From 6cf33d4a7944b66e7d2d5f417b1e25d5d40ee8ff Mon Sep 17 00:00:00 2001
From: sulakshan-kumar <91709034+sulakshan-kumar@users.noreply.github.com>
Date: Tue, 7 Mar 2023 15:39:29 +0530
Subject: [PATCH] Update T1078.004.yaml

updated "Azure Persistence Automation Runbook Created or Modified" scenario
---
 atomics/T1078.004/T1078.004.yaml | 35 ++++++++++++++------------------
 1 file changed, 15 insertions(+), 20 deletions(-)

diff --git a/atomics/T1078.004/T1078.004.yaml b/atomics/T1078.004/T1078.004.yaml
index 8baf22a3..0ced90f0 100644
--- a/atomics/T1078.004/T1078.004.yaml
+++ b/atomics/T1078.004/T1078.004.yaml
@@ -1,4 +1,3 @@
----
 attack_technique: T1078.004
 display_name: 'Valid Accounts: Cloud Accounts'
 
@@ -7,36 +6,33 @@ atomic_tests:
   auto_generated_guid: 9fdd83fd-bd53-46e5-a716-9dec89c8ae8e
   description: |
     GCP Service Accounts can be used to gain intial access as well as maintain persistence inside Google Cloud.
-
   supported_platforms:
-    - google-workspace
-    - windows
-    - linux
-    - macos
+  - google-workspace
+  - iaas:gcp
 
   input_arguments:
     project-id:
       description: ID of the project, you want to create service account as well as service account key for
-      type: String
+      type: string
       default: art-project-1
 
     service-account-name:
       description: Name of the service account
-      type: String
+      type: string
       default: gcp-art-service-account-1
 
     service-account-email:
       description: Email of the service account
-      type: String
+      type: string
       default: gcp-art-service-account-1@art-project-1.iam.gserviceaccount.com
 
     output-key-file:
       description: Email of the service account
-      type: String
+      type: string
       default: gcp-art-service-account-1.json
 
   executor:
-    name: gcloud
+    name: sh
     elevation_required: false
     command: |
       gcloud auth login --no-launch-browser
@@ -45,17 +41,16 @@ atomic_tests:
       gcloud iam service-accounts keys create #{output-key-file} --iam-account=#{service-account-email}
     cleanup_command: |
       gcloud iam service-accounts delete #{service-account-email} --quiet
-
-  dependency_executor_name: gcloud
+  dependency_executor_name: sh
   dependencies:
-      - description: |
-          Requires gcloud
-        prereq_command: |
-          if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi;
-        get_prereq_command: |
-          echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install"
+  - description: |
+      Requires gcloud
+    prereq_command: |
+      if [ -x "$(command -v gcloud)" ]; then exit 0; else exit 1; fi;
+    get_prereq_command: |
+      echo "Please Install Google Cloud SDK before running this atomic test : https://cloud.google.com/sdk/docs/install"
 - name: Azure Persistence Automation Runbook Created or Modified
-  auto_generated_guid: e4c7f493-ac28-40c4-9ef8-bfbc31f35850
+  auto_generated_guid: 348f4d14-4bd3-4f6b-bd8a-61237f78b3ac
   description: |
     Identifies when an Azure Automation runbook is created or modified. An adversary may create or modify an Azure
     Automation runbook to execute malicious code and maintain persistence in their target's environment.