Compute Engine 威脅發現

Security Command Center 會對 Compute Engine 資源執行無代理程式以記錄為基礎的監控作業。如需這些威脅的建議回應,請參閱「回應 Compute Engine 威脅發現」。

免代理程式監控發現項目類型

透過 Virtual Machine Threat Detection,您可以進行下列無代理程式監控偵測:

  • Defense Evasion: Rootkit
  • Defense Evasion: Unexpected ftrace handler
  • Defense Evasion: Unexpected interrupt handler
  • Defense Evasion: Unexpected kernel modules
  • Defense Evasion: Unexpected kernel read-only data modification
  • Defense Evasion: Unexpected kprobe handler
  • Defense Evasion: Unexpected processes in runqueue
  • Defense Evasion: Unexpected system call handler
  • Execution: cryptocurrency mining combined detection
  • Execution: Cryptocurrency Mining Hash Match
  • Execution: Cryptocurrency Mining YARA Rule
  • Malware: Malicious file on disk
  • Malware: Malicious file on disk (YARA)

    • 記錄發現項目類型

    Event Threat Detection 提供下列記錄檔偵測功能:

  • Brute force SSH
  • Impact: Managed Instance Group Autoscaling Set To Maximum
  • Lateral Movement: Modified Boot Disk Attached to Instance
  • Lateral Movement: OS Patch Execution From Service Account
  • Persistence: GCE Admin Added SSH Key
  • Persistence: GCE Admin Added Startup Script
  • Persistence: Global Startup Script Added
  • Privilege Escalation: Global Shutdown Script Added

    • 您可以使用敏感動作服務,進行下列以記錄為準的偵測:

  • Impact: GPU Instance Created
  • Impact: Many Instances Created
  • Impact: Many Instances Deleted

    • 後續步驟