From 1c0c29f45f554d65d30a1dfbf8fd9cb77c192546 Mon Sep 17 00:00:00 2001
From: TheLawsOfChaos <TheLawsOfChaos@users.noreply.github.com>
Date: Mon, 9 Jan 2023 15:35:00 -0500
Subject: [PATCH] Update azure_creating_number_of_resources_detection.yml

Added tactic and MITRE reference for technique.
---
 .../azure/azure_creating_number_of_resources_detection.yml      | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rules/cloud/azure/azure_creating_number_of_resources_detection.yml b/rules/cloud/azure/azure_creating_number_of_resources_detection.yml
index 9a50bfbe2..62550fc0f 100644
--- a/rules/cloud/azure/azure_creating_number_of_resources_detection.yml
+++ b/rules/cloud/azure/azure_creating_number_of_resources_detection.yml
@@ -4,10 +4,12 @@ status: test
 description: Number of VM creations or deployment activities occur in Azure via the azureactivity log.
 references:
     - https://github.com/Azure/Azure-Sentinel/blob/e534407884b1ec5371efc9f76ead282176c9e8bb/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml
+    - https://attack.mitre.org/techniques/T1098/
 author: sawwinnnaung
 date: 2020/05/07
 modified: 2021/11/27
 tags:
+    - attack.persistence
     - attack.t1098
 logsource:
     product: azure