Alerts_new_vulnerability
| where Service == "new_vulnerability"
| extend MappedSeverity = Severity
status: Available
relevantTechniques:
- T1190
triggerThreshold: 0
severity: Low
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_new_vulnerability_rule.yaml
incidentConfiguration:
alertDisplayNameFormat: New Vulnerability Identified {{NV_CVE}}
severityColumnName: MappedSeverity
description: |
A new vulnerability ({{NV_CVE}}) has been identified for one of the monitored keywords or assets. This CVE may pose risks depending on exposure and exploitability. Review CVE details and assess potential impact on your environment.
createIncident: true
groupingConfiguration:
lookbackDuration: PT5H
enabled: false
matchingMethod: AllEntities
reopenClosedIncident: false
alertDetailsOverride:
queryPeriod: 30m
query: |
Alerts_new_vulnerability
| where Service == "new_vulnerability"
| extend MappedSeverity = Severity
id: e52f36dd-7d4f-4aa8-a095-3b6fa2b28b8d
entityMappings:
customDetails:
NV_CVE: NV_CVE
Status: Status
AlertID: AlertID
MappedSeverity: Severity
Service: Service
eventGroupingSettings:
aggregationKind: AlertPerResult
kind: Scheduled
tactics:
- InitialAccess
description: |
'A newly detected CVE has been associated with a monitored keyword or asset. This may indicate exposure to newly published or exploited vulnerabilities.'
name: Cyble Vision Alerts New Vulnerability Detected
triggerOperator: GreaterThan
version: 1.0.0
enabled: true
queryfrequency: 30m
requiredDataConnectors:
- connectorId: CybleVisionAlerts
dataTypes:
- CybleVisionAlerts_CL
