IAM 威胁发现结果

Security Command Center 会分析各种日志,以查找可能遭到入侵的 IAM 主账号以及可能会对云环境中各种资源产生广泛影响的其他威胁。

Event Threat Detection 支持以下基于日志的检测:

  • Defense Evasion: Modify VPC Service Control
  • Defense Evasion: Organization-Level Service Account Token Creator Role Added
  • Defense Evasion: Project-Level Service Account Token Creator Role Added
  • Discovery: Information Gathering Tool Used
  • Discovery: Service Account Self-Investigation
  • Discovery: Unauthorized Service Account API Call
  • Impact: Billing Disabled
  • Impact: Billing Disabled
  • Impact: Service API Disabled
  • Initial Access: Dormant Service Account Action
  • Initial Access: Dormant Service Account Key Created
  • Initial Access: Excessive Permission Denied Actions
  • Persistence: IAM Anomalous Grant
  • Persistence: New API Method
  • Persistence: New Geography
  • Persistence: New User Agent
  • Persistence: Service Account Key Created
  • Persistence: Unmanaged Account Granted Sensitive Role
  • Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity
  • Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity
  • Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access
  • Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity
  • Privilege Escalation: Anomalous Service Account Impersonator for Data Access
  • Privilege Escalation: Dormant Service Account Granted Sensitive Role
  • Privilege Escalation: External Member Added To Privileged Group
  • Privilege Escalation: Impersonation Role Granted For Dormant Service Account
  • Privilege Escalation: New Service Account is Owner or Editor
  • Privilege Escalation: Privileged Group Opened To Public
  • Privilege Escalation: Sensitive Role Granted To Hybrid Group
  • Privilege Escalation: Suspicious Cross-Project Permission Use
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Privilege Escalation: Suspicious Token Generation
  • Resource Development: Offensive Security Distro Activity
  • Initial Access: Leaked Service Account Key Used
  • Account has leaked credentials
  • Defense Evasion: Organization Policy Changed
  • Defense Evasion: Remove Billing Admin
  • Persistence: Add Sensitive Role
  • Persistence: Project SSH Key Added

    • 后续步骤