search
Ctrlk

Suspected Attacks

AI detection of suspicious event sequences.

The Suspected Attacks page uses AI-assisted detection to identify and surface potential sequences of suspicious events across your cloud environment that together indicate a possible breach or attack in progress.

hashtag
What Is an Attack Chain?

An attack chain is a series of correlated events that suggest an attempt or successful data compromise. DataDefender maps detected events against MITRE ATT&CK techniques and groups related events into a single chain so you can see the full picture of an attack rather than individual alerts.

hashtag
Status Filter

Use the status filter buttons to narrow down the attack chains by their current state:

Status
Meaning

All

Show every detected chain

Attacks

Categorizes single activities that indicate attacks

Multi-Stage Attacks

Categorizes multi-stage events that indicate attacks

The count next to each button shows how many chains are in that state. Click on a specific type of attack to see an icon-based view of potential threats.

hashtag
Filtering and Sorting

Filtering: Select the time zone and severity. Click 'More Filters' to access more granular controls like Account ID, Location, and more. You can also add filters to search for specific attacks.

Sort: Use the sort dropdown to change the ordering (e.g. by date, severity, or completion). Use the arrow button next to it to toggle between ascending and descending order.

hashtag
Attack Chain Cards

Each card in the list represents one detected attack chain. Cards show:

  • Scenario name and description

  • Current status badge (Occurred / Attempted / Blocked / Incomplete)

  • Date of first and last detected activity

Click a card to expand it and see the full attack details, including:

  • Summary: Brief summary of attack and outcome

  • Affected resources: Which storage resources were involved

  • Threat Category: Type of threat (Access Control, Data Exfiltration, etc.)

  • Threat State: Current threat level of the finding

hashtag
Pagination

Use the Previous and Next buttons to navigate through the list of attack chains.

hashtag
Related Pages

  • Security Holes: See the misconfigurations that may enable attacks

  • Forensic Analysis: Search raw CloudTrail logs for specific events

    • Consider checking File Access by User to investigate which files were accessed by certain identities during a potential attack

PreviousData ClassificationNextSecurity Holes

Last updated