Tag
medium
threat
Cisco Secure Firewall - High Volume of Intrusion Events Per Host
2 rules 3 TTPsThis analytic detects internal systems generating an unusually high volume of intrusion detections within a 30-minute window using Cisco Secure Firewall Threat Defense logs, identifying hosts triggering more than 15 Snort-based signatures, which may indicate suspicious activity like malware execution, command-and-control communication, vulnerability scanning, or lateral movement.
exploited
Secure Firewall Threat Defense +3
network
intrusion_detection
anomaly_detection
2r
3t
high
advisory
Anomalous Cloud Compute Instance Creation by Unseen User
2 rules 1 TTPDetection of cloud compute instance creation by a user with no prior history of creating instances, potentially indicating unauthorized access, account compromise, or misuse of cloud resources leading to data exfiltration, increased costs, or further exploitation.
EC2
cloud_security
anomaly_detection
aws
2r
1t