From cba78fc5e63ac37f71429fb12e35c8cfa0be11ee Mon Sep 17 00:00:00 2001
From: Austin Songer <austin@songer.pro>
Date: Sun, 8 Aug 2021 15:12:23 -0500
Subject: [PATCH] Update azure_container_registry_created_or_deleted.yml

---
 rules/cloud/azure_container_registry_created_or_deleted.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/rules/cloud/azure_container_registry_created_or_deleted.yml b/rules/cloud/azure_container_registry_created_or_deleted.yml
index 0bf949a24..4b8897bb0 100644
--- a/rules/cloud/azure_container_registry_created_or_deleted.yml
+++ b/rules/cloud/azure_container_registry_created_or_deleted.yml
@@ -5,7 +5,11 @@ author: Austin Songer
 status: experimental
 date: 2021/08/07
 references:
-    - https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
+    - https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftkubernetes
+    - https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/
+    - https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/
+    - https://medium.com/mitre-engenuity/att-ck-for-containers-now-available-4c2359654bf1
+    - https://attack.mitre.org/matrices/enterprise/cloud/
 logsource:
   service: azure.activitylogs
 detection: