minor fixes (#21)

events/ACMPCA/GetCertificate.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1040 - Network Sniffing"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1119 - Automated Collection",

events/ACMPCA/IssueCertificate.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1040 - Network Sniffing"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1078- Valid Accounts",

events/AppSync/CreateApiKey.json

@@ -11,9 +11,7 @@
         "T1578 - Modify Cloud Compute Infrastructure",
         "T1556 - Modify Authentication Process"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1078 - Valid Accounts",

events/AppSync/GetIntrospectionSchema.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1526 - Cloud Service Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1087 - Account Discovery",

events/AppSync/UpdateGraphqlApi.json

@@ -11,9 +11,7 @@
         "T1578 - Modify Cloud Compute Infrastructure",
         "T1556 - Modify Authentication Process"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1136 - Create Account",

events/AppSync/UpdateResolver.json

@@ -11,12 +11,10 @@
         "T1578 - Modify Cloud Compute Infrastructure",
         "T1556 - Modify Authentication Process"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
-            "technique":  "T1136 - Create Account",
+            "technique": "T1136 - Create Account",
             "reason": "Using the UpdateResolver API, an adversary can manipulate the AppSync resolver to create new user accounts with specific roles or permissions, enabling persistent access to the AWS environment."
         },
         {

events/Athena/GetQueryResults.json

@@ -7,11 +7,9 @@
         "TA0007 - Discovery"
     ],
     "mitreAttackTechniques": [
-        "T1580 - Cloud Infrastructure Discovery"        
-    ],
-    "mitreAttackSubTechniques": [
-
+        "T1580 - Cloud Infrastructure Discovery"
     ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1082 - System Information Discovery",

events/Bedrock/CreateFoundationModelAgreement.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1496 - Resource Hijacking"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1098 - Account Manipulation",

events/Bedrock/GetFoundationModelAvailability.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1580 - Cloud Infrastructure Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1082 - System Information Discovery",

events/Bedrock/GetModelInvocationLoggingConfiguration.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1580 - Cloud Infrastructure Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1070 - Indicator Removal",

events/Bedrock/GetUseCaseForModelAccess.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1580 - Cloud Infrastructure Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1078 - Valid Accounts: Cloud Accounts",

events/Bedrock/InvokeModel.json

@@ -11,9 +11,7 @@
         "T1580 - Cloud Infrastructure Discovery",
         "T1496 - Resource Hijacking"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1020 - Automated Exfiltration",

events/Bedrock/InvokeModelWithResponseStream.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1496 - Resource Hijacking"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1059 - Command and Scripting Interpreter",

events/Bedrock/ListFoundationModelAgreementOffers.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1580 - Cloud Infrastructure Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1591.002 - Gather Victim Org Information: Business Relationships",

events/Bedrock/ListFoundationModels.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1580 - Cloud Infrastructure Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1087 - Account Discovery",

events/Bedrock/ListProvisionedModelThroughputs.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1580 - Cloud Infrastructure Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1087.004 - Cloud Account",

events/Bedrock/PutFoundationModelEntitlement.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1496 - Resource Hijacking"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1098 - Account Manipulation",

events/Bedrock/PutUseCaseForModelAccess.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1496 - Resource Hijacking"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1078 - Valid Accounts",

events/CloudFormation/CreateStack.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1496 - Resource Hijacking"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1136 - Create Account",

events/CloudFront/CreateFunction2020_05_31.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1119 - Automated Collection"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1059 - Command and Scripting Interpreter",

events/CloudFront/PublishFunction2020_05_31.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1119 - Automated Collection"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1560 - Archive Collected Data",

events/CloudFront/UpdateDistribution2020_05_31.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1119 - Automated Collection"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1070 - Indicator Removal",

events/CloudTrail/LookupEvents.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1654 - Log Enumeration"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1087 - Account Discovery",

events/CloudTrail/UpdateTrail.json

@@ -23,7 +23,7 @@
         },
         {
             "technique": "T1537 - Transfer Data to Cloud Account",
-            "reason" : "Updating trail settings could facilitate the transfer of logs or sensitive data to an attacker-controlled cloud account for exfiltration."
+            "reason": "Updating trail settings could facilitate the transfer of logs or sensitive data to an attacker-controlled cloud account for exfiltration."
         }
     ],
     "usedInWild": true,

events/CloudWatch/DeleteLogStream.json

@@ -19,7 +19,7 @@
         },
         {
             "technique": "T1485 - Data Destruction",
-            "reason": "The permanent deletion of archived log events constitutes data destruction, impacting the organization’s ability to conduct forensic analysis and understand the scope of an attack."
+            "reason": "The permanent deletion of archived log events constitutes data destruction, impacting the organization\u2019s ability to conduct forensic analysis and understand the scope of an attack."
         }
     ],
     "usedInWild": false,

events/CloudWatch/DescribeLogGroups.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1580 - Cloud Infrastructure Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1007 - System Service Discovery",

events/CloudWatch/DescribeLogStreams.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1580 - Cloud Infrastructure Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1087 - Account Discovery",

events/CloudWatch/DescribeSubscriptionFilters.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1580 - Cloud Infrastructure Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1087 - Account Discovery",

events/CloudWatch/GetLogRecord.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1580 - Cloud Infrastructure Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1087.004 - Account Discovery: Cloud Account",

events/Cognito/GetCredentialsForIdentity.json

@@ -21,7 +21,7 @@
             "reason": "Attackers may use credentials obtained from this API to generate session tokens or cookies for web sessions."
         },
         {
-            "technique":  "T1212: Exploitation for Credential Access",
+            "technique": "T1212: Exploitation for Credential Access",
             "reason": "Exploiting the GetCredentialsForIdentity API call can be a direct method to gain credentials."
         },
         {

events/CostExplorer/GetCostAndUsage.json

@@ -9,9 +9,7 @@
     "mitreAttackTechniques": [
         "T1526 - Cloud Service Discovery"
     ],
-    "mitreAttackSubTechniques": [
-
-    ],
+    "mitreAttackSubTechniques": [],
     "unverifiedMitreAttackTechniques": [
         {
             "technique": "T1082 - System Information Discovery",