This section provides information about some of the Time-Series security events visible in the Lacework Console.
Time series analysis uses a sequence of data points from the past to predict the value of the next data point. Anomalies are detected when the actual observed value deviates significantly from the predicted value.
You can use time series analysis to detect changes in activity frequency or volume over time. This type of anomaly could be indicative of discovery activity (probing AWS environment, enumerating permissions and resources), misconfigurations (incorrect request parameters in an automated script), or coinminer attacks (sudden increase in GPU instances).
For each documented event, it provides:
- a summary of the event
- why the event is important
- information about investigating the event
- information about how to resolve the event