Compute Engine 威胁发现结果

Security Command Center 会对 Compute Engine 资源进行无代理监控和基于日志的监控。如需了解针对这些威胁的建议响应措施，请参阅应对 Compute Engine 威胁发现结果。

无代理监控发现结果类型

Virtual Machine Threat Detection 提供以下无代理监控检测：

Defense Evasion: Rootkit

Defense Evasion: Unexpected ftrace handler

Defense Evasion: Unexpected interrupt handler

Defense Evasion: Unexpected kernel modules

Defense Evasion: Unexpected kernel read-only data modification

Defense Evasion: Unexpected kprobe handler

Defense Evasion: Unexpected processes in runqueue

Defense Evasion: Unexpected system call handler

Execution: cryptocurrency mining combined detection

Execution: Cryptocurrency Mining Hash Match

Execution: Cryptocurrency Mining YARA Rule

Malware: Malicious file on disk

Malware: Malicious file on disk (YARA)

基于日志的发现结果类型

Event Threat Detection 支持以下基于日志的检测：

Brute force SSH

Impact: Managed Instance Group Autoscaling Set To Maximum

Lateral Movement: Modified Boot Disk Attached to Instance

Lateral Movement: OS Patch Execution From Service Account

Persistence: GCE Admin Added SSH Key

Persistence: GCE Admin Added Startup Script

Persistence: Global Startup Script Added

Privilege Escalation: Global Shutdown Script Added

Sensitive Actions Service 支持以下基于日志的检测：

Impact: GPU Instance Created

Impact: Many Instances Created

Impact: Many Instances Deleted

后续步骤

• 了解 Virtual Machine Threat Detection。
• 了解 Event Threat Detection。
• 了解 Sensitive Actions Service。
• 了解如何应对 Compute Engine 威胁。
• 请参阅威胁发现结果索引。