Behavioral Analytics Changelog

Behavioral Analytics run on a different engine from Falco-based policies. Instead of triggering at single incidents, Behavioral Analytics detects both suspicious sequences of actions and unusual frequencies of activities across various services. This improves detection of sophisticated threats, such as privilege escalation attempts and reconnaissance activities. Here are the most recent changes to Behavioral Analytics.

Commit Date	Rule Notes	Version
October 15, 2024	Rule Changes Reduced false positives for enumeration rules.	stateful-1.0.2
October 05, 2024	Rule Changes Removed false positives for multiple Behavioral Analytics rules.	stateful-1.0.1
October 02, 2024	Rule Changes Added the following rules: `Suspicious SES Activity Detected` `Service Enumeration Detected` `Suspicious Privileged User Created` `Suspicious Fargate Cluster Created` `IAM Enumeration Detected` `WAF Enumeration Detected` `S3 Storage Enumeration Detected` `Lambda Enumeration Detected` `CloudFormation Enumeration Detected` `Suspicious User with Static Password Created` `Suspicious Actions After IAM Policy Enumeration Detected` `Environment Variable Enumeration Detected` `Endpoint Enumeration Detected` `Network Enumeration Detected` `Workload Enumeration Detected` `Suspicious Simulate Principal Policy Detected` `Resource Permissions Enumeration Detected`	stateful-1.0.0
September 30, 2024	The first release of Behavioral Analytics.	1.0.0

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.