[sync] added configuration required tags (#73) (#1095)

Co-authored-by: Ariel Ropek <[email protected]>
panther-labs · Feb 8, 2024 · f689228 · f689228
1 parent cb8274f
commit f689228
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 1 deletion.
diff --git a/rules/aws_cloudtrail_rules/aws_ecr_crud.yml b/rules/aws_cloudtrail_rules/aws_ecr_crud.yml
@@ -8,6 +8,7 @@ LogTypes:
 Tags:
   - AWS
   - Security Control
+  - Configuration Required
 Reports:
   CIS:
     - 3.12

diff --git a/rules/aws_cloudtrail_rules/aws_ecr_events.py b/rules/aws_cloudtrail_rules/aws_ecr_events.py
@@ -1,5 +1,6 @@
 from panther_base_helpers import aws_rule_context, deep_get
 
+# CONFIGURATION REQUIRED: Update with your expected AWS Accounts/Regions
 AWS_ACCOUNTS_AND_REGIONS = {
     "123456789012": {"us-west-1", "us-west-2"},
     "103456789012": {"us-east-1", "us-east-2"},

diff --git a/rules/aws_cloudtrail_rules/aws_ecr_events.yml b/rules/aws_cloudtrail_rules/aws_ecr_events.yml
@@ -8,10 +8,11 @@ LogTypes:
 Tags:
   - AWS
   - Security Control
+  - Configuration Required
 Reports:
   MITRE ATT&CK:
     - TA0005:T1535
-Severity: High
+Severity: Medium
 Description: An ECR event occurred outside of an expected account or region
 Runbook: https://docs.aws.amazon.com/AmazonECR/latest/userguide/logging-using-cloudtrail.html
 Reference: https://aws.amazon.com/blogs/containers/amazon-ecr-in-multi-account-and-multi-region-architectures/
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,6 +8,7 @@ LogTypes: @@
     Tags:
       - AWS
       - Security Control
+      - Configuration Required
     Reports:
       CIS:
         - 3.12
@@ Expand Down @@