Behavior Analysis
Find unexpected and unanticipated activities, and use advanced detections to look for unfamiliar actions, as opposed to just known bad activities.
Article Type: Topic
- Detecting AWS suspicious provisioning activitiesThese searches allow you to detect adversaries as they begin to probe your AWS environment.
- Detecting cloud federated credential abuse in AWSThis use case contains searches that detect abnormal processes that might indicate the extraction of federated directory objects.
- Detecting cloud federated credential abuse in WindowsThis use case contains searches that detect abnormal processes that might indicate the extraction of federated directory objects.
- Detecting Google Cloud Platform cross-account activityThese searches are designed to help you monitor your GCP Audit logs logs for evidence of suspicious cross-account activity.
- Detecting masqueradingMasquerading is quite common with some utilities because the existence of that utility on certain systems may trigger alarms for organizations. Here's how to detect it.
- Detecting privilege escalation in your AWS environmentThese searches are designed to uncover potentially malicious events in your AWS environment.
- Detecting suspicious activities within cloud instancesThese searches help you identify, respond to, and investigate suspicious activities in your cloud compute instances.
- Finding Windows audit log tamperingHow to use Splunk software to find out if Windows audit logs have been tampered so you can then check if that action was legitimate.
- Monitoring user activity spikes in AWSYou can identify which users and accounts called AWS, the source IP address from which the calls were made, and when the calls occurred.