diff --git a/rules/cross-platform/threat_intel_indicator_match_url.toml b/rules/cross-platform/threat_intel_indicator_match_url.toml
index f3c38d4e5..749b24a85 100644
--- a/rules/cross-platform/threat_intel_indicator_match_url.toml
+++ b/rules/cross-platform/threat_intel_indicator_match_url.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2023/05/22"
 maturity = "production"
-updated_date = "2023/06/27"
+updated_date = "2023/07/03"
 min_stack_comments = """
 Limiting the backport of these rules to the stack version which we are deprecating the Threat Intel Indicator Match
 general rules.
@@ -97,3 +97,15 @@ value = "threat.indicator.url.full"
 field = "url.domain"
 type = "mapping"
 value = "threat.indicator.url.domain"
+
+[[rule.threat_mapping]]
+[[rule.threat_mapping.entries]]
+field = "source.domain"
+type = "mapping"
+value = "threat.indicator.url.domain"
+
+[[rule.threat_mapping]]
+[[rule.threat_mapping.entries]]
+field = "destination.domain"
+type = "mapping"
+value = "threat.indicator.url.domain"