diff --git a/docs/cloud-native-security/kspm-get-started.asciidoc b/docs/cloud-native-security/kspm-get-started.asciidoc index 92a9df793c..04bcf911a5 100644 --- a/docs/cloud-native-security/kspm-get-started.asciidoc +++ b/docs/cloud-native-security/kspm-get-started.asciidoc @@ -158,7 +158,7 @@ You can use the AWS CLI to generate temporary credentials. For example, you coul [source,console] ---------------------------------- -`sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@example.com --duration-seconds 129600 --token-code 123456` +`sts get-session-token --serial-number arn:aws:iam::1234:mfa/your-email@ --duration-seconds 129600 --token-code 123456` ---------------------------------- The output from this command includes the following fields, which you should provide when configuring the KSPM integration: diff --git a/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc b/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc index 3446d8a4e9..72240746ac 100644 --- a/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc +++ b/docs/detections/prebuilt-rules/rule-details/multiple-vault-web-credentials-read.asciidoc @@ -62,12 +62,12 @@ sequence by winlog.computer_name, winlog.process.pid with maxspan=1s [any where event.code : "5382" and (winlog.event_data.SchemaFriendlyName : "Windows Web Password Credential" and winlog.event_data.Resource : "http*") and not winlog.event_data.SubjectLogonId : "0x3e7" and - not winlog.event_data.Resource : "http://localhost/"] + not winlog.event_data.Resource : ""] [any where event.code : "5382" and (winlog.event_data.SchemaFriendlyName : "Windows Web Password Credential" and winlog.event_data.Resource : "http*") and not winlog.event_data.SubjectLogonId : "0x3e7" and - not winlog.event_data.Resource : "http://localhost/"] + not winlog.event_data.Resource : ""] ----------------------------------