access Cloudflare credentials

rule:
  meta:
    name: access Cloudflare credentials
    namespace: collection/cloud/other
    authors:
      - maximemorin@google.com
    scopes:
      static: function
      dynamic: span of calls
    att&ck:
      - Credential Access::Unsecured Credentials::Credentials In Files [T1552.001]
    references:
      - https://unit42.paloaltonetworks.com/teamtnt-operations-cloud-environments/
  features:
    - or:
      - string: "/etc/cloudflared/config.yml"