威胁发现结果索引

本文档可帮助您查找 Security Command Center 中提供的威胁发现结果。您可以使用过滤条件搜索威胁发现类别、受监控的云资源或检测服务,以获取更多详细信息。

名称 资源类别 检测服务
Active Scan: Log4j Vulnerable to RCE 网络 Event Threat Detection
Added Binary Executed Google Kubernetes Engine 容器威胁检测
Added Library Loaded Google Kubernetes Engine 容器威胁检测
Brute force SSH Compute Engine Event Threat Detection
Cloud IDS: THREAT_IDENTIFIER 网络 Event Threat Detection
Command and Control: Steganography Tool Detected Google Kubernetes Engine 容器威胁检测
Credential Access: CloudDB Failed login from Anonymizing Proxy IP 数据库 Event Threat Detection
Credential Access: Failed Attempt to Approve Kubernetes Certificate Signing Request (CSR) Google Kubernetes Engine Event Threat Detection
Credential Access: Find Google Cloud Credentials Google Kubernetes Engine 容器威胁检测
Credential Access: GPG Key Reconnaissance Google Kubernetes Engine 容器威胁检测
Credential Access: Manually Approved Kubernetes Certificate Signing Request (CSR) Google Kubernetes Engine Event Threat Detection
Credential Access: Search Private Keys or Passwords Google Kubernetes Engine 容器威胁检测
Credential Access: Secrets Accessed In Kubernetes Namespace Google Kubernetes Engine Event Threat Detection
Defense Evasion: Base64 ELF File Command Line Google Kubernetes Engine 容器威胁检测
Defense Evasion: Base64 Encoded Python Script Executed Google Kubernetes Engine 容器威胁检测
Defense Evasion: Base64 Encoded Shell Script Executed Google Kubernetes Engine 容器威胁检测
Defense Evasion: Breakglass Workload Deployment Created Google Kubernetes Engine Event Threat Detection
Defense Evasion: Breakglass Workload Deployment Updated Google Kubernetes Engine Event Threat Detection
Defense Evasion: GCS Bucket IP Filtering Modified Cloud Storage Event Threat Detection
Defense Evasion: Launch Code Compiler Tool In Container Google Kubernetes Engine 容器威胁检测
Defense Evasion: Manually Deleted Certificate Signing Request (CSR) Google Kubernetes Engine Event Threat Detection
Defense Evasion: Modify VPC Service Control IAM Event Threat Detection
Defense Evasion: Potential Kubernetes Pod Masquerading Google Kubernetes Engine Event Threat Detection
Defense Evasion: Project HTTP Policy Block Disabled Cloud Storage Event Threat Detection
Defense Evasion: Rootkit Compute Engine 虚拟机威胁检测
Defense Evasion: Static Pod Created Google Kubernetes Engine Event Threat Detection
Defense Evasion: Unexpected ftrace handler Compute Engine 虚拟机威胁检测
Defense Evasion: Unexpected interrupt handler Compute Engine 虚拟机威胁检测
Defense Evasion: Unexpected kernel modules Compute Engine 虚拟机威胁检测
Defense Evasion: Unexpected kernel read-only data modification Compute Engine 虚拟机威胁检测
Defense Evasion: Unexpected kprobe handler Compute Engine 虚拟机威胁检测
Defense Evasion: Unexpected processes in runqueue Compute Engine 虚拟机威胁检测
Defense Evasion: Unexpected system call handler Compute Engine 虚拟机威胁检测
Discovery: Can get sensitive Kubernetes object check Google Kubernetes Engine Event Threat Detection
Discovery: Service Account Self-Investigation IAM Event Threat Detection
Evasion: Access from Anonymizing Proxy IAM Event Threat Detection
Execution: Added Malicious Binary Executed Google Kubernetes Engine 容器威胁检测
Execution: Added Malicious Library Loaded Google Kubernetes Engine 容器威胁检测
Execution: Built in Malicious Binary Executed Google Kubernetes Engine 容器威胁检测
Execution: Container Escape Google Kubernetes Engine 容器威胁检测
Execution: cryptocurrency mining combined detection Compute Engine 虚拟机威胁检测
Execution: Cryptocurrency Mining Hash Match Compute Engine 虚拟机威胁检测
Execution: Cryptocurrency Mining YARA Rule Compute Engine 虚拟机威胁检测
Execution: Cryptomining Docker Image Cloud Run Event Threat Detection
Execution: Fileless Execution in /memfd: Google Kubernetes Engine 容器威胁检测
Execution: GKE launch excessively capable container Google Kubernetes Engine Event Threat Detection
Execution: Ingress Nightmare Vulnerability Exploitation Google Kubernetes Engine 容器威胁检测
Execution: Kubernetes Attack Tool Execution Google Kubernetes Engine 容器威胁检测
Execution: Kubernetes Pod Created with Potential Reverse Shell Arguments Google Kubernetes Engine Event Threat Detection
Execution: Local Reconnaissance Tool Execution Google Kubernetes Engine 容器威胁检测
Execution: Malicious Python executed Google Kubernetes Engine 容器威胁检测
Execution: Modified Malicious Binary Executed Google Kubernetes Engine 容器威胁检测
Execution: Modified Malicious Library Loaded Google Kubernetes Engine 容器威胁检测
Execution: Netcat Remote Code Execution in Container Google Kubernetes Engine 容器威胁检测
Execution: Possible Remote Command Execution Detected Google Kubernetes Engine 容器威胁检测
Execution: Program Run with Disallowed HTTP Proxy Env Google Kubernetes Engine 容器威胁检测
Execution: Suspicious Exec or Attach to a System Pod Google Kubernetes Engine Event Threat Detection
Execution: Suspicious OpenSSL Shared Object Loaded Google Kubernetes Engine 容器威胁检测
Execution: Workload triggered in sensitive namespace Google Kubernetes Engine Event Threat Detection
Exfiltration: Cloud SQL Data Exfiltration 数据库 Event Threat Detection
Exfiltration: Cloud SQL Over-Privileged Grant 数据库 Event Threat Detection
Exfiltration: Cloud SQL Restore Backup to External Organization 数据库 Event Threat Detection
Exfiltration: BigQuery Data Exfiltration BigQuery Event Threat Detection
Exfiltration: BigQuery Data Extraction BigQuery Event Threat Detection
Exfiltration: BigQuery Data to Google Drive BigQuery Event Threat Detection
Exfiltration: Launch Remote File Copy Tools in Container Google Kubernetes Engine 容器威胁检测
Impact: Cryptomining Commands Cloud Run Event Threat Detection
Impact: Deleted Google Cloud Backup and DR Backup Backup and DR Event Threat Detection
Impact: Deleted Google Cloud Backup and DR host Backup and DR Event Threat Detection
Impact: Deleted Google Cloud Backup and DR plan association Backup and DR Event Threat Detection
Impact: Deleted Google Cloud Backup and DR Vault Backup and DR Event Threat Detection
Impact: Detect Malicious Cmdlines Google Kubernetes Engine 容器威胁检测
Impact: GKE kube-dns modification detected Google Kubernetes Engine Event Threat Detection
Impact: Google Cloud Backup and DR delete policy Backup and DR Event Threat Detection
Impact: Google Cloud Backup and DR delete profile Backup and DR Event Threat Detection
Impact: Google Cloud Backup and DR delete storage pool Backup and DR Event Threat Detection
Impact: Google Cloud Backup and DR delete template Backup and DR Event Threat Detection
Impact: Google Cloud Backup and DR expire all images Backup and DR Event Threat Detection
Impact: Google Cloud Backup and DR expire image Backup and DR Event Threat Detection
Impact: Google Cloud Backup and DR reduced backup expiration Backup and DR Event Threat Detection
Impact: Google Cloud Backup and DR reduced backup frequency Backup and DR Event Threat Detection
Impact: Google Cloud Backup and DR remove appliance Backup and DR Event Threat Detection
Impact: Google Cloud Backup and DR remove plan Backup and DR Event Threat Detection
Impact: Remove Bulk Data From Disk Google Kubernetes Engine 容器威胁检测
Impact: Suspicious crypto mining activity using the Stratum Protocol Google Kubernetes Engine 容器威胁检测
Impact: Suspicious Kubernetes Container Names - Cryptocurrency Mining Google Kubernetes Engine Event Threat Detection
Persistence: Strong Authentication Disabled Google Workspace Event Threat Detection
Initial Access: Account Disabled Hijacked Google Workspace Event Threat Detection
