Alerts_new_vulnerability
| where Service == "new_vulnerability"
| extend MappedSeverity = Severity
customDetails:
Status: Status
AlertID: AlertID
Service: Service
NV_CVE: NV_CVE
MappedSeverity: Severity
kind: Scheduled
severity: Low
description: |
'A newly detected CVE has been associated with a monitored keyword or asset. This may indicate exposure to newly published or exploited vulnerabilities.'
triggerOperator: GreaterThan
status: Available
enabled: true
query: |
Alerts_new_vulnerability
| where Service == "new_vulnerability"
| extend MappedSeverity = Severity
triggerThreshold: 0
relevantTechniques:
- T1190
version: 1.0.0
queryfrequency: 30m
entityMappings:
requiredDataConnectors:
- connectorId: CybleVisionAlerts
dataTypes:
- CybleVisionAlerts_CL
queryPeriod: 30m
tactics:
- InitialAccess
name: Cyble Vision Alerts New Vulnerability Detected
id: e52f36dd-7d4f-4aa8-a095-3b6fa2b28b8d
eventGroupingSettings:
aggregationKind: AlertPerResult
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cyble Vision/Analytic Rules/Alerts_new_vulnerability_rule.yaml
incidentConfiguration:
description: |
A new vulnerability ({{NV_CVE}}) has been identified for one of the monitored keywords or assets. This CVE may pose risks depending on exposure and exploitability. Review CVE details and assess potential impact on your environment.
alertDisplayNameFormat: New Vulnerability Identified {{NV_CVE}}
alertDetailsOverride:
severityColumnName: MappedSeverity
groupingConfiguration:
matchingMethod: AllEntities
enabled: false
reopenClosedIncident: false
lookbackDuration: PT5H
createIncident: true
