LoFP LoFP / system or network administrator behaviors

Techniques

Sample rules

AWS SecurityHub Findings Evasion

Description

Detects the modification of the findings on SecurityHub.

Detection logic

condition: selection
selection:
  eventName:
  - BatchUpdateFindings
  - DeleteInsight
  - UpdateFindings
  - UpdateInsight
  eventSource: securityhub.amazonaws.com