Delete aws_ses_messaging_enabled.yml
This commit is contained in:
BlueTeamOps
@@ -1,28 +0,0 @@
|
||||
title: Configure AWS SES To Send Messages
|
||||
id: 33d50d03-20ec-4b74-a74e-1e65a38af1c0
|
||||
status: experimental
|
||||
description: Identifies email sending feature is enabled for an account and the email address verification request is dispatched
|
||||
references:
|
||||
- https://unit42.paloaltonetworks.com/compromised-cloud-compute-credentials/
|
||||
author: Janantha Marasinghe
|
||||
date: 2022/12/12
|
||||
tags:
|
||||
- attack.t1583.006
|
||||
- attack.resource_development
|
||||
logsource:
|
||||
product: aws
|
||||
service: cloudtrail
|
||||
detection:
|
||||
selection1:
|
||||
eventSource: ses.amazonaws.com
|
||||
eventName:
|
||||
- UpdateAccountSendingEnabled
|
||||
selection2:
|
||||
eventSource: ses.amazonaws.com
|
||||
eventName:
|
||||
- VerifyEmailIdentity
|
||||
timeframe: 5m
|
||||
condition: selection1 and selection2
|
||||
falsepositives:
|
||||
- Legitimate SES configuration activity
|
||||
level: medium
|
||||
Reference in New Issue
Block a user