You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This rule is designed to detect spikes of excessive API call events within AWS performed by a user based on a daily outliers standard deviation using a designated historic baseline. The minimum floor of API Calls expected by default is set to 5. If excessive signaling is observed it is recommended adding expected users that are known to be involved with specific administrative or privileged activity in AWS to the AWS_admin_users match list.
Additional Details
Detail
Value
Type
Outlier
Category
Execution
Apply Risk to Entities
user_username
Signal Name
Spike in AWS API Call from User
Summary Expression
Excessive count of AWS API Call from User: {{user_username}} based on daily historic activity