From 5bdee0b4342b6fb981a4bbed74e00a1a29855286 Mon Sep 17 00:00:00 2001
From: "Andoni A." <14891798+andoniaf@users.noreply.github.com>
Date: Fri, 13 Feb 2026 15:00:24 +0100
Subject: [PATCH] feat: add Prowler detection coverage to ecs-006

Prowler PR #10066 added the ECS+ExecuteCommand privilege escalation
pattern, enabling detection of this path. Links to the specific commit
where the pattern was added.
---
 data/paths/ecs/ecs-006.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/data/paths/ecs/ecs-006.yaml b/data/paths/ecs/ecs-006.yaml
index 5b62a81..b581fb0 100644
--- a/data/paths/ecs/ecs-006.yaml
+++ b/data/paths/ecs/ecs-006.yaml
@@ -117,6 +117,9 @@ references:
   - title: "Monitor Amazon ECS containers with ECS Exec - AWS Documentation"
     url: "https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-exec.html"
 
+detectionTools:
+  prowler: https://github.com/prowler-cloud/prowler/blob/4f18bfc33cd2709ef3535e7c3ee0ad7ad72e8aa2/prowler/providers/aws/services/iam/lib/privilege_escalation.py#L258
+
 attackVisualization:
   nodes:
     - id: start