Models
Name | Description | Data Source | |
---|---|---|---|
1 | WS ec2 first time action for AMI | This finds first time AWS ec2 actions per AMI events compared to the given time period (default 30 days). |
|
2 | AWS ec2 first time action for instance type | This finds first time AWS ec2 actions per instance type per user events compared to the given time period (default 30 days). |
|
3 | AWS ec2 first time action for region | This finds first time AWS ec2 actions per region events compared to the given time period (default 30 days). |
|
4 | AWS ec2 first time action for user | This finds first time AWS ec2 actions per user events compared to the given time period (default 30 days). |
|
5 | AWS first time action | This finds first time AWS actions per user events compared to the given time period (default 30 days). |
|
6 | AWS provisioning first time action in region | This finds first time AWS actions per user per region events compared to the given time period (default 30 days). |
|
7 | AWS provisioning first time city | This finds first time AWS provisioning actions per user per city events compared to the given time period (default 30 days). |
|
8 | AWS provisioning first time country | This finds first time AWS provisioning events per user per country compared to the given time period (default 30 days). |
|
9 | AWS provisioning first time IP | This finds first time AWS provisioning events per user per ip compared to the given time period (default 30 days). |
|
10 | Azure App Service First Time Action | This finds first time Azure App Service user actions compared to the given time period (default 30 days). |
|
11 | Azure App Service First Time Country | This finds first time Azure App Service events from a country compared to the given time period (default 30 days). |
|
12 | Azure app service first time user | This finds first time Azure App Service users compared to the given time period (default 30 days). |
|
13 | Azure storage first time action | This finds first time Azure Storage action events compared to the given time period (default 30 days). |
|
14 | Azure storage first time country | This finds first time Azure Storage events from a country compared to the given time period (default 30 days). |
|
15 | Azure storage first time user | This finds first time Azure Storage users compared to the given time period (default 30 days). |
|
16 | Azure VM first time action | This finds first time Azure VM action events compared to the given time period (default 30 days). |
|
17 | Azure VM first time country | This finds first time Azure VM events from a country compared to the given time period (default 30 days). |
|
18 | Azure VM first time user | This finds first time Azure VM users compared to the given time period (default 30 days). |
|
19 | First time access to domain from user | Identifies first time Domain is accessed over the proxy by a user compared to the past 30 days. |
|
20 | First time authentication or authorization from a country | Identify if this is the first authentication or authorization request for a user from a country in the past 30 days. |
|
21 | First time authentication or authorization from a organization | Identify if this is the first authentication or authorization request for a user from a organization in the past 30 days. |
|
22 | First time authentication to a Windows domain | Identify if this is the first authentication to a Windows domain by a user in the past 30 days. |
|
23 | First time domain accessed by internal IP | Identifies first time internal IP accessed a domain over the proxy compared to the past 30 days. |
|
24 | First time login to device/asset | Identifies first time logins to devices compared to the past 30 days. |
|
25 | GitHub organization first time access protocol events | This finds first time GitHub Organization user activity with a protocol compared to the given time period (default 30 days). |
|
26 | GitHub organization first time action events | This finds first time GitHub Organization user actions compared to the given time period (default 30 days). |
|
27 | GitHub organization first time country events | This finds first time GitHub Organization user activity from a country compared to the given time period (default 30 days). |
|
28 | GitHub organization first time repo access | This finds first time GitHub Organization repo access compared to the given time period (default 30 days). |
|
29 | GitHub organization first time user access | This finds first time GitHub Organization user access compared to the given time period (default 30 days). |
|
30 | GSuite admin first time action | This finds first time GSuite Admin actions per user compared to the given time period (default 30 days). |
|
31 | O365 first time action | This finds first time O365 actions per user compared to the given time period (default 30 days). |
|
32 | Proxy first-time outbound connection to country | This detects first time connections from a given proxy to a country that is new compared to historical data (default 30 days). |
|