From 77accc82d780a50b190814e2cfc0b486bd7e24b7 Mon Sep 17 00:00:00 2001
From: BlueTeamOps <1480956+blueteam0ps@users.noreply.github.com>
Date: Tue, 13 Dec 2022 22:29:00 +1100
Subject: [PATCH] Delete aws_ses_messaging_enabled.yml

---
 rules/cloud/aws/aws_ses_messaging_enabled.yml | 28 -------------------
 1 file changed, 28 deletions(-)
 delete mode 100644 rules/cloud/aws/aws_ses_messaging_enabled.yml

diff --git a/rules/cloud/aws/aws_ses_messaging_enabled.yml b/rules/cloud/aws/aws_ses_messaging_enabled.yml
deleted file mode 100644
index 52e57cf6d..000000000
--- a/rules/cloud/aws/aws_ses_messaging_enabled.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-title: Configure AWS SES To Send Messages
-id: 33d50d03-20ec-4b74-a74e-1e65a38af1c0
-status: experimental
-description: Identifies email sending feature is enabled for an account and the email address verification request is dispatched
-references:
-    - https://unit42.paloaltonetworks.com/compromised-cloud-compute-credentials/
-author: Janantha Marasinghe
-date: 2022/12/12
-tags:
-    - attack.t1583.006
-    - attack.resource_development
-logsource:
-    product: aws
-    service: cloudtrail
-detection:
-    selection1:
-        eventSource: ses.amazonaws.com
-        eventName:
-            - UpdateAccountSendingEnabled
-    selection2:
-        eventSource: ses.amazonaws.com
-        eventName:
-            - VerifyEmailIdentity
-    timeframe: 5m
-    condition: selection1 and selection2
-falsepositives:
-    - Legitimate SES configuration activity
-level: medium
\ No newline at end of file