security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Hunt Tuning] Fixing Sort Logic in Aviatrix Hunting Query (#4432)

Browse Source 
* fixing sort logic error

* Update hunting/aws/queries/iam_unusual_default_aviatrix_role_activity.toml

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>

---------

Co-authored-by: Ruben Groenewoud <78494512+Aegrah@users.noreply.github.com>
This commit is contained in:
Terrance DeJesus
2025-02-03 21:43:02 -05:00
committed by GitHub
parent 1dfb05ec1c
commit f1dee060b6
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hunting/aws/docs/iam_unusual_default_aviatrix_role_activity.md
+1 -1
View File
@@ -22,7 +22,7 @@ from logs-aws.cloudtrail-*
and aws.cloudtrail.user_identity.arn like "*aviatrix-role*"
| stats activity_counts = count(*) by event.provider, event.action, aws.cloudtrail.user_identity.arn
| where activity_counts < 10
| sort by activity_counts asc
| sort activity_counts asc
```
## Notes
hunting/aws/queries/iam_unusual_default_aviatrix_role_activity.toml
+2 -2
View File
@@ -25,5 +25,5 @@ from logs-aws.cloudtrail-*
and aws.cloudtrail.user_identity.arn like "*aviatrix-role*"
| stats activity_counts = count(*) by event.provider, event.action, aws.cloudtrail.user_identity.arn
| where activity_counts < 10
| sort by activity_counts asc
''']
| sort activity_counts asc
''']