API Usage Use Cases
Grouped by Detection Method
Aggregate Count
- Count of Events per Source User/Token
- Count of Events per Target System
Blacklist Alert
- Calls with Command-line Syntax
Whitelist Alert
Levenshtein Score Alert
Rolling Whitelist Alert
Shannon Entropy Score Alert
Threshold Alert
Log Source Examples
Possible False Positives