English
Deutsch
Español
Español – América Latina
Français
Indonesia
Italiano
Português
Português – Brasil
中文 – 简体
中文 – 繁體
日本語
한국어

Console

Nous contacter Commencer l'essai gratuit

Cette page a été traduite par l'API Cloud Translation.

Résultats de détection des menaces GKE

Security Command Center effectue une surveillance de l'exécution et basée sur les journaux des ressources Google Kubernetes Engine.

Types de résultats d'exécution

Les détections d'exécution suivantes sont disponibles avec Container Threat Detection :

Added Binary Executed

Added Library Loaded

Collection: Pam.d Modification

Command and Control: Steganography Tool Detected

Credential Access: Access Sensitive Files On Nodes

Credential Access: Find Google Cloud Credentials

Credential Access: GPG Key Reconnaissance

Credential Access: Search Private Keys or Passwords

Defense Evasion: Base64 ELF File Command Line

Defense Evasion: Base64 Encoded Python Script Executed

Defense Evasion: Base64 Encoded Shell Script Executed

Defense Evasion: Disable or Modify Linux Audit System

Defense Evasion: Launch Code Compiler Tool In Container

Defense Evasion: Root Certificate Installed

Execution: Added Malicious Binary Executed

Execution: Added Malicious Library Loaded

Execution: Built in Malicious Binary Executed

Execution: Container Escape

Execution: Fileless Execution in /memfd:

Execution: Ingress Nightmare Vulnerability Exploitation

Execution: Kubernetes Attack Tool Execution

Execution: Local Reconnaissance Tool Execution

Execution: Malicious Python executed

Execution: Modified Malicious Binary Executed

Execution: Modified Malicious Library Loaded

Execution: Netcat Remote Code Execution in Container

Execution: Possible Remote Command Execution Detected

Execution: Program Run with Disallowed HTTP Proxy Env

Execution: Suspicious Cron Modification

Execution: Suspicious OpenSSL Shared Object Loaded

Exfiltration: Launch Remote File Copy Tools in Container

Impact: Detect Malicious Cmdlines

Impact: Remove Bulk Data From Disk

Impact: Suspicious crypto mining activity using the Stratum Protocol

Malicious Script Executed

Malicious URL Observed

Persistence: Modify ld.so.preload

Privilege Escalation: Fileless Execution in /dev/shm

Reverse Shell

Unexpected Child Shell

Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177)

Execution: Socat Reverse Shell Detected

Privilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287)

Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034)

Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156)

Types de résultats basés sur les journaux

Les détections basées sur les journaux suivantes sont disponibles avec Event Threat Detection :

Credential Access: Failed Attempt to Approve Kubernetes Certificate Signing Request (CSR)

Credential Access: Manually Approved Kubernetes Certificate Signing Request (CSR)

Credential Access: Secrets Accessed In Kubernetes Namespace

Defense Evasion: Anonymous Sessions Granted Cluster Admin Access

Defense Evasion: Breakglass Workload Deployment Created

Defense Evasion: Breakglass Workload Deployment Updated

Defense Evasion: Manually Deleted Certificate Signing Request (CSR)

Defense Evasion: Potential Kubernetes Pod Masquerading

Defense Evasion: Static Pod Created

Discovery: Can get sensitive Kubernetes object check

Execution: GKE launch excessively capable container

Execution: Kubernetes Pod Created with Potential Reverse Shell Arguments

Execution: Suspicious Exec or Attach to a System Pod

Execution: Workload triggered in sensitive namespace

Impact: GKE kube-dns modification detected

Impact: Suspicious Kubernetes Container Names - Cryptocurrency Mining

Initial Access: Anonymous GKE Resource Created from the Internet

Initial Access: GKE NodePort service created

Initial Access: GKE Resource Modified Anonymously from the Internet

Initial Access: Successful API call made from a TOR proxy IP

Persistence: GKE Webhook Configuration Detected

Persistence: Service Account Created in sensitive namespace

Privilege Escalation: Changes to sensitive Kubernetes RBAC objects

Privilege Escalation: ClusterRole with Privileged Verbs

Privilege Escalation: ClusterRoleBinding to Privileged Role

Privilege Escalation: Create Kubernetes CSR for master cert

Privilege Escalation: Creation of sensitive Kubernetes bindings

Privilege Escalation: Effectively Anonymous Users Granted GKE Cluster Access

Privilege Escalation: Get Kubernetes CSR with compromised bootstrap credentials

Privilege Escalation: Launch of privileged Kubernetes container

Privilege Escalation: Suspicious Kubernetes Container Names - Exploitation and Escape

Privilege Escalation: Workload Created with a Sensitive Host Path Mount

Privilege Escalation: Workload with shareProcessNamespace enabled

Étapes suivantes

En savoir plus sur Container Threat Detection
En savoir plus sur Event Threat Detection
Consultez l'index des résultats sur les menaces.

Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0, et les échantillons de code sont régis par une licence Apache 2.0. Pour en savoir plus, consultez les Règles du site Google Developers. Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.

Dernière mise à jour le 2025/10/02 (UTC).