This document describes a threat finding type in Security Command Center. Threat findings are generated by threat detectors when they detect a potential threat in your cloud resources. For a full list of available threat findings, see Threat findings index.
Overview
An organization-level organization policy was created, updated, or deleted, in an organization that is more than 10 days old. This finding isn't available for project-level activations.
Detection service
How to respond
To respond to this finding, do the following:
Review finding details
Open the
Defense Evasion: Organization Policy Changedfinding as directed in Reviewing findings. Review the details in the Summary and JSON tabs.Identify other findings that occurred at a similar time for this resource. Related findings might indicate that this activity was malicious, instead of a failure to follow best practices.
Review the settings of the affected resource.
Check the logs for the affected resource.
Research attack and response methods
Review the MITRE ATT&CK framework entry for this finding type: Impair Defenses.
What's next
- Learn how to work with threat findings in Security Command Center.
- Refer to the Threat findings index.
- Learn how to review a finding through the Google Cloud console.
- Learn about the services that generate threat findings.