Behavior Analysis

Find unexpected and unanticipated activities, and use advanced detections to look for unfamiliar actions, as opposed to just known bad activities.

Detecting AWS suspicious provisioning activitiesThese searches allow you to detect adversaries as they begin to probe your AWS environment.
Detecting masqueradingMasquerading is quite common with some utilities because the existence of that utility on certain systems may trigger alarms for organizations. Here's how to detect it.
Finding Windows audit log tamperingHow to use Splunk software to find out if Windows audit logs have been tampered so you can then check if that action was legitimate.
Monitoring user activity spikes in AWSYou can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.