LoFP LoFP / spikes in failures can also be due to bugs in cloud automation scripts or workflows; changes to cloud automation scripts or workflows; adoption of new services; changes in the way services are used; or changes to iam privileges.

Techniques

Sample rules

Spike in GCP Audit Failed Messages

Description

A machine learning job detected a significant spike in the rate of a particular failure in the GCP Audit messages. Spikes in failed messages may accompany attempts at privilege escalation, lateral movement, or discovery.

Detection logic

Spike in Azure Activity Logs Failed Messages

Description

A machine learning job detected a significant spike in the rate of a particular failure in the Azure Activity Logs messages. Spikes in failed messages may accompany attempts at privilege escalation, lateral movement, or discovery.

Detection logic