Initial Access: Anonymous GKE Resource Created from the Internet Google Kubernetes Engine Event Threat Detection
Initial Access: CloudDB Successful login from Anonymizing Proxy IP 数据库 Event Threat Detection
Initial Access: Database Superuser Writes to User Tables 数据库 Event Threat Detection
Initial Access: Disabled Password Leak Google Workspace Event Threat Detection
Initial Access: Dormant Service Account Action IAM Event Threat Detection
Initial Access: Dormant Service Account Activity in AI Service AI Event Threat Detection
Initial Access: Dormant Service Account Key Created IAM Event Threat Detection
Initial Access: Excessive Permission Denied Actions IAM Event Threat Detection
Initial Access: GKE NodePort service created Google Kubernetes Engine Event Threat Detection
Initial Access: GKE Resource Modified Anonymously from the Internet Google Kubernetes Engine Event Threat Detection
Initial Access: Government Based Attack Google Workspace Event Threat Detection
Initial Access: Log4j Compromise Attempt 网络 Event Threat Detection
Initial Access: Successful API call made from a TOR proxy IP Google Kubernetes Engine Event Threat Detection
Initial Access: Suspicious Login Blocked Google Workspace Event Threat Detection
Lateral Movement: Modified Boot Disk Attached to Instance Compute Engine Event Threat Detection
Log4j Malware: Bad Domain 网络 Event Threat Detection
Log4j Malware: Bad IP 网络 Event Threat Detection
Malicious Script Executed Google Kubernetes Engine 容器威胁检测
Malicious URL Observed Google Kubernetes Engine 容器威胁检测
Malware: bad domain 网络 Event Threat Detection
Malware: bad IP 网络 Event Threat Detection
Malware: Cryptomining Bad Domain 网络 Event Threat Detection
Malware: Cryptomining Bad IP 网络 Event Threat Detection
Malware: Malicious file on disk Amazon EC2 虚拟机威胁检测
Malware: Malicious file on disk (YARA) Compute Engine 虚拟机威胁检测
Persistence: IAM Anomalous Grant IAM Event Threat Detection
Persistence: GCE Admin Added SSH Key Compute Engine Event Threat Detection
Persistence: GCE Admin Added Startup Script Compute Engine Event Threat Detection
Persistence: GKE Webhook Configuration Detected Google Kubernetes Engine Event Threat Detection
Persistence: New AI API Method AI Event Threat Detection
Persistence: New API Method IAM Event Threat Detection
Persistence: New Geography IAM Event Threat Detection
Persistence: New Geography for AI Service AI Event Threat Detection
Persistence: New User Agent IAM Event Threat Detection
Persistence: Service Account Created in sensitive namespace Google Kubernetes Engine Event Threat Detection
Persistence: SSO Enablement Toggle Google Workspace Event Threat Detection
Persistence: SSO Settings Changed Google Workspace Event Threat Detection
Persistence: Two Step Verification Disabled Google Workspace Event Threat Detection
Persistence: Unmanaged Account Granted Sensitive Role IAM Event Threat Detection
Privilege Escalation: AlloyDB Database Superuser Writes to User Tables 数据库 Event Threat Detection
Privilege Escalation: AlloyDB Over-Privileged Grant 数据库 Event Threat Detection
Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity IAM Event Threat Detection
Privilege Escalation: Anomalous Impersonation of Service Account for AI Admin Activity AI Event Threat Detection
Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity IAM Event Threat Detection
Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin Activity AI Event Threat Detection
Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Data Access AI Event Threat Detection
Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access IAM Event Threat Detection
Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity IAM Event Threat Detection
