Substantial Increase In Events

Description

Alerts when a statistically significant increase in a particular event is observed.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Endpoint Compromise, Operations

Alert Volume

Alerts when a statistically significant increase in a particular event is observed.

SPL Difficulty

Advanced

Journey

Stage 2

Data Sources

Any Splunk Logs