Cloud Anomaly Detection

InsightCloudSec Analysis & Detection of Cloud API Activity/Audit Logs, or Cloud Anomaly Detection (a.k.a. Audit Log Monitoring), automatically analyzes Cloud API audit logs and detect anomalous behavior of principals, roles, resources, and clusters. This service automatically detects security-related events, especially anomalous behavior that can only be detected through tracking and monitoring entities over time and from extended context.

When InsightCloudSec detects API activity in a monitored environment that deviates from historical or expected behavior it generates an anomaly. A collection of cross-correlated anomalies may indicate higher probability for an attacker's behavior, and as a result, generate an incident. An incident contains the details about the discovery of a potential security issue. The finding details in the incident include information about what happened, which resources were involved in the activity, when the activity took place, which abnormal activity (anomalies) triggered this incident as well as other information. Not all Anomalies are mapped to incidents. InsightCloudSec allows you to explore both Anomalies and Incidents via the Threat Findings feature or to export the same data to a 3rd party system such as a Security Information & Event Management (SIEM) platform.