Cyble Vision Alerts Leaked Credentials

Alerts_leaked_credentials
| where Service == "leaked_credentials"
| extend MappedSeverity = Severity

alertDetailsOverride:
  alertDisplayNameFormat: Leaked Credentials Detected {{LC_Username}}
  alertDynamicProperties: []
  alertDescriptionFormat: |
        A leaked set of credentials associated with {{LC_Username}} was detected. Domain {{LC_Domain}} Source URL {{LC_URL}}
subTechniques: []
entityMappings:
- entityType: Account
  fieldMappings:
  - columnName: LC_Username
    identifier: Name
- entityType: URL
  fieldMappings:
  - columnName: LC_URL
    identifier: Url
- entityType: DNS
  fieldMappings:
  - columnName: LC_Domain
    identifier: DomainName
relevantTechniques:
- T1552
- T1082
queryFrequency: 30m
tactics:
- CredentialAccess
- Discovery
- Reconnaissance
suppressionDuration: PT5H
triggerOperator: GreaterThan
name: Cyble Vision Alerts Leaked Credentials
description: |
    'Detects leaked credentials identified by CybleVision ingestion and triggers an incident with mapped entities, severity, and details.'
kind: Scheduled
customDetails:
  AlertID: AlertID
  Leak_Date: LC_Date
  Leak_Tags: LC_Tags
  Leak_Username: LC_Username
  Service: Service
  Leak_Url: LC_URL
  MappedSeveritry: MappedSeverity
  Leak_Data: LC_Data
  Status: Status
  MappedSeverity: Severity
version: 1.0.0
eventGroupingSettings:
  aggregationKind: AlertPerResult
status: Available
id: 224a63ae-e278-4a11-b7c2-02ec3e17b56c
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_Leaked_Credentials.yaml
incidentConfiguration:
  groupingConfiguration:
    enabled: false
    reopenClosedIncident: false
    matchingMethod: AllEntities
    lookbackDuration: PT5H
  createIncident: true
triggerThreshold: 0
queryPeriod: 30m
requiredDataConnectors:
- connectorId: CybleVisionAlerts
  dataTypes:
  - CybleVisionAlerts_CL
severity: Low
enabled: true
query: |
  Alerts_leaked_credentials
  | where Service == "leaked_credentials"
  | extend MappedSeverity = Severity