You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"description": "Security: Cloudtrail - Looks for unusual errors. Rare and unusual errors may simply indicate an impending service failure but they can also be byproducts of attempted or successful persistence, privilege escalation, defense evasion, discovery, lateral movement, or collection activity by a threat actor.",
"groups": [
"security",
"cloudtrail"
],
"analysis_config": {
"bucket_span": "60m",
"detectors": [
{
"detector_description": "rare by \"aws.cloudtrail.error_code\"",