Cloud Compute Instance Created By Previously Unseen User
Cloud Accounts , Valid Accounts
Change
Detect Excessive Account Lockouts From Endpoint
Valid Accounts , Domain Accounts
Cloud Provisioning Activity From Previously Unseen Country
Valid Accounts
Cloud Provisioning Activity From Previously Unseen City
Valid Accounts
Abnormally High Number Of Cloud Security Group API Calls
Cloud Accounts , Valid Accounts
Abnormally High Number Of Cloud Infrastructure API Calls
Cloud Accounts , Valid Accounts
Cloud API Calls From Previously Unseen User Roles
Valid Accounts
Cloud Compute Instance Created In Previously Unused Region
Unused/Unsupported Cloud Regions
Abnormally High Number Of Cloud Instances Launched
Cloud Accounts , Valid Accounts
Abnormally High Number Of Cloud Instances Destroyed
Cloud Accounts , Valid Accounts
Cloud Provisioning Activity From Previously Unseen Region
Valid Accounts
Cloud Instance Modified By Previously Unseen User
Cloud Accounts , Valid Accounts
Detect Excessive User Account Lockouts
Valid Accounts , Local Accounts
Short Lived Windows Accounts
Local Account , Create Account