Security Command Center analizza vari log per trovare principali IAM potenzialmente compromessi e altre minacce che possono avere un impatto trasversale su varie risorse nel tuo ambiente cloud.
Le seguenti rilevazioni basate sui log sono disponibili con Event Threat Detection:
Defense Evasion: Modify VPC Service ControlDefense Evasion: Organization-Level Service Account Token Creator Role AddedDefense Evasion: Project-Level Service Account Token Creator Role AddedDiscovery: Information Gathering Tool UsedDiscovery: Service Account Self-InvestigationDiscovery: Unauthorized Service Account API CallImpact: Billing DisabledImpact: Billing DisabledImpact: Service API DisabledInitial Access: Dormant Service Account ActionInitial Access: Dormant Service Account Key CreatedInitial Access: Excessive Permission Denied ActionsPersistence: IAM Anomalous GrantPersistence: New API MethodPersistence: New GeographyPersistence: New User AgentPersistence: Service Account Key CreatedPersistence: Unmanaged Account Granted Sensitive RolePrivilege Escalation: Anomalous Impersonation of Service Account for Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for Data AccessPrivilege Escalation: Anomalous Service Account Impersonator for Admin ActivityPrivilege Escalation: Anomalous Service Account Impersonator for Data AccessPrivilege Escalation: Dormant Service Account Granted Sensitive RolePrivilege Escalation: External Member Added To Privileged GroupPrivilege Escalation: Impersonation Role Granted For Dormant Service AccountPrivilege Escalation: New Service Account is Owner or EditorPrivilege Escalation: Privileged Group Opened To PublicPrivilege Escalation: Sensitive Role Granted To Hybrid GroupPrivilege Escalation: Suspicious Cross-Project Permission UsePrivilege Escalation: Suspicious Token GenerationPrivilege Escalation: Suspicious Token GenerationPrivilege Escalation: Suspicious Token GenerationPrivilege Escalation: Suspicious Token GenerationResource Development: Offensive Security Distro ActivityInitial Access: Leaked Service Account Key UsedAccount has leaked credentialsDefense Evasion: Organization Policy ChangedDefense Evasion: Remove Billing AdminPersistence: Add Sensitive RolePersistence: Project SSH Key AddedPassaggi successivi
- Scopri di più su Event Threat Detection.
- Consulta l'indice dei risultati delle minacce.