From e764ca687ae149c591fe189dbd121eb801522b01 Mon Sep 17 00:00:00 2001
From: toffeebr33k <51730572+toffeebr33k@users.noreply.github.com>
Date: Sun, 22 Nov 2020 00:50:34 +0800
Subject: [PATCH] Update aws_enum_listing.yml

---
 rules/cloud/aws_enum_listing.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/cloud/aws_enum_listing.yml b/rules/cloud/aws_enum_listing.yml
index 19e1e3e27..c4e8eb459 100644
--- a/rules/cloud/aws_enum_listing.yml
+++ b/rules/cloud/aws_enum_listing.yml
@@ -10,7 +10,7 @@ detection:
     selection_eventname:
         - eventName: list*
     timeframe: 10m
-    condition: count() > 50 by userIdentity.arn 
+    condition: count() by userIdentity.arn > 50  
 
 falsepositives:
     - AWS Config or other configuration scanning activities