Add `PutEventSelectors` to cloudtrail_critical_api_calls.py
KevinHock opened this issue · 1 comments
KevinHock commented
Description
See https://github.com/RhinoSecurityLabs/Cloud-Security-Research/tree/master/AWS/cloudtrail_guardduty_bypass for why cloudtrail:PutEventSelectors
is important.
Desired Change
Presumably, add PutEventSelectors
to the set in cloudtrail_critical_api_calls.py
https://github.com/airbnb/streamalert/blob/master/rules/community/cloudwatch_events/cloudtrail_critical_api_calls.py#L12-L15
ryandeivert commented
address in #1303