IAM-Ergebnisse zu Bedrohungen

Security Command Center analysiert verschiedene Logs, um potenziell kompromittierte IAM-Principals und andere Bedrohungen zu finden, die sich auf verschiedene Ressourcen in Ihrer Cloud-Umgebung auswirken können.

Die folgenden logbasierten Erkennungen sind mit Event Threat Detection verfügbar:

  • Defense Evasion: Modify VPC Service Control
  • Defense Evasion: Organization-Level Service Account Token Creator Role Added
  • Defense Evasion: Project-Level Service Account Token Creator Role Added
  • Discovery: Information Gathering Tool Used
  • Discovery: Service Account Self-Investigation
  • Discovery: Unauthorized Service Account API Call
  • Impact: Billing Disabled
  • Impact: Billing Disabled
  • Impact: Service API Disabled
  • Initial Access: Dormant Service Account Action
  • Initial Access: Dormant Service Account Key Created
  • Initial Access: Excessive Permission Denied Actions
  • Persistence: IAM Anomalous Grant
  • Persistence: New API Method
  • Persistence: New Geography
  • Persistence: New User Agent
  • Persistence: Service Account Key Created
  • Persistence: Unmanaged Account Granted Sensitive Role
  • Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity
  • Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity
  • Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access
  • Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity
  • Privilege Escalation: Anomalous Service Account Impersonator for Data Access
  • Privilege Escalation: Dormant Service Account Granted Sensitive Role
  • Privilege Escalation: External Member Added To Privileged Group
  • Privilege Escalation: Impersonation Role Granted For Dormant Service Account
  • Privilege Escalation: New Service Account is Owner or Editor
  • Privilege Escalation: Privileged Group Opened To Public
  • Privilege Escalation: Sensitive Role Granted To Hybrid Group
  • Privilege Escalation: Suspicious Cross-Project Permission Use
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Resource Development: Offensive Security Distro Activity
  • Initial Access: Leaked Service Account Key Used
  • Account has leaked credentials
  • Defense Evasion: Organization Policy Changed
  • Defense Evasion: Remove Billing Admin
  • Persistence: Add Sensitive Role
  • Persistence: Project SSH Key Added

    • Nächste Schritte