Cyble Vision Alerts Suspicious Domain

Alerts_suspicious_domains 
| where Service == "suspicious_domain" 
| extend MappedSeverity = Severity

name: Cyble Vision Alerts Suspicious Domain
relevantTechniques:
- T1595
id: c56fcb78-b708-4a92-bad4-d50b1e15c42c
enabled: true
requiredDataConnectors:
- dataTypes:
  - CybleVisionAlerts_CL
  connectorId: CybleVisionAlerts
eventGroupingSettings:
  aggregationKind: AlertPerResult
version: 1.0.0
severity: Low
triggerThreshold: 0
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_Suspicious_Domain.yaml
queryPeriod: 30m
subTechniques: []
kind: Scheduled
queryFrequency: 30m
incidentConfiguration:
  groupingConfiguration:
    reopenClosedIncident: false
    matchingMethod: AllEntities
    lookbackDuration: PT5H
    enabled: false
  createIncident: true
suppressionDuration: PT5H
entityMappings:
- fieldMappings:
  - identifier: DomainName
    columnName: Domain
  entityType: DNS
alertDetailsOverride:
  alertDisplayNameFormat: Suspicious Domain Detected {{Domain}}  {{Status}}
  alertDescriptionFormat: |
        Suspicious Domain detected for {{Domain}} with {{Status}}
  alertDynamicProperties: []
status: Available
query: |
  Alerts_suspicious_domains 
  | where Service == "suspicious_domain" 
  | extend MappedSeverity = Severity  
tactics:
- Reconnaissance
customDetails:
  RegistrationDate: SD_RegistrationDate
  Keyword: KeywordName
  MX_Records: MX_Records
  LiveStatus: SD_IsLive
  Domain: Domain
  MappedSeverity: Severity
  LastLiveCheck: SD_LastLiveCheck
  Service: Service
  NS_Records: NS_Records
  AlertID: AlertID
  A_Records: A_Records
  Screenshot: SD_ScreenshotURL
  Score: SD_Score
  Status: Status
description: |
    'This Rule generates Cyble Vision Alerts for Service - Suspicious Domain severity LOW'
triggerOperator: GreaterThan