security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

capitalized titles

Browse Source 
corrected capitalization of titles and removed literals from config
This commit is contained in:
pdr9rc
2020-05-05 11:32:18 +01:00
parent aa175a7d5b
commit 31ad81874f
2 changed files with 2 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/cloud/aws_ec2_vm_export_failure.yml
+1 -1
View File
@@ -1,4 +1,4 @@
title: AWS EC2 VM Export failure
title: AWS EC2 VM Export Failure
id: 54b9a76a-3c71-4673-b4b3-2edb4566ea7b
status: experimental
description: An attempt to export an AWS EC2 instance has been detected. A VM Export might indicate an attempt to extract information from an instance.
tools/config/ecs-cloudtrail.yml
+1 -10
View File
@@ -1,4 +1,4 @@
title: Elastic Common Schema and Elastic Exported Fields mapping for AWS CloudTrail logs
title: Elastic Common Schema And Elastic Exported Fields Mapping For AWS CloudTrail Logs
order: 20
backends:
- es-qs
@@ -54,15 +54,6 @@ overrides:
- (\(\(event.action:\"ConsoleLogin\".* aws.cloudtrail.error_code.keyword:\*\)\))
- (\(\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_message.keyword:\*\)\))
- (\(\(aws.cloudtrail.response_elements.keyword:\*Failure\*.* aws.cloudtrail.error_code.keyword:\*\)\))
literals:
- ((aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*) OR (event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*))
- ((aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*) OR (event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*))
- ((aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*) OR (aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin"))
- ((aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*) OR (aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin"))
- ((event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*) OR (aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*))
- ((event.action:"ConsoleLogin" AND aws.cloudtrail.response_elements.keyword:*Failure*) OR (aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*))
- ((aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin") OR (aws.cloudtrail.error_message.keyword:* OR aws.cloudtrail.error_code.keyword:*))
- ((aws.cloudtrail.response_elements.keyword:*Failure* AND event.action:"ConsoleLogin") OR (aws.cloudtrail.error_code.keyword:* OR aws.cloudtrail.error_message.keyword:*))
- field: event.outcome
value: success
literals: