Created
May 1, 2020 23:20
-
-
Save 0xtf/981215a85eab69c7ac2b9a7b34b90bdc to your computer and use it in GitHub Desktop.
example output of rule with overrides and cloudtrail mapping
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| python3 sigmac -c config/ecs-cloudtrail.yml -t es-qs ../rules/cloud/aws_ec2_vm_export_failure.yml | |
| ((event.action:"CreateInstanceExportTask" AND event.provider:"ec2.amazonaws.com") AND event.outcome:failure) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment