Defense Evasion: Organization Policy Changed

This document describes a threat finding type in Security Command Center. Threat findings are generated by threat detectors when they detect a potential threat in your cloud resources. For a full list of available threat findings, see Threat findings index.

Overview

An organization-level organization policy was created, updated, or deleted, in an organization that is more than 10 days old. This finding isn't available for project-level activations.

Detection service

Sensitive Actions Service

How to respond

To respond to this finding, do the following:

Review finding details

  1. Open the Defense Evasion: Organization Policy Changed finding as directed in Reviewing findings. Review the details in the Summary and JSON tabs.

  2. Identify other findings that occurred at a similar time for this resource. Related findings might indicate that this activity was malicious, instead of a failure to follow best practices.

  3. Review the settings of the affected resource.

  4. Check the logs for the affected resource.

Research attack and response methods

Review the MITRE ATT&CK framework entry for this finding type: Impair Defenses.

What's next