Privilege Escalation: Anomalous Service Account Impersonator for AI Admin Activity AI Event Threat Detection
Privilege Escalation: Anomalous Service Account Impersonator for AI Data Access AI Event Threat Detection
Privilege Escalation: Anomalous Service Account Impersonator for Data Access IAM Event Threat Detection
Privilege Escalation: Changes to sensitive Kubernetes RBAC objects Google Kubernetes Engine Event Threat Detection
Privilege Escalation: ClusterRole with Privileged Verbs Google Kubernetes Engine Event Threat Detection
Privilege Escalation: ClusterRoleBinding to Privileged Role Google Kubernetes Engine Event Threat Detection
Privilege Escalation: Create Kubernetes CSR for master cert Google Kubernetes Engine Event Threat Detection
Privilege Escalation: Creation of sensitive Kubernetes bindings Google Kubernetes Engine Event Threat Detection
Privilege Escalation: Default Compute Engine Service Account SetIAMPolicy Cloud Run Event Threat Detection
Privilege Escalation: Dormant Service Account Granted Sensitive Role IAM Event Threat Detection
Privilege Escalation: Effectively Anonymous Users Granted GKE Cluster Access Google Kubernetes Engine Event Threat Detection
Privilege Escalation: External Member Added To Privileged Group IAM Event Threat Detection
Privilege Escalation: Fileless Execution in /dev/shm Google Kubernetes Engine 容器威胁检测
Privilege Escalation: Get Kubernetes CSR with compromised bootstrap credentials Google Kubernetes Engine Event Threat Detection
Privilege Escalation: Impersonation Role Granted For Dormant Service Account IAM Event Threat Detection
Privilege Escalation: Launch of privileged Kubernetes container Google Kubernetes Engine Event Threat Detection
Privilege Escalation: Privileged Group Opened To Public IAM Event Threat Detection
Privilege Escalation: Sensitive Role Granted To Hybrid Group IAM Event Threat Detection
Privilege Escalation: Suspicious Kubernetes Container Names - Exploitation and Escape Google Kubernetes Engine Event Threat Detection
Privilege Escalation: Workload Created with a Sensitive Host Path Mount Google Kubernetes Engine Event Threat Detection
Privilege Escalation: Workload with shareProcessNamespace enabled Google Kubernetes Engine Event Threat Detection
Reverse Shell Google Kubernetes Engine 容器威胁检测
Unexpected Child Shell Google Kubernetes Engine 容器威胁检测
Initial Access: Leaked Service Account Key Used IAM Event Threat Detection
Account has leaked credentials IAM 异常检测
Execution: Added Malicious Binary Executed Cloud Run Cloud Run 威胁检测
Execution: Added Malicious Library Loaded Cloud Run Cloud Run 威胁检测
Execution: Built in Malicious Binary Executed Cloud Run Cloud Run 威胁检测
Execution: Container Escape Cloud Run Cloud Run 威胁检测
Execution: Kubernetes Attack Tool Execution Cloud Run Cloud Run 威胁检测
Execution: Local Reconnaissance Tool Execution Cloud Run Cloud Run 威胁检测
Execution: Malicious Python executed Cloud Run Cloud Run 威胁检测
Execution: Modified Malicious Binary Executed Cloud Run Cloud Run 威胁检测
Execution: Modified Malicious Library Loaded Cloud Run Cloud Run 威胁检测
Malicious Script Executed Cloud Run Cloud Run 威胁检测
Malicious URL Observed Cloud Run Cloud Run 威胁检测
Reverse Shell Cloud Run Cloud Run 威胁检测
Unexpected Child Shell Cloud Run Cloud Run 威胁检测
Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177) Google Kubernetes Engine 容器威胁检测
Execution: Socat Reverse Shell Detected Google Kubernetes Engine 容器威胁检测
Privilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287) Google Kubernetes Engine 容器威胁检测
Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034) Google Kubernetes Engine 容器威胁检测
Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156) Google Kubernetes Engine 容器威胁检测