Alerts_new_vulnerability
| where Service == "new_vulnerability"
| extend MappedSeverity = Severity
incidentConfiguration:
description: |
A new vulnerability ({{NV_CVE}}) has been identified for one of the monitored keywords or assets. This CVE may pose risks depending on exposure and exploitability. Review CVE details and assess potential impact on your environment.
severityColumnName: MappedSeverity
groupingConfiguration:
reopenClosedIncident: false
lookbackDuration: PT5H
matchingMethod: AllEntities
enabled: false
alertDisplayNameFormat: New Vulnerability Identified {{NV_CVE}}
alertDetailsOverride:
createIncident: true
relevantTechniques:
- T1190
queryfrequency: 30m
triggerOperator: GreaterThan
description: |
'A newly detected CVE has been associated with a monitored keyword or asset. This may indicate exposure to newly published or exploited vulnerabilities.'
triggerThreshold: 0
id: e52f36dd-7d4f-4aa8-a095-3b6fa2b28b8d
name: Cyble Vision Alerts New Vulnerability Detected
queryPeriod: 30m
customDetails:
MappedSeverity: Severity
Service: Service
NV_CVE: NV_CVE
Status: Status
AlertID: AlertID
eventGroupingSettings:
aggregationKind: AlertPerResult
severity: Low
enabled: true
entityMappings:
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_new_vulnerability_rule.yaml
requiredDataConnectors:
- connectorId: CybleVisionAlerts
dataTypes:
- CybleVisionAlerts_CL
kind: Scheduled
status: Available
version: 1.0.0
tactics:
- InitialAccess
query: |
Alerts_new_vulnerability
| where Service == "new_vulnerability"
| extend MappedSeverity = Severity
