Behavioral Analytics Changelog

Behavioral Analytics run on a different engine from Falco-based policies. Instead of triggering at single incidents, Behavioral Analytics detects both suspicious sequences of actions and unusual frequencies of activities across various services. This improves detection of sophisticated threats, such as privilege escalation attempts and reconnaissance activities. Here are the most recent changes to Behavioral Analytics.

Commit Date

Rule Notes

Version

October 05, 2024

Rule Changes

  • Removed false positives for multiple Behavioral Analytics rules.

stateful-1.0.1

October 02, 2024

Rule Changes

Added the following rules:

  • Suspicious SES Activity Detected

  • Service Enumeration Detected

  • Suspicious Privileged User Created

  • Suspicious Fargate Cluster Created

  • IAM Enumeration Detected

  • WAF Enumeration Detected

  • S3 Storage Enumeration Detected

  • Lambda Enumeration Detected

  • CloudFormation Enumeration Detected

  • Suspicious User with Static Password Created

  • Suspicious Actions After IAM Policy Enumeration Detected

  • Environment Variable Enumeration Detected

  • Endpoint Enumeration Detected

  • Network Enumeration Detected

  • Workload Enumeration Detected

  • Suspicious Simulate Principal Policy Detected

  • Resource Permissions Enumeration Detected

stateful-1.0.0

September 30, 2024

The first release of Behavioral Analytics.

    1.0.0