Update credential_access_new_terms_secretsmanager_getsecretvalue.toml

Author: Samirbous

rules/integrations/aws/credential_access_new_terms_secretsmanager_getsecretvalue.toml

@@ -2,7 +2,7 @@
 creation_date = "2020/07/06"
 integration = ["aws"]
 maturity = "production"
-updated_date = "2025/08/18"
+updated_date = "2025/12/12"
 
 [rule]
 author = ["Nick Jones", "Elastic"]
@@ -97,7 +97,7 @@ type = "new_terms"
 query = '''
 event.dataset:aws.cloudtrail and event.provider:secretsmanager.amazonaws.com and
     event.action: (GetSecretValue or BatchGetSecretValue) and event.outcome:success and
-    not user_agent.name: ("Chrome" or "Firefox" or "Safari" or "Edge" or "Brave" or "Opera")
+    not user_agent.name: ("Chrome" or "Firefox" or "Safari" or "Edge" or "Brave" or "Opera" or "Boto3")
 '''
 
 [rule.investigation_fields]