/
Behavior detections
Document toolboxDocument toolbox

Behavior detections

Owned by Former user (Deleted)
Last updated: Sept 07, 2023
1 min read

 

Significant Velocity Behavioral change for an Entity from previous cluster.

Source table → cloud.azure.vm.unknown_events

Detected possible DGA or domain-generation algorithm which can be associated with Command & control (C&C) communication.

Source table → secops.entities.system

Significant Velocity Behavioral change for an Entity from the previous cluster.

Source table → secops.entities.user

We have identified a newly observed entity that has not been active in the last 72 hours, which has joined a server cluster.

Source table → secops.entities.behavior

Related content

Azure
Azure
Devo latest
More like this
Alert Pack: Execution (MITRE Att&ck Tactic: TA0002)
Alert Pack: Execution (MITRE Att&ck Tactic: TA0002)
7.13
More like this
Office 365
Office 365
Devo latest
More like this
Release 3 - Out-of-the-box alerts
Release 3 - Out-of-the-box alerts
Devo v7.12.0
More like this
Platform alert pack: Azure
Platform alert pack: Azure
Devo latest
More like this
Custom SecOps detections
Custom SecOps detections
Devo latest
More like this