LoFP
/
T1648
T1648
Title
Tags
lambda function owners may add layers to their functions for legitimate purposes.
T1648
aws
elastic
legitimate changes to lambda functions can trigger this signal. ensure that the changes are authorized and align with your organization's policies.
T1648
rules_building_block
elastic
verify whether the user identity should be using the triggered api. if known behavior is causing false positives, it can be exempted from the rule. the \"history_window_start\" value can be modified to reflect the expected frequency of known activity within a particular environment.
T1648
aws
elastic
LoFP
/
T1648