valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update AWS Update Login Profile rule

Browse Source 
Update selection criteria for AWS Update Login Profile rule to check for mismatch between userIdentity.arn and requestParameters.userName.
Closes SigmaHQ/sigma#1966.
This commit is contained in:
Rachel Rice 2021-09-02 17:37:41 +01:00
parent b731c20594
commit 7ccb773b20
No known key found for this signature in database
GPG Key ID: A6DA98BA5E9E2C85
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/cloud/aws/aws_update_login_profile.yml
View File

@ -15,7 +15,7 @@ detection:
eventSource: iam.amazonaws.com
eventName: UpdateLoginProfile
filter:
userIdentity.arn|contains: responseElements.accessKey.userName
userIdentity.arn|contains: requestParameters.userName
condition: selection_source and not filter
fields:
- userIdentity.arn