Types of Threat Detection Enabled by TDIR for Public Cloud

Overview of TDIR for Public Cloud
Supported Cloud Environments and Log Sources
Types of Threat Detection Enabled by TDIR for Public Cloud
Prepare to Use TDIR for Public Cloud
View Cloud Content Activity

Types of Threat Detection Enabled by TDIR for Public Cloud

TDIR for Public Cloud provides security coverage for threat types that were not covered by existing security content. For example, the new content can be used to detect malicious or abnormal cloud activities like the following:

Attacks based on cloud identities, including the manipulation of cloud permissions, roles, and policies
Abnormalities in cloud-based user behavior
Data exfiltration through cloud storage services, including monitoring outgoing data and detecting public resources
Abnormal malware or crypto miner uploads, for example, in storage or through computer resources

For more detailed information about the use cases, rules, and attack techniques covered by TDIR for Public Cloud, see the following subsections:

Use Cases
Rules by Use Case for Each Cloud Platform
MITRE ATT&CK^® Coverage by Use Case for Each Cloud Platform

Security ContentThreat Detection, Investigation, and Response for Public Cloud Guide

Table of ContentsTable of Contents

Types of Threat Detection Enabled by TDIR for Public Cloud