Cyble Vision Alerts Website Defacement URL

Alerts_defacement_url  
| where Service == "defacement_url" 
| extend MappedSeverity = Severity

customDetails:
  Status: Status
  AlertID: AlertID
  DU_DomainName: DU_DomainName
  DU_Keywords: DU_Keywords
  Service: Service
  DU_description: DU_Description
  DU_Type: DU_Type
  DU_RecordID: DU_RecordID
  MappedSeverity: Severity
kind: Scheduled
severity: Low
description: |
    'Detects suspicious or unexpected changes to monitored URLs which may indicate website tampering or defacement.'
triggerOperator: GreaterThan
status: Available
enabled: true
query: |
  Alerts_defacement_url  
  | where Service == "defacement_url" 
  | extend MappedSeverity = Severity  
triggerThreshold: 0
relevantTechniques:
- T1491
version: 1.0.0
queryfrequency: 30m
entityMappings:
- fieldMappings:
  - identifier: Url
    columnName: DU_Description
  entityType: Url
- fieldMappings:
  - identifier: HostName
    columnName: DU_DomainName
  entityType: Host
requiredDataConnectors:
- connectorId: CybleVisionAlerts
  dataTypes:
  - CybleVisionAlerts_CL
queryPeriod: 30m
tactics:
- Impact
name: Cyble Vision Alerts Website Defacement URL
id: 1dabe566-a0f1-4c27-8307-aea5a79eb5e9
eventGroupingSettings:
  aggregationKind: AlertPerResult
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_defacement_url_rule.yaml
incidentConfiguration:
  alertDisplayNameFormat: URL Content Change Detected {{DU_DomainName}}
  alertDetailsOverride: 
  alertDescriptionFormat: |
        A monitored URL for domain {{DU_DomainName}} has changed {{DU_Description}}. This may indicate unauthorized modification consistent with website defacement activity.
  groupingConfiguration:
    matchingMethod: AllEntities
    enabled: false
    reopenClosedIncident: false
    lookbackDuration: PT5H
  createIncident: true