Cyble Vision Alerts Suspicious Domain

Alerts_suspicious_domains 
| where Service == "suspicious_domain" 
| extend MappedSeverity = Severity

customDetails:
  Status: Status
  MappedSeverity: Severity
  Score: SD_Score
  LiveStatus: SD_IsLive
  RegistrationDate: SD_RegistrationDate
  A_Records: A_Records
  Domain: Domain
  Screenshot: SD_ScreenshotURL
  NS_Records: NS_Records
  LastLiveCheck: SD_LastLiveCheck
  MX_Records: MX_Records
  Keyword: KeywordName
  AlertID: AlertID
  Service: Service
triggerOperator: GreaterThan
tactics:
- Reconnaissance
incidentConfiguration:
  createIncident: true
  groupingConfiguration:
    reopenClosedIncident: false
    matchingMethod: AllEntities
    lookbackDuration: PT5H
    enabled: false
suppressionDuration: PT5H
eventGroupingSettings:
  aggregationKind: AlertPerResult
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_Suspicious_Domain.yaml
subTechniques: []
version: 1.0.0
query: |
  Alerts_suspicious_domains 
  | where Service == "suspicious_domain" 
  | extend MappedSeverity = Severity  
triggerThreshold: 0
relevantTechniques:
- T1595
queryPeriod: 30m
status: Available
severity: Low
alertDetailsOverride:
  alertDescriptionFormat: |
        Suspicious Domain detected for {{Domain}} with {{Status}}
  alertDynamicProperties: []
  alertDisplayNameFormat: Suspicious Domain Detected {{Domain}}  {{Status}}
enabled: true
name: Cyble Vision Alerts Suspicious Domain
queryFrequency: 30m
id: c56fcb78-b708-4a92-bad4-d50b1e15c42c
description: |
    'This Rule generates Cyble Vision Alerts for Service - Suspicious Domain severity LOW'
kind: Scheduled
requiredDataConnectors:
- dataTypes:
  - CybleVisionAlerts_CL
  connectorId: CybleVisionAlerts
entityMappings:
- fieldMappings:
  - columnName: Domain
    identifier: DomainName
  entityType: DNS