Security Command Center performs agentless and log-based monitoring of Compute Engine resources. For recommended responses to these threats, see Respond to Compute Engine threat findings.
Agentless monitoring finding types
The following agentless monitoring detections are available with Virtual Machine Threat Detection:
Defense Evasion: RootkitDefense Evasion: Unexpected ftrace handlerDefense Evasion: Unexpected interrupt handlerDefense Evasion: Unexpected kernel modulesDefense Evasion: Unexpected kernel read-only data modificationDefense Evasion: Unexpected kprobe handlerDefense Evasion: Unexpected processes in runqueueDefense Evasion: Unexpected system call handlerExecution: cryptocurrency mining combined detectionExecution: Cryptocurrency Mining Hash MatchExecution: Cryptocurrency Mining YARA RuleMalware: Malicious file on diskMalware: Malicious file on disk (YARA)Log-based finding types
The following log-based detections are available with Event Threat Detection:
Brute force SSHImpact: Managed Instance Group Autoscaling Set To MaximumLateral Movement: Modified Boot Disk Attached to InstanceLateral Movement: OS Patch Execution From Service AccountPersistence: GCE Admin Added SSH KeyPersistence: GCE Admin Added Startup ScriptPersistence: Global Startup Script AddedPrivilege Escalation: Global Shutdown Script AddedThe following log-based detections are available with Sensitive Actions Service:
Impact: GPU Instance CreatedImpact: Many Instances CreatedImpact: Many Instances DeletedWhat's next
- Learn about Virtual Machine Threat Detection.
- Learn about Event Threat Detection.
- Learn about Sensitive Actions Service.
- Learn how to respond to Compute Engine threats.
- Refer to the Threat findings index.