|
CLOUD_ACTIVITY
|
-
CLOUD_TRAIL
-
VPC_ACTIVITY_LOG
-
AMAZON_SECURITY_LAKE
|
|
CONTAINER_ACTIVITY
|
-
TELEMETRY_CONNECTION
-
TELEMETRY_FILE
-
TELEMETRY_PROCESS
|
|
DETECTION
|
-
ACCOUNT_DETECTION
-
ACCOUNT_SUSPICIOUS_DETECTION
-
APPLICATION_CONTROL_VIOLATION
-
APP_PROTOCOL_ACCESS
-
ASSET_ACTIVITY
-
BEHAVIORAL_VIOLATION
-
DEEP_PACKET_INSPECTION_EVENT
-
DENYLIST_CHANGE
-
DETECTION_LOG
-
DEVICE_ACCESS_VIOLATION
-
DISRUPTIVE_APPLICATION_DETECTION
-
DLP_VIOLATION
-
FILE_ANALYZED
-
FILE_FILTERING
-
FILE_TYPE_ACCESS
-
FIREWALL_POLICY_VIOLATION
-
INTEGRITY_MONITORING_EVENT
-
INTRUSION_DETECTION
-
INTRUSION_FRAGMENTED_IGMP
-
INTRUSION_LAND_ATTACK
-
INTRUSION_OVERLAPPING_FRAGMENT
-
INTRUSION_PING_OF_DEATH
-
INTRUSION_SYN_FLOOD
-
INTRUSION_TEARDROP
-
INTRUSION_TOO_BIG_FRAGMENT
-
INTRUSION_TRACEROUTE
-
LOG_INSPECTION_EVENT
-
MACHINE_LEARNING_DETECTION
-
MALWARE_DETECTION
-
MALWARE_OUTBREAK_DETECTION
-
MALWARE_SCAN_FAILURE
-
MESSAGE_DETECTION
-
MESSAGE_SUSPICIOUS_DETECTION
-
NOTABLE_CHARACTERISTICS
-
POLICY_ENFORCEMENT
-
PROCESS_ACTIVITY
-
PRODUCT_UPDATE
-
PROTOCOL_FILTERING
-
SECURITY_RISK_DETECTION
-
SIGNATURE_UPDATE
-
SUSPICIOUS_BEHAVIOUR_DETECTION
-
SYSTEM_ACTIVITY
-
SYSTEM_EVENT
-
SYSTEM_LOGON_FAILURE
-
WEB_POLICY_VIOLATION
-
WEB_THREAT_DETECTION
|
|
ENDPOINT_ACTIVITY
|
|
|
IDENTITY_ACTIVITY
|
-
IDENTITY_AAD_DIR_AUDIT
-
IDENTITY_IAM_SIGN_INS
|
|
MESSAGE_ACTIVITY
|
-
MESSAGE_EMAIL_META
-
COLLABORATION_ACTIVITY
|
|
MOBILE_ACTIVITY
|
-
TELEMETRY_APP
-
TELEMETRY_FILE
-
TELEMETRY_INTERNET
-
TELEMETRY_SYSTEM_EVENT
|
|
THIRD_PARTY_LOG
|
Specify a third-party vendor to narrow the matched event scope.
|
