Back
Id24538989-9dea-4cc7-aa78-0969ca116051
RulenameGuardian- Sentiment Policy Violation Detection
DescriptionThis alert creates an incident when Sentiment Policy Violation detected from the Guardian.
SeverityLow
Required data connectorsBoschAIShield
KindScheduled
Query frequency1h
Query period1h
Trigger threshold0
Trigger operatorgt
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield%20AI%20Security%20Monitoring/Analytic%20Rules/SentimentVulDetection.yaml
Version1.0.0
Arm template24538989-9dea-4cc7-aa78-0969ca116051.json
Deploy To Azure
Guardian
| where PolicyViolatedControlFeature =~ 'Sentiment'
| where Severity =~ 'Low'
queryPeriod: 1h
description: |
  'This alert creates an incident when Sentiment Policy Violation detected from the Guardian.'
severity: Low
eventGroupingSettings:
  aggregationKind: SingleAlert
tactics: []
id: 24538989-9dea-4cc7-aa78-0969ca116051
kind: Scheduled
queryFrequency: 1h
triggerThreshold: 0
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield%20AI%20Security%20Monitoring/Analytic%20Rules/SentimentVulDetection.yaml
requiredDataConnectors:
- dataTypes:
  - Guardian
  connectorId: BoschAIShield
triggerOperator: gt
version: 1.0.0
alertDetailsOverride:
  alertDisplayNameFormat: Guardian- Sentiment Policy Violation detection
  alertTacticsColumnName: 
  alertSeverityColumnName: Severity
  alertDescriptionFormat: |
    This query detects Sentiment Policy Violation detected from the Guardian generated at {{TimeGenerated}}.\n\nPlease check the source for more information and investigate further.
relevantTechniques: []
entityMappings:
- fieldMappings:
  - columnName: HostName
    identifier: HostName
  - columnName: NTDomain
    identifier: NTDomain
  entityType: Host
- fieldMappings:
  - columnName: SourceIP
    identifier: Address
  entityType: IP
name: Guardian- Sentiment Policy Violation Detection
status: Available
query: |
  Guardian
  | where PolicyViolatedControlFeature =~ 'Sentiment'
  | where Severity =~ 'Low'
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "workspace": {
      "type": "String"
    }
  },
  "resources": [
    {
      "apiVersion": "2024-01-01-preview",
      "id": "[concat(resourceId('Microsoft.OperationalInsights/workspaces/providers', parameters('workspace'), 'Microsoft.SecurityInsights'),'/alertRules/24538989-9dea-4cc7-aa78-0969ca116051')]",
      "kind": "Scheduled",
      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/24538989-9dea-4cc7-aa78-0969ca116051')]",
      "properties": {
        "alertDetailsOverride": {
          "alertDescriptionFormat": "This query detects Sentiment Policy Violation detected from the Guardian generated at {{TimeGenerated}}.\\n\\nPlease check the source for more information and investigate further.\n",
          "alertDisplayNameFormat": "Guardian- Sentiment Policy Violation detection",
          "alertSeverityColumnName": "Severity",
          "alertTacticsColumnName": null
        },
        "alertRuleTemplateName": "24538989-9dea-4cc7-aa78-0969ca116051",
        "customDetails": null,
        "description": "'This alert creates an incident when Sentiment Policy Violation detected from the Guardian.'\n",
        "displayName": "Guardian- Sentiment Policy Violation Detection",
        "enabled": true,
        "entityMappings": [
          {
            "entityType": "Host",
            "fieldMappings": [
              {
                "columnName": "HostName",
                "identifier": "HostName"
              },
              {
                "columnName": "NTDomain",
                "identifier": "NTDomain"
              }
            ]
          },
          {
            "entityType": "IP",
            "fieldMappings": [
              {
                "columnName": "SourceIP",
                "identifier": "Address"
              }
            ]
          }
        ],
        "eventGroupingSettings": {
          "aggregationKind": "SingleAlert"
        },
        "OriginalUri": "https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AIShield%20AI%20Security%20Monitoring/Analytic%20Rules/SentimentVulDetection.yaml",
        "query": "Guardian\n| where PolicyViolatedControlFeature =~ 'Sentiment'\n| where Severity =~ 'Low'\n",
        "queryFrequency": "PT1H",
        "queryPeriod": "PT1H",
        "severity": "Low",
        "status": "Available",
        "subTechniques": [],
        "suppressionDuration": "PT1H",
        "suppressionEnabled": false,
        "tactics": [],
        "techniques": [],
        "templateVersion": "1.0.0",
        "triggerOperator": "GreaterThan",
        "triggerThreshold": 0
      },
      "type": "Microsoft.OperationalInsights/workspaces/providers/alertRules"
    }
  ]
}