A normalized log from an ingested source such like AWS CloudTrail, Osquery, or others
A Python function to detect some suspicious or malicious activity
A notification to the team when a policy has failed or a rule has triggered
A Python function representing the desired secure state of a resource
A cloud entity, such as an IAM user, virtual machine, or data bucket