Rule-Based Alert Types
For certain Stellar Cyber alert types based on specific rules, the following topics list the rules that may trigger the indicated Alert Type. For details on rule-based alerts, see Rule-Based Alert Details.
-
Rules Contributing to Suspicious PowerShell Script Alert Type
-
Rules Contributing to Suspicious Process Creation Commandline Alert Type
-
Rules Contributing to Parent/Child Suspicious Process Creation Alert Type
Rule-Based AWS Alert Types
-
Rules Contributing to Potentially Malicious AWS Activity Alert Type
-
Rules Contributing to Suspicious AWS Bucket Enumeration Alert Type
-
Rules Contributing to Suspicious AWS EBS Activity Alert Type
-
Rules Contributing to Suspicious AWS EC2 Activity Alert Type
-
Rules Contributing to Suspicious AWS ELB Activity Alert Type
-
Rules Contributing to Suspicious AWS IAM Activity Alert Type
-
Rules Contributing to Suspicious AWS Login Failure Alert Type
-
Rules Contributing to Suspicious AWS Root Account Activity Alert Type
-
Rules Contributing to Suspicious AWS Route 53 Activity Alert Type
-
Rules Contributing to Suspicious AWS SSL Certificate Activity Alert Type
-
Rules Contributing to Suspicious AWS VPC Flow Logs Modification Alert Type
-
Rules Contributing to Suspicious AWS VPC Mirror Session Alert Type
-
Rules Contributing to Suspicious Modification of AWS CloudTrail Logs Alert Type
-
Rules Contributing to Suspicious Modification of AWS Route Table Alert Type
-
Rules Contributing to Suspicious Modification of S3 Bucket Alert Type
Rule-Based Windows Alert Types
Windows-related rules require the updated Windows Detection Profile (Low Volume) in the sensor profile settings.
-
Rules Contributing to Potentially Malicious Windows Event Alert Type
-
Rules Contributing to Sensitive Windows Active Directory Attribute Modification Alert Type
-
Rules Contributing to Sensitive Windows Network Share File or Folder Accessed Alert Type
-
Rules Contributing to Suspicious Access Attempt to Windows Object Alert Type
-
Rules Contributing to Suspicious Activity Related to Security-Enabled Group Alert Type
-
Rules Contributing to Suspicious Connection to Another Process Alert Type
-
Rules Contributing to Suspicious Handle Request to Sensitive Object Alert Type
-
Rules Contributing to Suspicious Windows Active Directory Operation Alert Type
-
Rules Contributing to Suspicious Windows Logon Event Alert Type
-
Rules Contributing to Suspicious Windows Process Creation Alert Type
-
Rules Contributing to Suspicious Windows Service Installation Alert Type