Cyble Vision Alerts Leaked Credentials

Alerts_leaked_credentials
| where Service == "leaked_credentials"
| extend MappedSeverity = Severity

customDetails:
  Status: Status
  Leak_Data: LC_Data
  Service: Service
  Leak_Tags: LC_Tags
  MappedSeveritry: MappedSeverity
  Leak_Url: LC_URL
  Leak_Username: LC_Username
  Leak_Date: LC_Date
  MappedSeverity: Severity
  AlertID: AlertID
status: Available
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_Leaked_Credentials.yaml
alertDetailsOverride:
  alertDisplayNameFormat: Leaked Credentials Detected {{LC_Username}}
  alertDescriptionFormat: |
        A leaked set of credentials associated with {{LC_Username}} was detected. Domain {{LC_Domain}} Source URL {{LC_URL}}
  alertDynamicProperties: []
query: |
  Alerts_leaked_credentials
  | where Service == "leaked_credentials"
  | extend MappedSeverity = Severity  
requiredDataConnectors:
- dataTypes:
  - CybleVisionAlerts_CL
  connectorId: CybleVisionAlerts
incidentConfiguration:
  groupingConfiguration:
    reopenClosedIncident: false
    enabled: false
    matchingMethod: AllEntities
    lookbackDuration: PT5H
  createIncident: true
relevantTechniques:
- T1552
- T1082
kind: Scheduled
name: Cyble Vision Alerts Leaked Credentials
tactics:
- CredentialAccess
- Discovery
- Reconnaissance
severity: Low
suppressionDuration: PT5H
enabled: true
subTechniques: []
queryFrequency: 30m
description: |
    'Detects leaked credentials identified by CybleVision ingestion and triggers an incident with mapped entities, severity, and details.'
eventGroupingSettings:
  aggregationKind: AlertPerResult
triggerThreshold: 0
triggerOperator: GreaterThan
version: 1.0.0
entityMappings:
- fieldMappings:
  - identifier: Name
    columnName: LC_Username
  entityType: Account
- fieldMappings:
  - identifier: Url
    columnName: LC_URL
  entityType: URL
- fieldMappings:
  - identifier: DomainName
    columnName: LC_Domain
  entityType: DNS
queryPeriod: 30m
id: 224a63ae-e278-4a11-b7c2-02ec3e17b56c