Cyble Vision Alerts Website Defacement URL

Alerts_defacement_url  
| where Service == "defacement_url" 
| extend MappedSeverity = Severity

version: 1.0.0
status: Available
queryPeriod: 30m
customDetails:
  DU_description: DU_Description
  DU_Keywords: DU_Keywords
  DU_DomainName: DU_DomainName
  MappedSeverity: Severity
  Status: Status
  Service: Service
  AlertID: AlertID
  DU_RecordID: DU_RecordID
  DU_Type: DU_Type
entityMappings:
- entityType: Url
  fieldMappings:
  - columnName: DU_Description
    identifier: Url
- entityType: Host
  fieldMappings:
  - columnName: DU_DomainName
    identifier: HostName
severity: Low
relevantTechniques:
- T1491
description: |
    'Detects suspicious or unexpected changes to monitored URLs which may indicate website tampering or defacement.'
eventGroupingSettings:
  aggregationKind: AlertPerResult
name: Cyble Vision Alerts Website Defacement URL
queryfrequency: 30m
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_defacement_url_rule.yaml
id: 1dabe566-a0f1-4c27-8307-aea5a79eb5e9
requiredDataConnectors:
- connectorId: CybleVisionAlerts
  dataTypes:
  - CybleVisionAlerts_CL
kind: Scheduled
tactics:
- Impact
triggerThreshold: 0
query: |
  Alerts_defacement_url  
  | where Service == "defacement_url" 
  | extend MappedSeverity = Severity  
enabled: true
incidentConfiguration:
  alertDescriptionFormat: |
        A monitored URL for domain {{DU_DomainName}} has changed {{DU_Description}}. This may indicate unauthorized modification consistent with website defacement activity.
  createIncident: true
  groupingConfiguration:
    enabled: false
    reopenClosedIncident: false
    lookbackDuration: PT5H
    matchingMethod: AllEntities
  alertDetailsOverride: 
  alertDisplayNameFormat: URL Content Change Detected {{DU_DomainName}}
triggerOperator: GreaterThan