Lowering level

Lowering level to medium for events that can have a legitimate cause

rules/cloud/aws_cloudtrail_disable_logging.yml

@@ -6,7 +6,7 @@ description: Detects disabling, deleting and updating of a Trail
 references:
   - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html
 logsource:
-  service: CloudTrail
+  service: cloudtrail
 detection:
   selection_source:
     - eventSource: cloudtrail.amazonaws.com
@@ -16,8 +16,8 @@ detection:
         - UpdateTrail
         - DeleteTrail
   condition: selection_source AND events
-level: high
+level: medium
 falsepositives:
     - Valid change in a Trail
 tags:
-  - attack.t1089
+  - attack.t1089