Detect Spike in blocked Outbound Traffic from your AWS
Account Manipulation
Hardware Additions, Network Denial of Service, Adversary-in-the-Middle, ARP Cache Poisoning
Command and Scripting Interpreter, PowerShell
Remote Services, SMB/Windows Admin Shares, Distributed Component Object Model, Windows Management Instrumentation, Windows Service