LoFP
/
cloud compute instance
Title
Tags
after a new image is created, the first systems created with that image will cause this alert to fire. verify that the image being used was created by a legitimate user.
cloud compute instance
splunk
it is possible that an admin will create a new system using a new instance type that has never been used before. verify with the creator that they intended to create the system with the new instance type.
cloud compute instance
splunk
it's possible that a user has unknowingly started an instance in a new region. please verify that this activity is legitimate.
T1535
cloud compute instance
splunk
it's possible that a user will start to create compute instances for the first time, for any number of reasons. verify with the user launching instances that this is the intended behavior.
t1078.004
cloud compute instance
splunk
LoFP
/
cloud compute instance