Glossary

event

A normalized log from sources such as CloudTrail, Osquery, or Suricata

rule

A Python function to detect suspicious activity

alert

A notification to the team when a policy has failed or a rule has triggered

policy

A Python function representing the desired secure state of a resource

resource

A cloud entity, such as an IAM user, virtual machine, or data bucket