This section provides information about some of the Time-Series security alerts that are visible in the Lacework Console.
Time series analysis uses a sequence of data points from the past to predict the value of the next data point. Anomalies are detected when the actual observed value deviates significantly from the predicted value.
You can use time series analysis to detect changes in activity frequency or volume over time. This type of anomaly could be indicative of discovery activity (probing AWS environment, enumerating permissions and resources), misconfigurations (incorrect request parameters in an automated script), or coinminer attacks (sudden increase in GPU instances).
For each documented alert, it provides:
- a summary of the alert
- why the alert is important
- information about investigating the alert
- information about how to resolve the alert