Cyble Vision Alerts Leaked Credentials

Alerts_leaked_credentials
| where Service == "leaked_credentials"
| extend MappedSeverity = Severity

name: Cyble Vision Alerts Leaked Credentials
alertDetailsOverride:
  alertDynamicProperties: []
  alertDisplayNameFormat: Leaked Credentials Detected {{LC_Username}}
  alertDescriptionFormat: |
        A leaked set of credentials associated with {{LC_Username}} was detected. Domain {{LC_Domain}} Source URL {{LC_URL}}
query: |
  Alerts_leaked_credentials
  | where Service == "leaked_credentials"
  | extend MappedSeverity = Severity  
id: 224a63ae-e278-4a11-b7c2-02ec3e17b56c
enabled: true
entityMappings:
- fieldMappings:
  - columnName: LC_Username
    identifier: Name
  entityType: Account
- fieldMappings:
  - columnName: LC_URL
    identifier: Url
  entityType: URL
- fieldMappings:
  - columnName: LC_Domain
    identifier: DomainName
  entityType: DNS
version: 1.0.0
triggerOperator: GreaterThan
suppressionDuration: PT5H
description: |
    'Detects leaked credentials identified by CybleVision ingestion and triggers an incident with mapped entities, severity, and details.'
kind: Scheduled
queryFrequency: 30m
triggerThreshold: 0
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_Leaked_Credentials.yaml
severity: Low
incidentConfiguration:
  createIncident: true
  groupingConfiguration:
    lookbackDuration: PT5H
    reopenClosedIncident: false
    matchingMethod: AllEntities
    enabled: false
subTechniques: []
queryPeriod: 30m
requiredDataConnectors:
- dataTypes:
  - CybleVisionAlerts_CL
  connectorId: CybleVisionAlerts
status: Available
customDetails:
  Leak_Date: LC_Date
  AlertID: AlertID
  MappedSeveritry: MappedSeverity
  Leak_Data: LC_Data
  Leak_Tags: LC_Tags
  Service: Service
  Leak_Username: LC_Username
  Status: Status
  Leak_Url: LC_URL
  MappedSeverity: Severity
eventGroupingSettings:
  aggregationKind: AlertPerResult
relevantTechniques:
- T1552
- T1082
tactics:
- CredentialAccess
- Discovery
- Reconnaissance