What Changed
Threat Intelligence DomainEntity_imWebSession detection rule updated from version 1.0.10 to 1.0.11, changing alert description field mapping from {{Type}} to {{ThreatType}}.
Detection Logic
KQL logic unavailable — YAML not included in diff context.
Security Impact (Visibility & Fidelity)
The alert description format referenced a non-existent {{Type}} field, causing alert descriptions to display incomplete context about threat indicators. This affected SOC analyst workflow by providing generic descriptions instead of specific threat type information (malware, phishing, botnet, etc.) when investigating web session alerts. The corrected {{ThreatType}} field mapping restores meaningful threat context in alert descriptions.
Affected Files
Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_imWebSession.yaml