IAM 위협 발견 사항

Security Command Center는 다양한 로그를 분석하여 잠재적으로 보안이 침해된 IAM 보안 주체와 클라우드 환경의 다양한 리소스에 전반적인 영향을 미칠 수 있는 기타 위협을 찾습니다.

다음 로그 기반 감지는 Event Threat Detection에서 사용할 수 있습니다.

  • Defense Evasion: Modify VPC Service Control
  • Defense Evasion: Organization-Level Service Account Token Creator Role Added
  • Defense Evasion: Project-Level Service Account Token Creator Role Added
  • Discovery: Information Gathering Tool Used
  • Discovery: Service Account Self-Investigation
  • Discovery: Unauthorized Service Account API Call
  • Impact: Billing Disabled
  • Impact: Billing Disabled
  • Impact: Service API Disabled
  • Initial Access: Dormant Service Account Action
  • Initial Access: Dormant Service Account Key Created
  • Initial Access: Excessive Permission Denied Actions
  • Persistence: IAM Anomalous Grant
  • Persistence: New API Method
  • Persistence: New Geography
  • Persistence: New User Agent
  • Persistence: Service Account Key Created
  • Persistence: Unmanaged Account Granted Sensitive Role
  • Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity
  • Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity
  • Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access
  • Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity
  • Privilege Escalation: Anomalous Service Account Impersonator for Data Access
  • Privilege Escalation: Dormant Service Account Granted Sensitive Role
  • Privilege Escalation: External Member Added To Privileged Group
  • Privilege Escalation: Impersonation Role Granted For Dormant Service Account
  • Privilege Escalation: New Service Account is Owner or Editor
  • Privilege Escalation: Privileged Group Opened To Public
  • Privilege Escalation: Sensitive Role Granted To Hybrid Group
  • Privilege Escalation: Suspicious Cross-Project Permission Use
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Resource Development: Offensive Security Distro Activity
  • Initial Access: Leaked Service Account Key Used
  • Account has leaked credentials
  • Defense Evasion: Organization Policy Changed
  • Defense Evasion: Remove Billing Admin
  • Persistence: Add Sensitive Role
  • Persistence: Project SSH Key Added

    • 다음 단계