From f7e7be15ba2c63b906d97cdce4e34d29322bc8ff Mon Sep 17 00:00:00 2001
From: Austin Songer <austin@songer.pro>
Date: Sun, 8 Aug 2021 15:12:04 -0500
Subject: [PATCH] Update
 azure_kubernetes_service_account_modified_or_deleted.yml

---
 .../azure_kubernetes_service_account_modified_or_deleted.yml  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rules/cloud/azure_kubernetes_service_account_modified_or_deleted.yml b/rules/cloud/azure_kubernetes_service_account_modified_or_deleted.yml
index ddae4ee55..2e89711eb 100644
--- a/rules/cloud/azure_kubernetes_service_account_modified_or_deleted.yml
+++ b/rules/cloud/azure_kubernetes_service_account_modified_or_deleted.yml
@@ -6,6 +6,10 @@ status: experimental
 date: 2021/08/07
 references:
     - https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftkubernetes
+    - https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/
+    - https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/
+    - https://medium.com/mitre-engenuity/att-ck-for-containers-now-available-4c2359654bf1
+    - https://attack.mitre.org/matrices/enterprise/cloud/
 logsource:
   service: azure.activitylogs
 detection: