Find unexpected and unanticipated activities, and use advanced detections to look for unfamiliar actions, as opposed to just known bad activities.
Article Type: Topic
- Detecting cloud federated credential abuse in AWSThis use case contains searches that detect abnormal processes that might indicate the extraction of federated directory objects.
- Detecting cloud federated credential abuse in WindowsThis use case contains searches that detect abnormal processes that might indicate the extraction of federated directory objects.
- Detecting insider threatsSplunk User Behavior Monitoring uses machine learning and your existing data in Splunk to find anomalies that may indicate malicious behavior, such as insider threat.
- Detecting privilege escalation in your AWS environmentThese searches are designed to uncover potentially malicious events in your AWS environment.
- Detecting unusual GCP service account usageHow to use Splunk to monitor how GCP usage changes over time, and to set up alerting mechanisms that will notify the security team when unexpected access occurs.
- Investigating interesting behavior patterns with risk-based alertingYou want a better way to work with interesting events without adding extra noise to your already noisy alert environment.