Update aws_pass_role_to_lambda_function.yml
This commit is contained in:
Austin Songer
@@ -10,15 +10,12 @@ logsource:
|
||||
service: cloudtrail
|
||||
detection:
|
||||
selection1:
|
||||
eventSource: iam.amazonaws.com
|
||||
eventName: PassRole
|
||||
selection2:
|
||||
eventSource: lambda.amazonaws.com
|
||||
eventName: CreateFunction
|
||||
selection3:
|
||||
selection2:
|
||||
eventSource: lambda.amazonaws.com
|
||||
eventName: InvokeFunction
|
||||
condition: selection1 and selection2 and selection3
|
||||
condition: selection1 and selection2
|
||||
level: low
|
||||
tags:
|
||||
- attack.privilege_escalation
|
||||
|
||||
Reference in New Issue
Block a user