Alerts_new_vulnerability
| where Service == "new_vulnerability"
| extend MappedSeverity = Severity
customDetails:
AlertID: AlertID
NV_CVE: NV_CVE
Service: Service
Status: Status
MappedSeverity: Severity
incidentConfiguration:
alertDetailsOverride:
createIncident: true
description: |
A new vulnerability ({{NV_CVE}}) has been identified for one of the monitored keywords or assets. This CVE may pose risks depending on exposure and exploitability. Review CVE details and assess potential impact on your environment.
groupingConfiguration:
enabled: false
matchingMethod: AllEntities
lookbackDuration: PT5H
reopenClosedIncident: false
severityColumnName: MappedSeverity
alertDisplayNameFormat: New Vulnerability Identified {{NV_CVE}}
queryfrequency: 30m
name: Cyble Vision Alerts New Vulnerability Detected
eventGroupingSettings:
aggregationKind: AlertPerResult
description: |
'A newly detected CVE has been associated with a monitored keyword or asset. This may indicate exposure to newly published or exploited vulnerabilities.'
severity: Low
triggerThreshold: 0
query: |
Alerts_new_vulnerability
| where Service == "new_vulnerability"
| extend MappedSeverity = Severity
requiredDataConnectors:
- dataTypes:
- CybleVisionAlerts_CL
connectorId: CybleVisionAlerts
relevantTechniques:
- T1190
status: Available
triggerOperator: GreaterThan
queryPeriod: 30m
enabled: true
id: e52f36dd-7d4f-4aa8-a095-3b6fa2b28b8d
version: 1.0.0
entityMappings:
kind: Scheduled
tactics:
- InitialAccess
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_new_vulnerability_rule.yaml
