Delete aws_enum_listing.yml
This commit is contained in:
toffeebr33k
@@ -1,20 +0,0 @@
|
||||
title: AWS Enumeration of Accounts
|
||||
id: e9c14b23-47e2-4a8b-8a63-d36618e33d70
|
||||
status: experimental
|
||||
description: Detects enumeration of accounts configuration via api call to list different instances and services within a short period of time.
|
||||
author: toffeebr33k
|
||||
date: 2020/11/21
|
||||
logsource:
|
||||
service: cloudtrail
|
||||
detection:
|
||||
selection_eventname:
|
||||
- eventName: list*
|
||||
timeframe: 10m
|
||||
condition: count() > 50 by userIdentity.arn
|
||||
|
||||
falsepositives:
|
||||
- AWS Config or other configuration scanning activities
|
||||
level: low
|
||||
tags:
|
||||
- attack.discovery
|
||||
- attack.t1592
|
||||
Reference in New Issue
Block a user