LoFP
/
cloud compute instance
Title
Tags
after a new image is created, the first systems created with that image will cause this alert to fire. verify that the image being used was created by a legitimate user.
cloud compute instance
splunk
it's possible that a user has unknowingly started an instance in a new region. please verify that this activity is legitimate.
T1535
aws instance
cloud compute instance
splunk
it's possible that a user will start to create compute instances for the first time, for any number of reasons. verify with the user launching instances that this is the intended behavior.
t1078
t1078.004
cloud compute instance
splunk
LoFP
/
cloud compute instance