From 2ae55613941120fecea2590fb9df8046ffe739e7 Mon Sep 17 00:00:00 2001
From: Nick Hakmiller <49166439+nhakmiller@users.noreply.github.com>
Date: Thu, 25 Jul 2024 13:09:31 -0700
Subject: [PATCH] Bump rate minutes more (#1302)

* bump rate minutes more

* Reduce RateMinutes to account for 45-min log latency

---------

Co-authored-by: Nicholas Hakmiller <nhakmiller@us-y9c2m6yxj7.local.meter>
Co-authored-by: ben-githubs <38414634+ben-githubs@users.noreply.github.com>
---
 .../aws_potentially_compromised_service_role.yml              | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/correlation_rules/aws_potentially_compromised_service_role.yml b/correlation_rules/aws_potentially_compromised_service_role.yml
index 38bf53ebd..1d2c78a7c 100644
--- a/correlation_rules/aws_potentially_compromised_service_role.yml
+++ b/correlation_rules/aws_potentially_compromised_service_role.yml
@@ -22,8 +22,8 @@ Detection:
         Match:
           - On: requestParameters.roleArn
     Schedule:
-      RateMinutes: 360
-      TimeoutMinutes: 15
+      RateMinutes: 685
+      TimeoutMinutes: 20
     LookbackWindowMinutes: 720
 Tests:
     - Name: Role Assumed By Service, Followed By Role Assumed By User