From 7e1c918b4d3fa240a4dbf3624f1c9b2dfd04d817 Mon Sep 17 00:00:00 2001
From: toffeebr33k <51730572+toffeebr33k@users.noreply.github.com>
Date: Sun, 22 Nov 2020 00:32:59 +0800
Subject: [PATCH] Delete aws_enum_listing.yml

---
 rules/cloud/aws_enum_listing.yml | 20 --------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 rules/cloud/aws_enum_listing.yml

diff --git a/rules/cloud/aws_enum_listing.yml b/rules/cloud/aws_enum_listing.yml
deleted file mode 100644
index 7e79a4733..000000000
--- a/rules/cloud/aws_enum_listing.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-title: AWS Enumeration of Accounts 
-id: e9c14b23-47e2-4a8b-8a63-d36618e33d70 
-status: experimental
-description: Detects enumeration of accounts configuration via api call to list different instances and services within a short period of time.  
-author: toffeebr33k
-date: 2020/11/21
-logsource:
-    service: cloudtrail
-detection:
-    selection_eventname:
-        - eventName: list*
-    timeframe: 10m
-    condition: count() > 50 by userIdentity.arn 
-
-falsepositives:
-    - AWS Config or other configuration scanning activities
-level: low
-tags:
-    - attack.discovery
-    - attack.t1592