Merge pull request #11522 from Azure/v-sabiraj-AWSrulenamechange

Updated the Rule name as it was duplicate
Azure · Dec 13, 2024 · 6cc0fed · 6cc0fed
2 parents f372d27 + 55bd6ea
commit 6cc0fed
Show file tree

Hide file tree

Showing 6 changed files with 481 additions and 512 deletions.
diff --git a/Solutions/Amazon Web Services/Analytic Rules/AWS_LogTampering.yaml b/Solutions/Amazon Web Services/Analytic Rules/AWS_LogTampering.yaml
@@ -1,5 +1,5 @@
 id: 633a91df-d031-4b6e-a413-607a61540559
-name: Changes made to AWS CloudTrail logs
+name: Tampering to AWS CloudTrail logs
 description: |
   'Attackers often try to hide their steps by deleting or stopping the collection of logs that could show their activity. 
   This alert identifies any manipulation of AWS CloudTrail, Cloudwatch/EventBridge or VPC Flow logs.
@@ -45,5 +45,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: SourceIpAddress
-version: 1.0.3
+version: 1.0.4
 kind: Scheduled
diff --git a/Solutions/Amazon Web Services/Data Connectors/AWS_WAF_CCP/AwsS3_WAF_PollingConfig.json b/Solutions/Amazon Web Services/Data Connectors/AWS_WAF_CCP/AwsS3_WAF_PollingConfig.json
@@ -12,38 +12,6 @@
 					"state": "enabled"
 				}
 			},
-            "auth": {
-                "type": "APIKey",
-                "ApiKey": "{{ApiToken}}",
-                "ApiKeyName": "Authorization",
-                "ApiKeyIdentifier": "Bearer"
-            },
-            "request": {
-                "apiEndpoint": "[[format('{0}/api/v1/signinattempts', {{baseUrl}})]",
-                "httpMethod": "Post",
-                "queryWindowInMin": 5,
-                "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-                "rateLimitQps": 1,
-                "retryCount": 3,
-                "timeoutInSeconds": 60,
-                "headers": {
-                    "Content-Type": "application/json"
-                },
-                "queryParametersTemplate": "{\"limit\": 1000, \"start_time\": \"{_QueryWindowStartTime}\", \"end_time\": \"{_QueryWindowEndTime}\" }",
-                "isPostPayloadJson": true
-            },
-            "response": {
-                "format": "json",
-                "eventsJsonPaths": [
-                    "$.items"
-                ]
-            },
-            "paging": {
-                "pagingType": "NextPageToken",
-                "nextPageParaName": "cursor",
-                "nextPageTokenJsonPath": "$.cursor",
-                "hasNextFlagJsonPath": "$.has_more"
-            },
 			"dcrConfig": {
 				"streamName": "SENTINEL_AWSWAF",
 				"dataCollectionEndpoint": "{{dataCollectionEndpoint}}",

diff --git a/Solutions/Amazon Web Services/Package/3.0.4.zip b/Solutions/Amazon Web Services/Package/3.0.4.zip
diff --git a/Solutions/Amazon Web Services/Package/createUiDefinition.json b/Solutions/Amazon Web Services/Package/createUiDefinition.json
@@ -552,7 +552,7 @@
           {
             "name": "analytic29",
             "type": "Microsoft.Common.Section",
-            "label": "Changes made to AWS CloudTrail logs",
+            "label": "Tampering to AWS CloudTrail logs",
             "elements": [
               {
                 "name": "analytic29-text",