diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/AlertRules.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/AlertRules.json
index a577e19acf52..5ebd370a2f55 100644
--- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/AlertRules.json
+++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/AlertRules.json
@@ -1529,6 +1529,26 @@
         "version": {
           "description": "The version of this template - in format <a.b.c>, where all are numbers. For example <1.0.2>.",
           "type": "string"
+        },
+        "eventGroupingSettings": {
+          "$ref": "#/definitions/EventGroupingSettings",
+          "description": "The event grouping settings."
+        },
+        "customDetails": {
+          "description": "Dictionary of string key-value pairs of columns to be attached to the alert",
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
+        "entityMappings": {
+          "$ref": "#/definitions/EntityMappings",
+          "description": "Array of the entity mappings of the alert rule"
+        },
+        "alertDetailsOverride": {
+          "type": "object",
+          "$ref": "#/definitions/AlertDetailsOverride",
+          "description": "The alert details override settings"
         }
       },
       "type": "object"
diff --git a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json
index d01590d4e946..c80c47d81ddd 100644
--- a/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json
+++ b/specification/securityinsights/resource-manager/Microsoft.SecurityInsights/stable/2021-10-01/examples/alertRuleTemplates/GetAlertRuleTemplateById.json
@@ -23,6 +23,9 @@
           "triggerThreshold": 0,
           "displayName": "Changes to Amazon VPC settings",
           "description": "This alert monitors changes to Amazon VPC (Virtual Private Cloud) settings such as new ACL entries and routes in route tables.\nMore information: https://medium.com/@GorillaStack/the-most-important-aws-cloudtrail-security-events-to-track-a5b9873f8255 \nand https://aws.amazon.com/vpc/",
+          "eventGroupingSettings": {
+            "aggregationKind": "AlertPerResult"
+          },
           "tactics": [
             "PrivilegeEscalation",
             "LateralMovement"
@@ -39,6 +42,36 @@
               ]
             }
           ],
+          "entityMappings": [
+            {
+              "entityType": "Account",
+              "fieldMappings": [
+                {
+                  "identifier": "FullName",
+                  "columnName": "AccountCustomEntity"
+                }
+              ]
+            },
+            {
+              "entityType": "IP",
+              "fieldMappings": [
+                {
+                  "identifier": "Address",
+                  "columnName": "IPCustomEntity"
+                }
+              ]
+            }
+          ],
+          "customDetails": {
+            "EventNames": "EventName",
+            "EventTypes": "EventTypeName"
+          },
+          "alertDetailsOverride": {
+            "alertDisplayNameFormat": "Alert on event {{EventName}}",
+            "alertDescriptionFormat": "Suspicious activity was made by {{AccountCustomEntity}}",
+            "alertTacticsColumnName": null,
+            "alertSeverityColumnName": null
+          },
           "alertRulesCreatedByTemplateCount": 0
         }
       }