Merge pull request #2481 from RedinDisguise/master

Update T1562.001.yaml

atomics/T1562.001/T1562.001.yaml

@@ -890,4 +890,31 @@ atomic_tests:
     cleanup_command: |
       REG DELETE HKCU\Software\Classes\CLSID\{fdb00e52-a214-4aa1-8fba-4357bb0072ec}\InProcServer32 /f
     name: command_prompt
-    elevation_required: true
+    elevation_required: true
+- name: AWS - GuardDuty Suspension or Deletion
+  description: |
+    Enables GuardDuty in AWS, upon successful creation this test will suspend and then delete the GuardDuty configuration.
+  supported_platforms:
+  - iaas:aws
+  input_arguments:
+    region:
+      description: Name of the specified region
+      type: string
+      default: us-east-1
+  dependency_executor_name: bash
+  dependencies:
+  - description: |
+      Check if ~/.aws/credentials file has a default stanza is configured
+    prereq_command: |
+      cat ~/.aws/credentials | grep "default"
+    get_prereq_command: |
+      echo "Please install the aws-cli and configure your AWS default profile using: aws configure"
+  executor:
+    command: |
+      detectorId=$(aws guardduty create-detector --enable --region "#{region}" | grep -oP '(?<="DetectorId": ")[^"]*')
+      aws guardduty update-detector --no-enable --detector-id $detectorId
+      aws guardduty delete-detector --detector-id $detectorId
+    cleanup_command: |
+      echo "If test successfully ran, no cleanup required."
+    name: bash
+    elevation_required: false

atomics/T1562.008/T1562.008.yaml

@@ -475,4 +475,4 @@ atomic_tests:
     prereq_command: |
       gcloud config get-value account
     get_prereq_command: |
-      gcloud auth login --no-launch-browser
+      gcloud auth login --no-launch-browser