Cyble Vision Alerts SSL Certificate Expiry

Alerts_ssl_expiry
| where Service == "ssl_expiry" 
| extend MappedSeverity = Severity

version: 1.0.0
eventGroupingSettings:
  aggregationKind: AlertPerResult
query: |
  Alerts_ssl_expiry
  | where Service == "ssl_expiry" 
  | extend MappedSeverity = Severity  
queryPeriod: 30m
status: Available
kind: Scheduled
enabled: true
relevantTechniques:
- T1190
- T1499
tactics:
- InitialAccess
- Impact
triggerOperator: GreaterThan
queryfrequency: 30m
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_ssl_expiry.yaml
entityMappings:
- fieldMappings:
  - columnName: SS_Asset
    identifier: DomainName
  entityType: DNS
- fieldMappings:
  - columnName: SS_Asset
    identifier: HostName
  entityType: Host
- fieldMappings:
  - columnName: SS_Port
    identifier: HostName
  entityType: Host
name: Cyble Vision Alerts SSL Certificate Expiry
triggerThreshold: 0
severity: Low
incidentConfiguration:
  alertDetailsOverride: 
  alertDisplayNameFormat: SSL Certificate Expiry  {{DC_ServerName}}
  groupingConfiguration:
    reopenClosedIncident: false
    enabled: false
    lookbackDuration: PT5H
    matchingMethod: AllEntities
  createIncident: true
  alertDescriptionFormat: ""
id: A667D635-D2A7-47E7-8827-8FB243AF2AFD
customDetails:
  CertificateTitle: SS_Title
  ExpiryDate: SS_Expiry
  Port: SS_Port
  Service: Service
  MappedSeverity: Severity
  AlertID: AlertID
  Status: Status
  DaysToExpiry: SS_DaysUntilExpiry
  Asset: SS_Asset
description: |
    'Generates Microsoft Sentinel incidents for SSL certificates nearing expiry as detected by Cyble. These alerts help identify certificate hygiene risks that may lead to service disruption or security issues. Severity is normalized using MappedSeverity for downstream automation.'
requiredDataConnectors:
- connectorId: CybleVisionAlerts
  dataTypes:
  - CybleVisionAlerts_CL