Behavior Analysis and Machine Learning
Article Type: Topic
- Detecting AWS cross-account activitySince AWS CloudTrail tracks cross-account activity to its origin, you can run searches that will help you monitor your AWS CloudTrail logs for evidence of suspicious activity.
- Detecting AWS suspicious provisioning activitiesThese searches allow you to detect adversaries as they begin to probe your AWS environment.
- Detecting cloud federated credential abuse in AWSThis use case contains searches that detect abnormal processes that might indicate the extraction of federated directory objects.
- Detecting cloud federated credential abuse in WindowsThis use case contains searches that detect abnormal processes that might indicate the extraction of federated directory objects.
- Detecting Google Cloud Platform cross-account activityThese searches are designed to help you monitor your GCP Audit logs logs for evidence of suspicious cross-account activity.
- Detecting lateral movement with Active Directory dataHow to use Splunk software and Active Directory data to find compromised hosts, search for indicators of compromise and hunt for lateral movement.
- Detecting masqueradingMasquerading is quite common with some utilities because the existence of that utility on certain systems may trigger alarms for organizations. Here's how to detect it.
- Detecting privilege escalation in your AWS environmentThese searches are designed to uncover potentially malicious events in your AWS environment.
- Detecting suspicious activities within cloud instancesThese searches help you identify, respond to, and investigate suspicious activities in your cloud compute instances.
- Detecting unusual GCP service account usageHow to use Splunk to monitor how GCP usage changes over time, and to set up alerting mechanisms that will notify the security team when unexpected access occurs.
- Finding Windows audit log tamperingHow to use Splunk software to find out if Windows audit logs have been tampered so you can then check if that action was legitimate.
- Monitoring AWS and AWS Elastic Compute Cloud (EC2) for suspicious login activitiesThese searches will help you detect suspicious logins to your AWS infrastructure.
- Monitoring user activity spikes in AWSYou can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.