Tag
This analytic identifies unusual modifications to cloud security groups by users, such as modifications, deletions, or creations, analyzed over 30-minute intervals, potentially indicating compromised accounts or insider threats leading to resource exposure or service disruption.