0Pricing
AWS Security Academy · Lesson

Spotting Anomalous Activity Patterns

Recognize unusual behavior that signals a possible compromise.

Recognizing Trouble

The payoff of investigation is recognizing patterns that signal a compromise. Detective surfaces these, but you must know what they look like. This lesson covers the anomalous patterns that most often mean an attacker is at work in an AWS environment.

Unusual API Call Volume

A sudden spike in API calls from an entity that is normally quiet is a classic red flag. Attackers enumerate resources and make many calls quickly. Detective's baseline comparison makes such spikes obvious against the entity's normal rhythm.

All lessons in this course

  1. How Detective Builds a Behavior Graph
  2. Pivoting from a GuardDuty Finding
  3. Analyzing Entities and Time Windows
  4. Spotting Anomalous Activity Patterns
← Back to AWS Security Academy