valid change in a trail

source: <a href=https://github.com/SigmaHQ/sigma/blob/master/rules/cloud/aws/cloudtrail/aws_cloudtrail_disable_logging.yml>sigma
technicques: t1562 t1562.001

Techniques

Detects disabling, deleting and updating of a Trail

condition: selection_source
selection_source:
  eventName:
  - StopLogging
  - UpdateTrail
  - DeleteTrail
  eventSource: cloudtrail.amazonaws.com