Fixed typos in descriptions
This commit is contained in:
Родитель
29b4ddd182
Коммит
8e5f72c992
|
@ -2,7 +2,7 @@ id: 0ee2aafb-4500-4e36-bcb1-e90eec2f0b9b
|
|||
name: NRT Login to AWS Management Console without MFA
|
||||
description: |
|
||||
'Multi-Factor Authentication (MFA) helps you to prevent credential compromise. This alert identifies logins to the AWS Management Console without MFA.
|
||||
You can limit this detection to trigger for adminsitrative accounts if you do not have MFA enabled on all accounts.
|
||||
You can limit this detection to trigger for administrative accounts if you do not have MFA enabled on all accounts.
|
||||
This is done by looking at the eventName ConsoleLogin and if the AdditionalEventData field indicates MFA was NOT used
|
||||
and the ResponseElements field indicates NOT a Failure. Thereby indicating that a non-MFA login was successful.'
|
||||
severity: Low
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: 3617d76d-b15e-4c6f-985e-a1dac73c592d
|
||||
name: NRT MFA Rejected by User
|
||||
description: |
|
||||
'Identifies accurances where a user has rejected an MFA prompt. This could be an indicator that a threat actor has compromised the username and password of this user account and is using it to try and log into the account.
|
||||
'Identifies occurrences where a user has rejected an MFA prompt. This could be an indicator that a threat actor has compromised the username and password of this user account and is using it to try and log into the account.
|
||||
Ref : https://docs.microsoft.com/azure/active-directory/fundamentals/security-operations-user-accounts#monitoring-for-failed-unusual-sign-ins'
|
||||
severity: Medium
|
||||
requiredDataConnectors:
|
||||
|
|
Загрузка…
Ссылка в новой задаче