Â
Significant Velocity Behavioral change for an Entity from previous cluster.
Source table → cloud.azure.vm.unknown_events
cloud.azure.vm.unknown_events
Detected possible DGA or domain-generation algorithm which can be associated with Command & control (C&C) communication.
Source table → secops.entities.system
secops.entities.system
Significant Velocity Behavioral change for an Entity from the previous cluster.
Source table → secops.entities.user
secops.entities.user
We have identified a newly observed entity that has not been active in the last 72 hours, which has joined a server cluster.
Source table → secops.entities.behavior
secops.entities.behavior
