Security Command Center analyzes various logs for potential threats that affect network resources. For recommended responses to these threats, see Respond to network threat findings.
The following log-based detections are available with Event Threat Detection:
-
Active Scan: Log4j Vulnerable to RCE -
Cloud IDS: THREAT_IDENTIFIER -
Command and Control: DNS Tunneling -
Defense Evasion: VPC Route Masquerade Attempt -
Impact: VPC Firewall High Priority Block -
Impact: VPC Firewall Mass Rule Deletion -
Initial Access: Log4j Compromise Attempt -
Log4j Malware: Bad Domain -
Log4j Malware: Bad IP -
Malware: bad domain -
Malware: bad IP -
Malware: Cryptomining Bad Domain -
Malware: Cryptomining Bad IP
What's next
- Learn about Event Threat Detection.
- Learn how to respond to network threat findings.
- Refer to the Threat findings index.