Compute Engine 威胁发现结果

Security Command Center 会对 Compute Engine 资源执行无代理基于日志的监控。如需了解针对这些威胁的建议响应措施,请参阅应对 Compute Engine 威胁发现结果

无代理监控发现结果类型

Virtual Machine Threat Detection 提供以下无代理监控检测:

  • Defense Evasion: Rootkit
  • Defense Evasion: Unexpected ftrace handler
  • Defense Evasion: Unexpected interrupt handler
  • Defense Evasion: Unexpected kernel modules
  • Defense Evasion: Unexpected kernel read-only data modification
  • Defense Evasion: Unexpected kprobe handler
  • Defense Evasion: Unexpected processes in runqueue
  • Defense Evasion: Unexpected system call handler
  • Execution: cryptocurrency mining combined detection
  • Execution: Cryptocurrency Mining Hash Match
  • Execution: Cryptocurrency Mining YARA Rule
  • Malware: Malicious file on disk
  • Malware: Malicious file on disk (YARA)

    • 基于日志的发现结果类型

    Event Threat Detection 提供以下基于日志的检测:

  • Brute force SSH
  • Impact: Managed Instance Group Autoscaling Set To Maximum
  • Lateral Movement: Modified Boot Disk Attached to Instance
  • Lateral Movement: OS Patch Execution From Service Account
  • Persistence: GCE Admin Added SSH Key
  • Persistence: GCE Admin Added Startup Script
  • Persistence: Global Startup Script Added
  • Privilege Escalation: Global Shutdown Script Added

    • 敏感操作服务提供以下基于日志的检测:

  • Impact: GPU Instance Created
  • Impact: Many Instances Created
  • Impact: Many Instances Deleted

    • 后续步骤