diff --git a/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml b/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml
index 67de51ff6..f805aadf5 100644
--- a/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml
+++ b/rules/cloud/azure_kubernetes_rolebinding_modified_or_deleted.yml
@@ -6,6 +6,10 @@ status: experimental
 date: 2021/08/07
 references:
     - https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftkubernetes
+    - https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/
+    - https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/
+    - https://medium.com/mitre-engenuity/att-ck-for-containers-now-available-4c2359654bf1
+    - https://attack.mitre.org/matrices/enterprise/cloud/
 logsource:
   service: azure.activitylogs
 detection: