Detecting suspicious activities within AWS cloud instances
Monitoring your cloud infrastructure logs allows you enable governance, compliance, and risk auditing. In addition to compromising the security of your data, when bad actors leverage your compute resources, it can incur costs since you will be billed for any new instances and increased bandwidth usage.
You need to monitor your cloud instances for behaviors that might indicate that malicious activities are occurring somewhere within your cloud environment.
Data required
How to use Splunk software for this use case
Next steps
Splunk Enterprise Security provides a number of other searches to help reinforce your cloud security posture, including:
- Detecting AWS suspicious provisioning activities
- Monitoring user activity spikes in AWS
- Monitoring AWS S3 for suspicious activities