Security Command Center 會分析各種記錄,找出可能遭入侵的 IAM 主體,以及可能對雲端環境中各種資源造成全面影響的其他威脅。
Event Threat Detection 提供下列記錄檔偵測功能:
Defense Evasion: Modify VPC Service ControlDefense Evasion: Organization-Level Service Account Token Creator Role AddedDefense Evasion: Project-Level Service Account Token Creator Role AddedDiscovery: Information Gathering Tool UsedDiscovery: Service Account Self-InvestigationDiscovery: Unauthorized Service Account API CallImpact: Billing DisabledImpact: Billing DisabledImpact: Service API DisabledInitial Access: Dormant Service Account ActionInitial Access: Dormant Service Account Key CreatedInitial Access: Excessive Permission Denied ActionsPersistence: IAM Anomalous GrantPersistence: New API MethodPersistence: New GeographyPersistence: New User AgentPersistence: Service Account Key CreatedPersistence: Unmanaged Account Granted Sensitive RolePrivilege Escalation: Anomalous Impersonation of Service Account for Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for Data AccessPrivilege Escalation: Anomalous Service Account Impersonator for Admin ActivityPrivilege Escalation: Anomalous Service Account Impersonator for Data AccessPrivilege Escalation: Dormant Service Account Granted Sensitive RolePrivilege Escalation: External Member Added To Privileged GroupPrivilege Escalation: Impersonation Role Granted For Dormant Service AccountPrivilege Escalation: New Service Account is Owner or EditorPrivilege Escalation: Privileged Group Opened To PublicPrivilege Escalation: Sensitive Role Granted To Hybrid GroupPrivilege Escalation: Suspicious Cross-Project Permission UsePrivilege Escalation: Suspicious Token GenerationPrivilege Escalation: Suspicious Token GenerationPrivilege Escalation: Suspicious Token GenerationPrivilege Escalation: Suspicious Token GenerationResource Development: Offensive Security Distro ActivityInitial Access: Leaked Service Account Key UsedAccount has leaked credentialsDefense Evasion: Organization Policy ChangedDefense Evasion: Remove Billing AdminPersistence: Add Sensitive RolePersistence: Project SSH Key Added後續步驟
- 瞭解 Event Threat Detection。
- 請參閱威脅發現項目索引。