IAM 위협 발견 항목

Security Command Center는 다양한 로그를 분석하여 잠재적으로 보안이 침해된 IAM 보안 주체와 클라우드 환경의 다양한 리소스에 전반적인 영향을 미칠 수 있는 기타 위협을 찾습니다.

Event Threat Detection을 사용하면 다음과 같은 로그 기반 감지를 사용할 수 있습니다.

Defense Evasion: Modify VPC Service Control

Defense Evasion: Organization-Level Service Account Token Creator Role Added

Defense Evasion: Project-Level Service Account Token Creator Role Added

Discovery: Information Gathering Tool Used

Discovery: Service Account Self-Investigation

Discovery: Unauthorized Service Account API Call

Impact: Billing Disabled

Impact: Billing Disabled

Impact: Service API Disabled

Initial Access: Dormant Service Account Action

Initial Access: Dormant Service Account Key Created

Initial Access: Excessive Permission Denied Actions

Persistence: IAM Anomalous Grant

Persistence: New API Method

Persistence: New Geography

Persistence: New User Agent

Persistence: Service Account Key Created

Persistence: Unmanaged Account Granted Sensitive Role

Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity

Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity

Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access

Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity

Privilege Escalation: Anomalous Service Account Impersonator for Data Access

Privilege Escalation: Dormant Service Account Granted Sensitive Role

Privilege Escalation: External Member Added To Privileged Group

Privilege Escalation: Impersonation Role Granted For Dormant Service Account

Privilege Escalation: New Service Account is Owner or Editor

Privilege Escalation: Privileged Group Opened To Public

Privilege Escalation: Sensitive Role Granted To Hybrid Group

Privilege Escalation: Suspicious Cross-Project Permission Use

Privilege Escalation: Suspicious Token Generation

Privilege Escalation: Suspicious Token Generation

Privilege Escalation: Suspicious Token Generation

Privilege Escalation: Suspicious Token Generation

Resource Development: Offensive Security Distro Activity

Initial Access: Leaked Service Account Key Used

Account has leaked credentials

Defense Evasion: Organization Policy Changed

Defense Evasion: Remove Billing Admin

Persistence: Add Sensitive Role

Persistence: Project SSH Key Added

다음 단계

• Event Threat Detection에 대해 알아보기
• 위협 발견 항목 색인을 참고하세요.