From 69973cdcc0c60e612743ec57694f8618bab80cfe Mon Sep 17 00:00:00 2001 From: Sergio Garcia Date: Tue, 26 Mar 2024 15:12:29 +0100 Subject: [PATCH] add docs --- docs/tutorials/configuration_file.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/tutorials/configuration_file.md b/docs/tutorials/configuration_file.md index df150c0ad4..87603c4edb 100644 --- a/docs/tutorials/configuration_file.md +++ b/docs/tutorials/configuration_file.md @@ -33,7 +33,10 @@ The following list includes all the AWS checks with configurable variables that | `drs_job_exist` | `mute_non_default_regions` | Boolean | | `guardduty_is_enabled` | `mute_non_default_regions` | Boolean | | `securityhub_enabled` | `mute_non_default_regions` | Boolean | - +| `cloudtrail_threat_detector_privilege_escalation` | `threat_detection_entropy` | Integer | +| `cloudtrail_threat_detector_privilege_escalation` | `threat_detection_days` | Integer | +| `cloudtrail_threat_detector_enumeration` | `threat_detection_entropy` | Integer | +| `cloudtrail_threat_detector_enumeration` | `threat_detection_days` | Integer | ## Azure ### Configurable Checks @@ -101,6 +104,12 @@ aws: # aws.cloudwatch_log_group_retention_policy_specific_days_enabled --> by default is 365 days log_group_retention_days: 365 + # AWS CloudTrail Configuration + # aws.cloudtrail_threat_detector_privilege_escalation + # aws.cloudtrail_threat_detector_enumeration + threat_detection_entropy: 0.7 # 70% of actions found to decide if it is an attack event + threat_detection_days: 1 + # AWS AppStream Session Configuration # aws.appstream_fleet_session_idle_disconnect_timeout max_idle_disconnect_timeout_in_seconds: 600 # 10 Minutes