Closed austinsonger closed 3 years ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
I'm just leaving a comment for activity.
Description
Identifies when an ElastiCache security group has been modified.
Required Info
Target indexes
filebeat-*, logs-aws*
Platforms
AWS Cloudtrail
Optional Info
Query
New fields required in ECS/data sources for this rule?
Related issues or PRs
False Positives
MITRE
ATTACK TACTIC Credential Access, Persistence
ATTACK TECHNIQUE Account Manipulation
References