Alerts_new_vulnerability
| where Service == "new_vulnerability"
| extend MappedSeverity = Severity
name: Cyble Vision Alerts New Vulnerability Detected
id: e52f36dd-7d4f-4aa8-a095-3b6fa2b28b8d
enabled: true
entityMappings:
version: 1.0.0
triggerOperator: GreaterThan
query: |
Alerts_new_vulnerability
| where Service == "new_vulnerability"
| extend MappedSeverity = Severity
description: |
'A newly detected CVE has been associated with a monitored keyword or asset. This may indicate exposure to newly published or exploited vulnerabilities.'
kind: Scheduled
queryfrequency: 30m
triggerThreshold: 0
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_new_vulnerability_rule.yaml
severity: Low
incidentConfiguration:
createIncident: true
severityColumnName: MappedSeverity
alertDetailsOverride:
description: |
A new vulnerability ({{NV_CVE}}) has been identified for one of the monitored keywords or assets. This CVE may pose risks depending on exposure and exploitability. Review CVE details and assess potential impact on your environment.
groupingConfiguration:
lookbackDuration: PT5H
reopenClosedIncident: false
matchingMethod: AllEntities
enabled: false
alertDisplayNameFormat: New Vulnerability Identified {{NV_CVE}}
queryPeriod: 30m
requiredDataConnectors:
- dataTypes:
- CybleVisionAlerts_CL
connectorId: CybleVisionAlerts
status: Available
customDetails:
AlertID: AlertID
Service: Service
Status: Status
NV_CVE: NV_CVE
MappedSeverity: Severity
eventGroupingSettings:
aggregationKind: AlertPerResult
relevantTechniques:
- T1190
tactics:
- InitialAccess
