Cyble Vision Alerts Website Defacement URL

Alerts_defacement_url  
| where Service == "defacement_url" 
| extend MappedSeverity = Severity

queryPeriod: 30m
id: 1dabe566-a0f1-4c27-8307-aea5a79eb5e9
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_defacement_url_rule.yaml
incidentConfiguration:
  createIncident: true
  groupingConfiguration:
    lookbackDuration: PT5H
    matchingMethod: AllEntities
    reopenClosedIncident: false
    enabled: false
  alertDetailsOverride: 
  alertDescriptionFormat: |
        A monitored URL for domain {{DU_DomainName}} has changed {{DU_Description}}. This may indicate unauthorized modification consistent with website defacement activity.
  alertDisplayNameFormat: URL Content Change Detected {{DU_DomainName}}
triggerOperator: GreaterThan
triggerThreshold: 0
entityMappings:
- fieldMappings:
  - identifier: Url
    columnName: DU_Description
  entityType: Url
- fieldMappings:
  - identifier: HostName
    columnName: DU_DomainName
  entityType: Host
status: Available
kind: Scheduled
name: Cyble Vision Alerts Website Defacement URL
relevantTechniques:
- T1491
description: |
    'Detects suspicious or unexpected changes to monitored URLs which may indicate website tampering or defacement.'
query: |
  Alerts_defacement_url  
  | where Service == "defacement_url" 
  | extend MappedSeverity = Severity  
version: 1.0.0
enabled: true
tactics:
- Impact
requiredDataConnectors:
- dataTypes:
  - CybleVisionAlerts_CL
  connectorId: CybleVisionAlerts
severity: Low
customDetails:
  DU_RecordID: DU_RecordID
  Status: Status
  DU_Keywords: DU_Keywords
  DU_Type: DU_Type
  AlertID: AlertID
  DU_description: DU_Description
  DU_DomainName: DU_DomainName
  MappedSeverity: Severity
  Service: Service
queryfrequency: 30m
eventGroupingSettings:
  aggregationKind: AlertPerResult