Threat detection using cloud resource management logs

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Roy Levin · Redmond, US
• Ram Haim Pliskin · Rishon LeZion, IL
• Johnathan Samuel Simon · Redmond, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/535
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Generally discussed herein are devices, systems, and methods for improving cloud resource security. A method can include obtaining a cloud resource management log that details actions performed by users of cloud resources in a cloud portal, the actions including entries comprising at least two of a user identification (ID) of a user of the users, an operation of operations performed on the cloud resource, a uniform resource identifier (URI) of a cloud resource of the cloud resources that is a target of the operation, or a time the operation was performed. The method can include determining a respective score for each action in the cloud resource management log, comparing the respective score to a specified criterion, and providing an indication of anomalous action in response to determining the respective score satisfies the specified criterion.