LoFP / dev, uat, sat environment. you should apply this rule with prod environment only.

Techniques

t1562

Sample rules

AWS SecurityHub Findings Evasion

source: sigma
technicques:
- t1562

Description

Detects the modification of the findings on SecurityHub.

Detection logic

condition: selection
selection:
  eventName:
  - BatchUpdateFindings
  - DeleteInsight
  - UpdateFindings
  - UpdateInsight
  eventSource: securityhub.amazonaws.com