Cyble Vision Alerts Leaked Credentials

Alerts_leaked_credentials
| where Service == "leaked_credentials"
| extend MappedSeverity = Severity

customDetails:
  Status: Status
  AlertID: AlertID
  Service: Service
  Leak_Tags: LC_Tags
  Leak_Username: LC_Username
  Leak_Data: LC_Data
  Leak_Date: LC_Date
  MappedSeveritry: MappedSeverity
  MappedSeverity: Severity
  Leak_Url: LC_URL
kind: Scheduled
severity: Low
requiredDataConnectors:
- connectorId: CybleVisionAlerts
  dataTypes:
  - CybleVisionAlerts_CL
description: |
    'Detects leaked credentials identified by CybleVision ingestion and triggers an incident with mapped entities, severity, and details.'
triggerOperator: GreaterThan
alertDetailsOverride:
  alertDynamicProperties: []
  alertDisplayNameFormat: Leaked Credentials Detected {{LC_Username}}
  alertDescriptionFormat: |
        A leaked set of credentials associated with {{LC_Username}} was detected. Domain {{LC_Domain}} Source URL {{LC_URL}}
status: Available
enabled: true
query: |
  Alerts_leaked_credentials
  | where Service == "leaked_credentials"
  | extend MappedSeverity = Severity  
triggerThreshold: 0
relevantTechniques:
- T1552
- T1082
version: 1.0.0
queryFrequency: 30m
subTechniques: []
suppressionDuration: PT5H
queryPeriod: 30m
tactics:
- CredentialAccess
- Discovery
- Reconnaissance
name: Cyble Vision Alerts Leaked Credentials
id: 224a63ae-e278-4a11-b7c2-02ec3e17b56c
eventGroupingSettings:
  aggregationKind: AlertPerResult
entityMappings:
- fieldMappings:
  - identifier: Name
    columnName: LC_Username
  entityType: Account
- fieldMappings:
  - identifier: Url
    columnName: LC_URL
  entityType: URL
- fieldMappings:
  - identifier: DomainName
    columnName: LC_Domain
  entityType: DNS
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_Leaked_Credentials.yaml
incidentConfiguration:
  createIncident: true
  groupingConfiguration:
    matchingMethod: AllEntities
    enabled: false
    reopenClosedIncident: false
    lookbackDuration: PT5H