Cyble Vision Alerts Website Defacement URL

Alerts_defacement_url  
| where Service == "defacement_url" 
| extend MappedSeverity = Severity

customDetails:
  DU_Type: DU_Type
  Service: Service
  Status: Status
  DU_RecordID: DU_RecordID
  DU_Keywords: DU_Keywords
  MappedSeverity: Severity
  DU_description: DU_Description
  DU_DomainName: DU_DomainName
  AlertID: AlertID
triggerOperator: GreaterThan
tactics:
- Impact
incidentConfiguration:
  alertDescriptionFormat: |
        A monitored URL for domain {{DU_DomainName}} has changed {{DU_Description}}. This may indicate unauthorized modification consistent with website defacement activity.
  alertDisplayNameFormat: URL Content Change Detected {{DU_DomainName}}
  alertDetailsOverride: 
  groupingConfiguration:
    reopenClosedIncident: false
    matchingMethod: AllEntities
    lookbackDuration: PT5H
    enabled: false
  createIncident: true
enabled: true
eventGroupingSettings:
  aggregationKind: AlertPerResult
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_defacement_url_rule.yaml
version: 1.0.0
query: |
  Alerts_defacement_url  
  | where Service == "defacement_url" 
  | extend MappedSeverity = Severity  
triggerThreshold: 0
relevantTechniques:
- T1491
queryPeriod: 30m
status: Available
severity: Low
kind: Scheduled
name: Cyble Vision Alerts Website Defacement URL
queryfrequency: 30m
id: 1dabe566-a0f1-4c27-8307-aea5a79eb5e9
description: |
    'Detects suspicious or unexpected changes to monitored URLs which may indicate website tampering or defacement.'
requiredDataConnectors:
- dataTypes:
  - CybleVisionAlerts_CL
  connectorId: CybleVisionAlerts
entityMappings:
- fieldMappings:
  - columnName: DU_Description
    identifier: Url
  entityType: Url
- fieldMappings:
  - columnName: DU_DomainName
    identifier: HostName
  entityType: Host