Alert Types Classified as Composite Category
Overview
A composite alert consists of multiple Lacework detection mechanisms. Lacework generates composite alerts when it detects potential intrusions in your cloud entities. Each alert provides insight into the suspected compromise such as users, machines, or IP addresses.
With composite alerts, Lacework further alleviates the alert fatigue by automatically correlating disparate events across multiple detection sources into higher-level objects.
Alert List
The following table lists all the composite alerts.
| Alert Name | Alert Type |
|---|---|
| Potential cloud-native ransomware attack | IncidentPotentialCloudNativeRansomwareAttack |
| Potential cryptomining attack on host | IncidentPotentialHostCryptominingAttack |
| Potential AWS defense evasion | IncidentPotentialDefenseEvasionAws |
| Potential cloud-native cryptomining attack | IncidentPotentialCloudNativeCryptominingAttack |
| Potentially compromised AWS keys | IncidentPotentiallyCompromisedAWSKeys |