From c1dcd21531b68f9747c4cb4bc7960769805d96aa Mon Sep 17 00:00:00 2001
From: Anthony <109789828+anhuisec@users.noreply.github.com>
Date: Fri, 14 Jun 2024 04:52:54 +0800
Subject: [PATCH] Closes #2216 (#2855)

* Update privilege_escalation_sts_assumerole_usage.toml

* Update privilege_escalation_sts_assumerole_usage.toml

---------

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
Co-authored-by: Isai <59296946+imays11@users.noreply.github.com>
---
 .../aws/privilege_escalation_sts_assumerole_usage.toml        | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rules/integrations/aws/privilege_escalation_sts_assumerole_usage.toml b/rules/integrations/aws/privilege_escalation_sts_assumerole_usage.toml
index 1cc2fd23f..a829a60fe 100644
--- a/rules/integrations/aws/privilege_escalation_sts_assumerole_usage.toml
+++ b/rules/integrations/aws/privilege_escalation_sts_assumerole_usage.toml
@@ -2,6 +2,8 @@
 creation_date = "2021/05/17"
 integration = ["aws"]
 maturity = "production"
+min_stack_comments = "AWS integration breaking changes, bumping version to ^2.0.0"
+min_stack_version = "8.9.0"
 updated_date = "2024/05/21"
 
 [rule]
@@ -34,7 +36,7 @@ timestamp_override = "event.ingested"
 type = "query"
 
 query = '''
-event.dataset:aws.cloudtrail and event.provider:sts.amazonaws.com and event.action:AssumedRole and
+event.dataset:aws.cloudtrail and event.provider:sts.amazonaws.com and event.action:AssumeRole and
 aws.cloudtrail.user_identity.session_context.session_issuer.type:Role and event.outcome:success
 '''