Security Command Center analyse différents journaux pour identifier les principaux IAM potentiellement compromis et d'autres menaces susceptibles d'avoir un impact transversal sur différentes ressources de votre environnement cloud.
Les détections basées sur les journaux suivantes sont disponibles avec Event Threat Detection :
Defense Evasion: Modify VPC Service ControlDefense Evasion: Organization-Level Service Account Token Creator Role AddedDefense Evasion: Project-Level Service Account Token Creator Role AddedDiscovery: Information Gathering Tool UsedDiscovery: Service Account Self-InvestigationDiscovery: Unauthorized Service Account API CallImpact: Billing DisabledImpact: Billing DisabledImpact: Service API DisabledInitial Access: Dormant Service Account ActionInitial Access: Dormant Service Account Key CreatedInitial Access: Excessive Permission Denied ActionsPersistence: IAM Anomalous GrantPersistence: New API MethodPersistence: New GeographyPersistence: New User AgentPersistence: Service Account Key CreatedPersistence: Unmanaged Account Granted Sensitive RolePrivilege Escalation: Anomalous Impersonation of Service Account for Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for Data AccessPrivilege Escalation: Anomalous Service Account Impersonator for Admin ActivityPrivilege Escalation: Anomalous Service Account Impersonator for Data AccessPrivilege Escalation: Dormant Service Account Granted Sensitive RolePrivilege Escalation: External Member Added To Privileged GroupPrivilege Escalation: Impersonation Role Granted For Dormant Service AccountPrivilege Escalation: New Service Account is Owner or EditorPrivilege Escalation: Privileged Group Opened To PublicPrivilege Escalation: Sensitive Role Granted To Hybrid GroupPrivilege Escalation: Suspicious Cross-Project Permission UsePrivilege Escalation: Suspicious Token GenerationPrivilege Escalation: Suspicious Token GenerationPrivilege Escalation: Suspicious Token GenerationPrivilege Escalation: Suspicious Token GenerationResource Development: Offensive Security Distro ActivityInitial Access: Leaked Service Account Key UsedAccount has leaked credentialsDefense Evasion: Organization Policy ChangedDefense Evasion: Remove Billing AdminPersistence: Add Sensitive RolePersistence: Project SSH Key AddedÉtapes suivantes
- En savoir plus sur Event Threat Detection
- Consultez l'index des résultats sur les menaces.