AWS CloudTrail High distinct count error Message

Goal

Detects a spike in distinct error messages produced in a certain period of time.

Description

Given that the time series produced by the errors is extremely noisy, we can only learn an average value and the standard deviation of it. Producing an alert when the value goes beyond a certain amount of deviations.

We will use a large number of deviations to produce the alert in order to reduce false positives.

Characteristics

Name

AWS CloudTrail High distinct count error Message

Data involved

We will use all the data incoming from the AWS CloudTrail API that contains an error Message.

Alert Generation

We will generate an alert when the model detects a spike in distinct error messages. This alert will be generated only if the amount is higher than spect. Not lower.

Raw outputs of the model

A boolean value indicating if the value is anomalous.

PreviousAWS CloudTrail High distinct count error Code NextData Leak Detection

Last updated 2 months ago