panther-labs · arielkr256 · Aug 26, 2024 · Aug 26, 2024
diff --git a/rules/aws_cloudtrail_rules/aws_cloudtrail_account_discovery.yml b/rules/aws_cloudtrail_rules/aws_cloudtrail_account_discovery.yml
@@ -8,6 +8,7 @@ Reports:
   MITRE ATT&CK:
     - TA0007:T1087
 Severity: Info
+CreateAlert: false
 Tests:
   - ExpectedResult: true
     Log:

diff --git a/rules/aws_cloudtrail_rules/aws_unauthorized_api_call.yml b/rules/aws_cloudtrail_rules/aws_unauthorized_api_call.yml
@@ -15,6 +15,7 @@ Reports:
   MITRE ATT&CK:
     - TA0007:T1526
 Severity: Info
+CreateAlert: false
 Description: An unauthorized AWS API call was made
 Runbook: https://docs.runpanther.io/alert-runbooks/built-in-rules/aws-unauthorized-api-call
 Reference: https://amzn.to/3aOukaA

diff --git a/rules/aws_eks_rules/system_namespace_public_ip.yml b/rules/aws_eks_rules/system_namespace_public_ip.yml
@@ -12,6 +12,7 @@ Reports:
     - "TA0027:T1475" # Tactic ID:Technique ID (https://attack.mitre.org/tactics/enterprise/)
 Reference: https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html
 Severity: Info
+CreateAlert: false
 Description: >
   This detection identifies if an activity is recorded in the Kubernetes audit log where
   the user:username attribute begins with "system:" or "eks:" and the requests originating