Skip to content

Commit

Permalink
Update SuspiciousAWSCLICommandExecution.yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
@4R9UN
4R9UN authored Sep 4, 2023
1 parent 6fa561c commit 5c9b27a
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions Detections/MultipleDataSources/SuspiciousAWSCLICommandExecution.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,5 +49,9 @@ entityMappings:
fieldMappings:
- identifier: Address
columnName: SourceIpAddress
customDetails:
SuspiciousCommand: commands
AWSUser: UserIdentityUserName
AWSUserIp: SourceIpAddress
kind: Scheduled
version: 1.0.0

0 comments on commit 5c9b27a

Please sign in to comment.