Microsoft Sentinel Analytic Rules
cloudbrothers.infoAzure Sentinel RepoToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

Cyble Vision Alerts New Vulnerability Detected

Back
Ide52f36dd-7d4f-4aa8-a095-3b6fa2b28b8d
RulenameCyble Vision Alerts New Vulnerability Detected
DescriptionA newly detected CVE has been associated with a monitored keyword or asset. This may indicate exposure to newly published or exploited vulnerabilities.
SeverityLow
TacticsInitialAccess
TechniquesT1190
Required data connectorsCybleVisionAlerts
KindScheduled
Query frequency30m
Query period30m
Trigger threshold0
Trigger operatorGreaterThan
Source Urihttps://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_new_vulnerability_rule.yaml
Version1.0.0
Arm templatee52f36dd-7d4f-4aa8-a095-3b6fa2b28b8d.json
Deploy To Azure
Alerts_new_vulnerability  
| where Service == "new_vulnerability" 
| extend MappedSeverity = Severity
description: |
    'A newly detected CVE has been associated with a monitored keyword or asset. This may indicate exposure to newly published or exploited vulnerabilities.'
version: 1.0.0
tactics:
- InitialAccess
queryfrequency: 30m
query: |
  Alerts_new_vulnerability  
  | where Service == "new_vulnerability" 
  | extend MappedSeverity = Severity  
status: Available
triggerOperator: GreaterThan
kind: Scheduled
triggerThreshold: 0
customDetails:
  Status: Status
  MappedSeverity: Severity
  Service: Service
  AlertID: AlertID
  NV_CVE: NV_CVE
enabled: true
relevantTechniques:
- T1190
id: e52f36dd-7d4f-4aa8-a095-3b6fa2b28b8d
queryPeriod: 30m
entityMappings: 
eventGroupingSettings:
  aggregationKind: AlertPerResult
severity: Low
name: Cyble Vision Alerts New Vulnerability Detected
incidentConfiguration:
  severityColumnName: MappedSeverity
  alertDisplayNameFormat: New Vulnerability Identified {{NV_CVE}}
  alertDetailsOverride: 
  description: |
        A new vulnerability ({{NV_CVE}}) has been identified for one of the monitored keywords or assets. This CVE may pose risks depending on exposure and exploitability. Review CVE details and assess potential impact on your environment.
  groupingConfiguration:
    lookbackDuration: PT5H
    enabled: false
    reopenClosedIncident: false
    matchingMethod: AllEntities
  createIncident: true
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_new_vulnerability_rule.yaml
requiredDataConnectors:
- dataTypes:
  - CybleVisionAlerts_CL
  connectorId: CybleVisionAlerts