Analytic rule "TI map Domain entity to Web Session Events (ASIM Web Session schema)" not processing Url

[cg-techgw]

Describe the bug
The rule "TI map Domain entity to Web Session Events (ASIM Web Session schema)" in the file https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Threat%20Intelligence%20(NEW)/Analytic%20Rules/DomainEntity_imWebSession.yaml

Appears to have been written to map Threat Intel items of type url:value or domain-name:* however the placement of a where clause means it will only process items of type domain-name:*

Reduces the effectiveness of this rule very significantly as a lot of IOC may rely on a full URL path rather than just the FQDN

To Reproduce
Steps to reproduce the behavior:
Go to:

Azure-Sentinel/Solutions/Threat Intelligence (NEW)/Analytic Rules/DomainEntity_imWebSession.yaml

Line 38 in aaca33f

| where IndicatorType == "domain-name"

Copy lines 1-11 of the query only (31-42 of the yaml file) and run in a Sentinel instance that is configured to have populated the ThreatIntelIndicators table with indicators of both type "url:value" and "domain-name:value"

Expected behavior
Query should return indicators of type "url:value" or "domain-name", but it only returns those of type "domain-name"

[v-utpalkumar]

Hello @cg-techgw, thanks for flagging this. We will look into it and get back to you. Thanks!