Skip to content

Commit

Permalink
Add references to rules (indicator_creation_rules)
Browse files Browse the repository at this point in the history
  • Loading branch information
@akozlovets098
akozlovets098 committed Dec 12, 2023
1 parent 2e8e932 commit 23c3705
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions rules/indicator_creation_rules/new_aws_account_logging.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ Reports:
- TA0003:T1136
Description: A new AWS account was created
Runbook: A new AWS account was created, ensure it was created through standard practice and is for a valid purpose.
Reference: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_security_incident-response.html#:~:text=AWS%20Organizations%20information%20in%20CloudTrail
SummaryAttributes:
- p_any_aws_account_ids
Tests:
Expand Down
1 change: 1 addition & 0 deletions rules/indicator_creation_rules/new_user_account_logging.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ Reports:
- TA0003:T1136
Description: A new account was created
Runbook: A new user account was created, ensure it was created through standard practice and is for a valid purpose.
Reference: https://attack.mitre.org/techniques/T1136/001/
SummaryAttributes:
- p_any_usernames
Tests:
Expand Down

0 comments on commit 23c3705

Please sign in to comment.