Security Command Center melakukan pemantauan tanpa agen dan berbasis log terhadap resource Compute Engine. Untuk mengetahui respons yang direkomendasikan terhadap ancaman ini, lihat Merespons temuan ancaman Compute Engine.
Jenis temuan pemantauan tanpa agen
Deteksi pemantauan tanpa agen berikut tersedia dengan Virtual Machine Threat Detection:
Defense Evasion: RootkitDefense Evasion: Unexpected ftrace handlerDefense Evasion: Unexpected interrupt handlerDefense Evasion: Unexpected kernel modulesDefense Evasion: Unexpected kernel read-only data modificationDefense Evasion: Unexpected kprobe handlerDefense Evasion: Unexpected processes in runqueueDefense Evasion: Unexpected system call handlerExecution: cryptocurrency mining combined detectionExecution: Cryptocurrency Mining Hash MatchExecution: Cryptocurrency Mining YARA RuleMalware: Malicious file on diskMalware: Malicious file on disk (YARA)Jenis temuan berbasis log
Deteksi berbasis log berikut tersedia dengan Event Threat Detection:
Brute force SSHImpact: Managed Instance Group Autoscaling Set To MaximumLateral Movement: Modified Boot Disk Attached to InstanceLateral Movement: OS Patch Execution From Service AccountPersistence: GCE Admin Added SSH KeyPersistence: GCE Admin Added Startup ScriptPersistence: Global Startup Script AddedPrivilege Escalation: Global Shutdown Script AddedDeteksi berbasis log berikut tersedia dengan Sensitive Actions Service:
Impact: GPU Instance CreatedImpact: Many Instances CreatedImpact: Many Instances DeletedLangkah berikutnya
- Pelajari Virtual Machine Threat Detection.
- Pelajari Event Threat Detection.
- Pelajari Layanan Tindakan Sensitif.
- Pelajari cara merespons ancaman Compute Engine.
- Lihat Indeks temuan ancaman.