diff --git a/package/default/eventtypes.conf b/package/default/eventtypes.conf
index 3730e4e..47b046d 100644
--- a/package/default/eventtypes.conf
+++ b/package/default/eventtypes.conf
@@ -35,3 +35,6 @@ search = sourcetype="azure:vm:stop"
 [add_member_m365_group_modaction_result]
 search = sourcetype="m365:group:member:add"
 
+[azure_vuln]
+search = (sourcetype=azure:resourcegraph type="microsoft.security/assessments/subAssessments" "properties.additionalData.assessedResourceType"=ServerVulnerability 
+properties.additionalData.cve{}.title=*)
diff --git a/package/default/props.conf b/package/default/props.conf
index 78c80d7..155bb5a 100644
--- a/package/default/props.conf
+++ b/package/default/props.conf
@@ -227,7 +227,23 @@ EVAL-resourceType = case(\
 ####################
 
 [azure:resourcegraph]
+EVAL-cvss = ifnull(cvss,'xref')
+EVAL-dvc = dvc=dest
+EXTRACT-mskb = HREF=\\\\\"(?P<mskb>https:\/\/portal.msrc.microsoft.com\/.*?)\"
+EXTRACT-msft = HREF=\\\\\"(?P<msft>https:\/\/technet.microsoft.com\/.*?)\"
+EXTRACT-dest = \"resourceDetails\":\s\{\"id\":\s\".[^\"]+\/(?P<dest>.*?)\"
+FIELDALIAS-aob_gen_azure_resourcegraph_alias_1 = properties.additionalData.cve{}.title AS cve
+FIELDALIAS-aob_gen_azure_resourcegraph_alias_2 = properties.additionalData.cvss.3.0.base AS cvss
+FIELDALIAS-aob_gen_azure_resourcegraph_alias_3 = properties.additionalData.cvss.2.0.base AS xref
+FIELDALIAS-aob_gen_azure_resourcegraph_alias_4 = properties.status.severity AS severity
+FIELDALIAS-aob_gen_azure_resourcegraph_alias_5 = properties.description AS signature
+FIELDALIAS-aob_gen_azure_resourcegraph_alias_6 = properties.category AS category
+FIELDALIAS-aob_gen_azure_resourcegraph_alias_7 = properties.resourceDetails.source AS vendor_product
+FIELDALIAS-aob_gen_azure_resourcegraph_alias_8 = properties.id AS signature_id
+FIELDALIAS-aob_gen_azure_resourcegraph_alias_9 = properties.additionalData.vendorReferences{}.link AS url
 SHOULD_LINEMERGE = 0
+category = Splunk App Add-on Builder
+pulldown_type = 1
 
 [azure:reservation:recommendation]
 SHOULD_LINEMERGE = 0
diff --git a/package/default/tags.conf b/package/default/tags.conf
index 0f21176..70ffe74 100644
--- a/package/default/tags.conf
+++ b/package/default/tags.conf
@@ -39,3 +39,6 @@ modaction_result = enabled
 [eventtype=add_member_m365_group_modaction_result]
 modaction_result = enabled
 
+[eventtype=azure_vuln]
+report = enabled
+vulnerability = enabled