From 1c0c29f45f554d65d30a1dfbf8fd9cb77c192546 Mon Sep 17 00:00:00 2001
From: TheLawsOfChaos <TheLawsOfChaos@users.noreply.github.com>
Date: Mon, 9 Jan 2023 15:35:00 -0500
Subject: [PATCH 1/2] Update azure_creating_number_of_resources_detection.yml

Added tactic and MITRE reference for technique.
---
 .../azure/azure_creating_number_of_resources_detection.yml      | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/rules/cloud/azure/azure_creating_number_of_resources_detection.yml b/rules/cloud/azure/azure_creating_number_of_resources_detection.yml
index 9a50bfbe2..62550fc0f 100644
--- a/rules/cloud/azure/azure_creating_number_of_resources_detection.yml
+++ b/rules/cloud/azure/azure_creating_number_of_resources_detection.yml
@@ -4,10 +4,12 @@ status: test
 description: Number of VM creations or deployment activities occur in Azure via the azureactivity log.
 references:
     - https://github.com/Azure/Azure-Sentinel/blob/e534407884b1ec5371efc9f76ead282176c9e8bb/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml
+    - https://attack.mitre.org/techniques/T1098/
 author: sawwinnnaung
 date: 2020/05/07
 modified: 2021/11/27
 tags:
+    - attack.persistence
     - attack.t1098
 logsource:
     product: azure

From 0e06d9e9b99769b3caeb098cf35d80598c7bee99 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Mon, 9 Jan 2023 22:21:21 +0100
Subject: [PATCH 2/2] fix: remove mitre link from the reference section

---
 .../cloud/azure/azure_creating_number_of_resources_detection.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/rules/cloud/azure/azure_creating_number_of_resources_detection.yml b/rules/cloud/azure/azure_creating_number_of_resources_detection.yml
index 62550fc0f..6d6a8c778 100644
--- a/rules/cloud/azure/azure_creating_number_of_resources_detection.yml
+++ b/rules/cloud/azure/azure_creating_number_of_resources_detection.yml
@@ -4,7 +4,6 @@ status: test
 description: Number of VM creations or deployment activities occur in Azure via the azureactivity log.
 references:
     - https://github.com/Azure/Azure-Sentinel/blob/e534407884b1ec5371efc9f76ead282176c9e8bb/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml
-    - https://attack.mitre.org/techniques/T1098/
 author: sawwinnnaung
 date: 2020/05/07
 modified: 2021/11/27