Release 16 - Out-of-the-box alerts
- Juan Tomás Alonso Nieto (Deactivated)
Detection name | Detection description | Devo table / Data source / Category | Update |
| This search looks for AWS CloudTrail events where a user has created a policy version that allows the user to access any resource in their account. |
| New Alert |
| Monitor service creation through changes in the Registry and common utilities using command-line invocation ir order to detect Russian nation-state attackers APT29. |
| Alert Logic Updated |
| Detects user accounts that are created and delete within a four time period. |
| Alert Logic Updated |
| The process of resetting a password can be related to an attack in combination with other indicators. Â |
| Alert Logic Updated |
| Detects when a user account has multiple failed Office 365 authentication attempts. |
| New Alert |
| It could be considered an indicator of compromise when after a raised number of failed access attempts there is a valid access. |
| Alert Logic updated |
| This policy triggers when activities are detected from the same user in different locations within a time period that is shorter than the expected travel time between the two locations. This could indicate that a different user is using the same credentials. |
| Alert Logic updated |
| Detects users downloading many files in a short amount of time via Slack. |
| New Alert |
| Control over the navigation of the users and systems of the networks is considered essential to avoid risks. Access to anonymous navigation networks must be monitored. |
| Alert Logic Updated |
| This search looks for AWS CloudTrail events where a user has created a policy version that allows the user to access any resource in their account. |
| New Alert |
| UnPrivileged account added to Global Security Group |
| Updated Alert Logic |