Events or activities that fall outside of fixed patterns or established normal behavior could be a key indicator of potential unauthorized data access, data breach, or malicious activities. These kind of activities or events are detected by DSPM and are classified as Risks for the Security team to review.
These types of events are detected based on reading the CloudTrail logs or the RDS logs and capturing the details.
Examples include: Unusually high number of S3 bucket delete operations or a high number of IAM policy changes.
To access this feature, navigate to Investigate -> Risks -> All Risks and select Anomaly from the Quick Filters.
Details for the list of the currently available risks definition for Anomaly Detection can be reviewed in the Risk Signatures section.