diff --git a/rules/cloud/aws/aws_enum_logging.yml b/rules/cloud/aws/aws_enum_logging.yml
index 63c680008..50fa152c6 100644
--- a/rules/cloud/aws/aws_enum_logging.yml
+++ b/rules/cloud/aws/aws_enum_logging.yml
@@ -26,7 +26,7 @@ detection:
             - 'DescribeSnapshotTierStatus'
             - 'DescribeImages'
     timeframe: 10m
-    condition: selection
+    condition: selection | count() > 5
 falsepositives:
     - Unknown
 level: medium
diff --git a/rules/cloud/aws/aws_enum_network.yml b/rules/cloud/aws/aws_enum_network.yml
index 7b5a6ca6c..41297071c 100644
--- a/rules/cloud/aws/aws_enum_network.yml
+++ b/rules/cloud/aws/aws_enum_network.yml
@@ -23,7 +23,7 @@ detection:
             - 'DescribeDhcpOptions'
             - 'GetTransitGatewayRouteTableAssociations'
     timeframe: 10m
-    condition: selection
+    condition: selection | count() > 5
 falsepositives:
     - Unknown
 level: low
diff --git a/rules/cloud/aws/aws_enum_storage.yml b/rules/cloud/aws/aws_enum_storage.yml
index c06f63780..6a9ad5b41 100644
--- a/rules/cloud/aws/aws_enum_storage.yml
+++ b/rules/cloud/aws/aws_enum_storage.yml
@@ -24,7 +24,7 @@ detection:
             - 'GetBucketPolicy'
             - 'GetBucketTagging'
     timeframe: 10m
-    condition: selection
+    condition: selection | count() > 5
 falsepositives:
     - Unknown
 level: medium