppressionDuration: PT5H
triggerOperator: GreaterThan
tactics:
- Collection
- CredentialAccess
severity: Low