Find unexpected and unanticipated activities, and use advanced detections to look for unfamiliar actions, as opposed to just known bad activities.
Article Type: Topic
- Detecting AWS suspicious provisioning activitiesThese searches allow you to detect adversaries as they begin to probe your AWS environment.
- Detecting masqueradingMasquerading is quite common with some utilities because the existence of that utility on certain systems may trigger alarms for organizations. Here's how to detect it.
- Finding Windows audit log tamperingHow to use Splunk software to find out if Windows audit logs have been tampered so you can then check if that action was legitimate.
- Monitoring user activity spikes in AWSYou can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.