[Security Content] Add Investigation Guides - Cloud - 2#2124
Merged
Conversation
w0rk3r
added
Integration: AWS
w0rk3r
requested review from
DefSecSentinel,
Mikaayenson,
brokensound77,
imays11,
joepeeples,
nastasha-solomon and
terrancedejesus
terrancedejesus
approved these changes
Jul 19, 2022
Contributor
terrancedejesus
left a comment
terrancedejesus
left a comment
There was a problem hiding this comment.
Wow, great work!
benironside
reviewed
Jul 19, 2022
Contributor
benironside
left a comment
benironside
left a comment
There was a problem hiding this comment.
Overall, it looks great! I left a lot of suggestions, I hope they are helpful. Please feel free to let me know if you have any questions.
w0rk3r
added a commit
that referenced
this pull request
Jul 20, 2022
w0rk3r
added a commit
that referenced
this pull request
Jul 20, 2022
* [Security Content] Add Investigation Guides to Cloud Rules - AWS * Apply suggestion from review * Update rules/integrations/aws/exfiltration_ec2_snapshot_change_activity.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/aws/impact_cloudwatch_log_stream_deletion.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Apply suggestions from review * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * . * Applies suggestions from the #2124 PR Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
protectionsmachine
pushed a commit
that referenced
this pull request
Jul 20, 2022
* [Security Content] Add Investigation Guides to Cloud Rules - AWS * Apply suggestion from review * Update rules/integrations/aws/exfiltration_ec2_snapshot_change_activity.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/aws/impact_cloudwatch_log_stream_deletion.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Apply suggestions from review * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * . * Applies suggestions from the #2124 PR Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> (cherry picked from commit d854b94)
protectionsmachine
pushed a commit
that referenced
this pull request
Jul 20, 2022
* [Security Content] Add Investigation Guides to Cloud Rules - AWS * Apply suggestion from review * Update rules/integrations/aws/exfiltration_ec2_snapshot_change_activity.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/aws/impact_cloudwatch_log_stream_deletion.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Apply suggestions from review * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * . * Applies suggestions from the #2124 PR Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> (cherry picked from commit d854b94)
protectionsmachine
pushed a commit
that referenced
this pull request
Jul 20, 2022
* [Security Content] Add Investigation Guides to Cloud Rules - AWS * Apply suggestion from review * Update rules/integrations/aws/exfiltration_ec2_snapshot_change_activity.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/aws/impact_cloudwatch_log_stream_deletion.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Apply suggestions from review * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * . * Applies suggestions from the #2124 PR Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> (cherry picked from commit d854b94)
protectionsmachine
pushed a commit
that referenced
this pull request
Jul 20, 2022
* [Security Content] Add Investigation Guides to Cloud Rules - AWS * Apply suggestion from review * Update rules/integrations/aws/exfiltration_ec2_snapshot_change_activity.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/aws/impact_cloudwatch_log_stream_deletion.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Apply suggestions from review * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * . * Applies suggestions from the #2124 PR Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> (cherry picked from commit d854b94)
protectionsmachine
pushed a commit
that referenced
this pull request
Jul 20, 2022
* [Security Content] Add Investigation Guides to Cloud Rules - AWS * Apply suggestion from review * Update rules/integrations/aws/exfiltration_ec2_snapshot_change_activity.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Update rules/integrations/aws/impact_cloudwatch_log_stream_deletion.toml Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> * Apply suggestions from review * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> * . * Applies suggestions from the #2124 PR Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com> Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com> (cherry picked from commit d854b94)
Contributor
Author
|
Hey @benironside thanks for the review. @joepeeples @nastasha-solomon @benironside can I have a final round to be ready for merge? |
Member
nastasha-solomon
left a comment
nastasha-solomon
left a comment
There was a problem hiding this comment.
Left a handful of comments for your consideration and one question. Thanks for writing all of this @w0rk3r !
nastasha-solomon
approved these changes
Jul 22, 2022
Member
nastasha-solomon
left a comment
nastasha-solomon
left a comment
There was a problem hiding this comment.
Left a handful of super minor edits for your consideration. Thanks again for all your help on this @w0rk3r !
Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com>
protectionsmachine
pushed a commit
that referenced
this pull request
Jul 22, 2022
* [Security Content] Add Investigation Guides - Cloud - 2 * Replace config/setup * Applies suggestions from review * Update credential_access_aws_iam_assume_role_brute_force.toml * Apply suggestions from code review * Update credential_access_aws_iam_assume_role_brute_force.toml * Apply suggestions from code review Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> (cherry picked from commit 7ddae4b)
protectionsmachine
pushed a commit
that referenced
this pull request
Jul 22, 2022
* [Security Content] Add Investigation Guides - Cloud - 2 * Replace config/setup * Applies suggestions from review * Update credential_access_aws_iam_assume_role_brute_force.toml * Apply suggestions from code review * Update credential_access_aws_iam_assume_role_brute_force.toml * Apply suggestions from code review Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> (cherry picked from commit 7ddae4b)
protectionsmachine
pushed a commit
that referenced
this pull request
Jul 22, 2022
* [Security Content] Add Investigation Guides - Cloud - 2 * Replace config/setup * Applies suggestions from review * Update credential_access_aws_iam_assume_role_brute_force.toml * Apply suggestions from code review * Update credential_access_aws_iam_assume_role_brute_force.toml * Apply suggestions from code review Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> (cherry picked from commit 7ddae4b)
protectionsmachine
pushed a commit
that referenced
this pull request
Jul 22, 2022
* [Security Content] Add Investigation Guides - Cloud - 2 * Replace config/setup * Applies suggestions from review * Update credential_access_aws_iam_assume_role_brute_force.toml * Apply suggestions from code review * Update credential_access_aws_iam_assume_role_brute_force.toml * Apply suggestions from code review Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> (cherry picked from commit 7ddae4b)
protectionsmachine
pushed a commit
that referenced
this pull request
Jul 22, 2022
* [Security Content] Add Investigation Guides - Cloud - 2 * Replace config/setup * Applies suggestions from review * Update credential_access_aws_iam_assume_role_brute_force.toml * Apply suggestions from code review * Update credential_access_aws_iam_assume_role_brute_force.toml * Apply suggestions from code review Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> Co-authored-by: nastasha-solomon <79124755+nastasha-solomon@users.noreply.github.com> (cherry picked from commit 7ddae4b)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Add Investigation Guides to the following cloud rules: