IAM の脅威の検出結果

Security Command Center は、さまざまなログを分析して、クラウド環境内のさまざまなリソースに影響を与える可能性のある IAM プリンシパルやその他の脅威を検出します。

次のログベースの検出は、Event Threat Detection で使用できます。

Defense Evasion: Modify VPC Service Control

Defense Evasion: Organization-Level Service Account Token Creator Role Added

Defense Evasion: Project-Level Service Account Token Creator Role Added

Discovery: Information Gathering Tool Used

Discovery: Service Account Self-Investigation

Discovery: Unauthorized Service Account API Call

Impact: Billing Disabled

Impact: Billing Disabled

Impact: Service API Disabled

Initial Access: Dormant Service Account Action

Initial Access: Dormant Service Account Key Created

Initial Access: Excessive Permission Denied Actions

Persistence: IAM Anomalous Grant

Persistence: New API Method

Persistence: New Geography

Persistence: New User Agent

Persistence: Service Account Key Created

Persistence: Unmanaged Account Granted Sensitive Role

Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity

Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity

Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access

Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity

Privilege Escalation: Anomalous Service Account Impersonator for Data Access

Privilege Escalation: Dormant Service Account Granted Sensitive Role

Privilege Escalation: External Member Added To Privileged Group

Privilege Escalation: Impersonation Role Granted For Dormant Service Account

Privilege Escalation: New Service Account is Owner or Editor

Privilege Escalation: Privileged Group Opened To Public

Privilege Escalation: Sensitive Role Granted To Hybrid Group

Privilege Escalation: Suspicious Cross-Project Permission Use

Privilege Escalation: Suspicious Token Generation

Privilege Escalation: Suspicious Token Generation

Privilege Escalation: Suspicious Token Generation

Privilege Escalation: Suspicious Token Generation

Resource Development: Offensive Security Distro Activity

Initial Access: Leaked Service Account Key Used

Account has leaked credentials

Defense Evasion: Organization Policy Changed

Defense Evasion: Remove Billing Admin

Persistence: Add Sensitive Role

Persistence: Project SSH Key Added

次のステップ

• Event Threat Detection について学習する。
• 脅威の検出結果のインデックスを参照する。