AWS EC2 new event for application

cloudtrail
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Goal

Detects when an application on a host has a new, unrecognized API call.

Strategy

Using the New Value detection method, find when an application has a new @evt.name on a host.

Triage and response

  1. Determine if the host: {{host}} running the application: {{application}} should have done the following event(s){{@evt.name}}:
    • If yes, you can Archive the signal.
    • If no, investigate further by clicking on the Suggested Actions tab for the signal
  2. If necessary, initiate your company’s incident response process.

Changelog

  • 14 November 2022 - Updated severity.