valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #2123 from rachelrice/update_aws_rules

Browse Source 
Update AWS SAML and Lambda rules
This commit is contained in:
frack113 2021-10-05 19:49:54 +02:00 committed by GitHub
commit d0561d361b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/cloud/aws/aws_attached_malicious_lambda_layer.yml
View File

@ -11,7 +11,7 @@ logsource:
detection:
selection:
eventSource: lambda.amazonaws.com
eventName: UpdateFunctionConfiguration
eventName|startswith: UpdateFunctionConfiguration
condition: selection
level: medium
tags:

2
rules/cloud/aws/aws_suspicious_saml_activity.yml
View File

@ -12,7 +12,7 @@ logsource:
detection:
selection1:
eventSource: sts.amazonaws.com
eventName: Assumerolewithsaml
eventName: AssumeRoleWithSAML
selection2:
eventSource: iam.amazonaws.com
eventName: UpdateSAMLProvider