Azure
diff --git a/‎Solutions/Amazon Web Services/Analytic Rules/AWS_LogTampering.yaml‎
Lines changed: 2 additions & 2 deletions b/‎Solutions/Amazon Web Services/Analytic Rules/AWS_LogTampering.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎Solutions/Amazon Web Services/Data Connectors/AWS_WAF_CCP/AwsS3_WAF_PollingConfig.json‎
Lines changed: 0 additions & 32 deletions b/‎Solutions/Amazon Web Services/Data Connectors/AWS_WAF_CCP/AwsS3_WAF_PollingConfig.json‎
Lines changed: 0 additions & 32 deletions
diff --git a/‎Solutions/Amazon Web Services/Package/3.0.4.zip‎
63.9 KB b/‎Solutions/Amazon Web Services/Package/3.0.4.zip‎
63.9 KB
diff --git a/‎Solutions/Amazon Web Services/Package/createUiDefinition.json‎
Lines changed: 1 addition & 1 deletion b/‎Solutions/Amazon Web Services/Package/createUiDefinition.json‎
Lines changed: 1 addition & 1 deletion
@@ -1,5 +1,5 @@
 id: 633a91df-d031-4b6e-a413-607a61540559
-name: Changes made to AWS CloudTrail logs
+name: Tampering to AWS CloudTrail logs
 description: |
   'Attackers often try to hide their steps by deleting or stopping the collection of logs that could show their activity. 
   This alert identifies any manipulation of AWS CloudTrail, Cloudwatch/EventBridge or VPC Flow logs.
@@ -45,5 +45,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: SourceIpAddress
-version: 1.0.3
+version: 1.0.4
 kind: Scheduled
@@ -12,38 +12,6 @@
 					"state": "enabled"
 				}
 			},
-            "auth": {
-                "type": "APIKey",
-                "ApiKey": "{{ApiToken}}",
-                "ApiKeyName": "Authorization",
-                "ApiKeyIdentifier": "Bearer"
-            },
-            "request": {
-                "apiEndpoint": "[[format('{0}/api/v1/signinattempts', {{baseUrl}})]",
-                "httpMethod": "Post",
-                "queryWindowInMin": 5,
-                "queryTimeFormat": "yyyy-MM-ddTHH:mm:ssZ",
-                "rateLimitQps": 1,
-                "retryCount": 3,
-                "timeoutInSeconds": 60,
-                "headers": {
-                    "Content-Type": "application/json"
-                },
-                "queryParametersTemplate": "{\"limit\": 1000, \"start_time\": \"{_QueryWindowStartTime}\", \"end_time\": \"{_QueryWindowEndTime}\" }",
-                "isPostPayloadJson": true
-            },
-            "response": {
-                "format": "json",
-                "eventsJsonPaths": [
-                    "$.items"
-                ]
-            },
-            "paging": {
-                "pagingType": "NextPageToken",
-                "nextPageParaName": "cursor",
-                "nextPageTokenJsonPath": "$.cursor",
-                "hasNextFlagJsonPath": "$.has_more"
-            },
 			"dcrConfig": {
 				"streamName": "SENTINEL_AWSWAF",
 				"dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
 
@@ -552,7 +552,7 @@
           {
             "name": "analytic29",
             "type": "Microsoft.Common.Section",
-            "label": "Changes made to AWS CloudTrail logs",
+            "label": "Tampering to AWS CloudTrail logs",
             "elements": [
               {
                 "name": "analytic29-text",
Original file line number	Diff line number	Diff line change
`@@ -552,7 +552,7 @@`
`552`	`552`	`{`
`553`	`553`	`"name": "analytic29",`
`554`	`554`	`"type": "Microsoft.Common.Section",`
`555`		`- "label": "Changes made to AWS CloudTrail logs",`
	`555`	`+ "label": "Tampering to AWS CloudTrail logs",`
`556`	`556`	`"elements": [`
`557`	`557`	`{`
`558`	`558`	`"name": "analytic29-text",`