Rule-Based Alert Types

For certain Stellar Cyber alert types based on specific rules, the following topics list the rules that may trigger the indicated Alert Type. For details on rule-based alerts, see Rule-Based Alert Details.

• Rules Contributing to Suspicious PowerShell Script Alert Type

• Rules Contributing to Suspicious Process Creation Commandline Alert Type

• Rules Contributing to Parent/Child Suspicious Process Creation Alert Type

Rule-Based AWS Alert Types

• Rules Contributing to Potentially Malicious AWS Activity Alert Type

• Rules Contributing to Suspicious AWS Bucket Enumeration Alert Type

• Rules Contributing to Suspicious AWS EBS Activity Alert Type

• Rules Contributing to Suspicious AWS EC2 Activity Alert Type

• Rules Contributing to Suspicious AWS ELB Activity Alert Type

• Rules Contributing to Suspicious AWS IAM Activity Alert Type

• Rules Contributing to Suspicious AWS Login Failure Alert Type

• Rules Contributing to Suspicious AWS RDS Event Alert Type

• Rules Contributing to Suspicious AWS Root Account Activity Alert Type

• Rules Contributing to Suspicious AWS Route 53 Activity Alert Type

• Rules Contributing to Suspicious AWS SSL Certificate Activity Alert Type

• Rules Contributing to Suspicious AWS VPC Flow Logs Modification Alert Type

• Rules Contributing to Suspicious AWS VPC Mirror Session Alert Type

• Rules Contributing to Suspicious Modification of AWS CloudTrail Logs Alert Type

• Rules Contributing to Suspicious Modification of AWS Route Table Alert Type

• Rules Contributing to Suspicious Modification of S3 Bucket Alert Type

Rule-Based Microsoft Entra Alert Types

• Rules Contributing to Microsoft Entra Application Configuration Changes Alert Type

• Rules Contributing to Microsoft Entra Application Permission Changes Alert Type

• Rules Contributing to Microsoft Entra Bitlocker Key Retrieval Alert Type

• Rules Contributing to Microsoft Entra Changes to Conditional Access Policy Alert Type

• Rules Contributing to Microsoft Entra Changes to Device Registration Policy Alert Type

• Rules Contributing to Microsoft Entra Changes to Privileged Account Alert Type

• Rules Contributing to Microsoft Entra Changes to Privileged Role Assignment Alert Type

• Rules Contributing to Microsoft Entra Federation Modified Alert Type

• Rules Contributing to Microsoft Entra Guest User Invited by Non-Approved Inviters Alert Type

• Rules Contributing to Microsoft Entra ID Discovery Using Azurehound Alert Type

• Rules Contributing to Microsoft Entra PIM Setting Changed Alert Type

• Rules Contributing to Microsoft Entra Privileged Account Assignment or Elevation Alert Type

• Rules Contributing to Microsoft Entra Sign-in Failures Alert Type

• Rules Contributing to Microsoft Entra Suspicious Sign-in Activity Alert Type

• Rules Contributing to Microsoft Entra Unusual Account Creation Alert Type

Rule-Based Windows Alert Types

Windows-related rules require the updated Windows Detection Profile (Low Volume) in the sensor profile settings.

• Rules Contributing to Potentially Malicious Windows Event Alert Type

• Rules Contributing to Sensitive Windows Active Directory Attribute Modification Alert Type

• Rules Contributing to Sensitive Windows Network Share File or Folder Accessed Alert Type

• Rules Contributing to Suspicious Access Attempt to Windows Object Alert Type

• Rules Contributing to Suspicious Activity Related to Security-Enabled Group Alert Type

• Rules Contributing to Suspicious Connection to Another Process Alert Type

• Rules Contributing to Suspicious Handle Request to Sensitive Object Alert Type

• Rules Contributing to Suspicious Windows Active Directory Operation Alert Type

• Rules Contributing to Suspicious Windows Logon Event Alert Type

• Rules Contributing to Suspicious Windows Process Creation Alert Type

• Rules Contributing to Suspicious Windows Service Installation Alert Type

• Rules Contributing to Steal or Forge Kerberos Tickets Alert Type