Temuan ancaman IAM

Security Command Center menganalisis berbagai log untuk menemukan principal IAM yang berpotensi disusupi dan ancaman lain yang dapat berdampak luas pada berbagai resource di lingkungan cloud Anda.

Deteksi berbasis log berikut tersedia dengan Event Threat Detection:

  • Defense Evasion: Modify VPC Service Control
  • Defense Evasion: Organization-Level Service Account Token Creator Role Added
  • Defense Evasion: Project-Level Service Account Token Creator Role Added
  • Discovery: Information Gathering Tool Used
  • Discovery: Service Account Self-Investigation
  • Discovery: Unauthorized Service Account API Call
  • Impact: Billing Disabled
  • Impact: Billing Disabled
  • Impact: Service API Disabled
  • Initial Access: Dormant Service Account Action
  • Initial Access: Dormant Service Account Key Created
  • Initial Access: Excessive Permission Denied Actions
  • Persistence: IAM Anomalous Grant
  • Persistence: New API Method
  • Persistence: New Geography
  • Persistence: New User Agent
  • Persistence: Service Account Key Created
  • Persistence: Unmanaged Account Granted Sensitive Role
  • Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity
  • Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity
  • Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access
  • Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity
  • Privilege Escalation: Anomalous Service Account Impersonator for Data Access
  • Privilege Escalation: Dormant Service Account Granted Sensitive Role
  • Privilege Escalation: External Member Added To Privileged Group
  • Privilege Escalation: Impersonation Role Granted For Dormant Service Account
  • Privilege Escalation: New Service Account is Owner or Editor
  • Privilege Escalation: Privileged Group Opened To Public
  • Privilege Escalation: Sensitive Role Granted To Hybrid Group
  • Privilege Escalation: Suspicious Cross-Project Permission Use
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Resource Development: Offensive Security Distro Activity
  • Initial Access: Leaked Service Account Key Used
  • Account has leaked credentials
  • Defense Evasion: Organization Policy Changed
  • Defense Evasion: Remove Billing Admin
  • Persistence: Add Sensitive Role
  • Persistence: Project SSH Key Added

    • Langkah berikutnya