AWS EC2 new event for application

cloudtrail
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Goal

Detects when an application on a host has a new, unrecognized API call.

Strategy

Using the New Value detection method, find when an application has a new @evt.name on a host.

Triage and response

  1. Determine if the host: {{host}} running the application: {{application}} should have done the following event(s){{@evt.name}}:
    • If yes, you can Archive the signal.
    • If no, investigate further by clicking on the Suggested Actions tab for the signal
  2. If necessary, initiate your company’s incident response process.

Changelog

  • 14 November 2022 - Updated severity.