Update azure_kubernetes_events_deleted.yml

2021-07-24 10:28:21 -05:00
parent ef64e2a02f
commit 0445be8d01
1 changed files with 1 additions and 1 deletions
@@ -18,7 +18,7 @@ level: medium
 tags:
    - attack.defense_evasion
    - attack.t1562
-	- attack.t1562.001
+    - attack.t1562.001
 falsepositives:
 - Events deletions may be done by a system or network administrator. Verify whether the username, hostname, and/or resource name should be making changes in your environment. Events deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule.