Change

Detect Excessive Account Lockouts From Endpoint

Valid Accounts, Domain Accounts

Detect Excessive User Account Lockouts

Valid Accounts, Local Accounts

Cloud Compute Instance Created By Previously Unseen User

Cloud Accounts, Valid Accounts

Cloud Provisioning Activity From Previously Unseen City

Valid Accounts

Cloud Provisioning Activity From Previously Unseen Country

Valid Accounts

Cloud Compute Instance Created With Previously Unseen Instance Type

Abnormally High Number Of Cloud Security Group API Calls

Cloud Accounts, Valid Accounts

Abnormally High Number Of Cloud Infrastructure API Calls

Cloud Accounts, Valid Accounts

Cloud API Calls From Previously Unseen User Roles

Valid Accounts

Cloud Compute Instance Created In Previously Unused Region

Unused/Unsupported Cloud Regions

Abnormally High Number Of Cloud Instances Launched

Cloud Accounts, Valid Accounts

Abnormally High Number Of Cloud Instances Destroyed

Cloud Accounts, Valid Accounts

Cloud Provisioning Activity From Previously Unseen IP Address

Valid Accounts

Cloud Provisioning Activity From Previously Unseen Region

Valid Accounts

Cloud Instance Modified By Previously Unseen User

Cloud Accounts, Valid Accounts

Short Lived Windows Accounts

Local Account, Create Account

Cloud Compute Instance Created With Previously Unseen Image