[Rule Tuning] AWS Route Table Created
leandrojmp opened this issue · comments
Link to rule
Description
This rules looks for the actions CreateRoute and CreateRouteTable with the event.provider as cloudtrail.amazonaws.com, but those actions are EC2 actions, so the provider will be ec2.amazonaws.com.
WIth its currents filter it seems that this rule will never trigger.
Example Data
Current filter with event.provider as cloudtrail.amazonaws.com
Using event.provider as ec2.amazonaws.com
