From 50ebb38eb4b0e25f44e5616c9272cb5bc53bd1c2 Mon Sep 17 00:00:00 2001
From: Ben Airey <ben.airey@panther.com>
Date: Thu, 5 Dec 2024 12:22:58 -0600
Subject: [PATCH] =?UTF-8?q?AWS.CloudTrail.EventSelectorsDisabled:=C2=A0imp?=
 =?UTF-8?q?roved=20description?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../aws_cloudtrail_event_selectors_disabled.yml                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/aws_cloudtrail_rules/aws_cloudtrail_event_selectors_disabled.yml b/rules/aws_cloudtrail_rules/aws_cloudtrail_event_selectors_disabled.yml
index e261eccff..fa3a1d4d1 100644
--- a/rules/aws_cloudtrail_rules/aws_cloudtrail_event_selectors_disabled.yml
+++ b/rules/aws_cloudtrail_rules/aws_cloudtrail_event_selectors_disabled.yml
@@ -16,7 +16,7 @@ Reports:
     - TA0005:T1562
 Severity: Medium
 Description: >
-  A CloudTrail Trail was modified.
+  A CloudTrail Trail was modified to exclude management events for 1 or more resource types.
 Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-cloudtrail-modified
 Reference: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-update-a-trail-console.html
 SummaryAttributes: