Behavioral Analytics Changelog
Behavioral Analytics run on a different engine from Falco-based policies. Instead of triggering at single incidents, Behavioral Analytics detects both suspicious sequences of actions and unusual frequencies of activities across various services. This improves detection of sophisticated threats, such as privilege escalation attempts and reconnaissance activities. Here are the most recent changes to Behavioral Analytics.
October 05, 2024 | Rule Changes | stateful-1.0.1 |
October 02, 2024 | Rule Changes Added the following rules: Suspicious SES Activity Detected
Service Enumeration Detected
Suspicious Privileged User Created
Suspicious Fargate Cluster Created
IAM Enumeration Detected
WAF Enumeration Detected
S3 Storage Enumeration Detected
Lambda Enumeration Detected
CloudFormation Enumeration Detected
Suspicious User with Static Password Created
Suspicious Actions After IAM Policy Enumeration Detected
Environment Variable Enumeration Detected
Endpoint Enumeration Detected
Network Enumeration Detected
Workload Enumeration Detected
Suspicious Simulate Principal Policy Detected
Resource Permissions Enumeration Detected
| stateful-1.0.0 |
September 30, 2024 | The first release of Behavioral Analytics. | 1.0.0 |