LoFP / new subnets added requiring routing setup

Techniques

• t1190

Sample rules

New Network Route Added

• source: sigma
• technicques:
  • t1190

Description

Detects the addition of a new network route to a route table in AWS.

Detection logic

condition: selection
selection:
  eventName: CreateRoute
  eventSource: ec2.amazonaws.com