Security Command Center memiliki pendeteksi untuk ancaman umum terkait AI dan pendeteksi yang dirancang untuk agen AI yang di-deploy ke Agent Runtime.
Ancaman AI umum
Deteksi berbasis log berikut tersedia dengan Event Threat Detection:
-
Initial Access: Dormant Service Account Activity in AI Service -
Persistence: New AI API Method -
Persistence: New Geography for AI Service -
Privilege Escalation: Anomalous Impersonation of Service Account for AI Admin Activity -
Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin Activity -
Privilege Escalation: Anomalous Multistep Service Account Delegation for AI Data Access -
Privilege Escalation: Anomalous Service Account Impersonator for AI Admin Activity -
Privilege Escalation: Anomalous Service Account Impersonator for AI Data Access
Ancaman terhadap agen yang di-deploy ke Agent Runtime
Security Command Center melakukan pemantauan runtime dan control plane terhadap agen AI yang di-deploy ke runtime Agent Runtime.
Jenis temuan runtime
Deteksi runtime berikut tersedia dengan Deteksi Ancaman Platform Agen:
-
Command and Control: Steganography Tool Detected -
Credential Access: Find Google Cloud Credentials -
Credential Access: GPG Key Reconnaissance -
Credential Access: Search Private Keys or Passwords -
Defense Evasion: Base64 ELF File Command Line -
Defense Evasion: Base64 Encoded Python Script Executed -
Defense Evasion: Base64 Encoded Shell Script Executed -
Defense Evasion: Launch Code Compiler Tool In Container -
Execution: Added Malicious Binary Executed -
Execution: Added Malicious Library Loaded -
Execution: Built in Malicious Binary Executed -
Execution: Container Escape -
Execution: Fileless Execution in /memfd: -
Execution: Kubernetes Attack Tool Execution -
Execution: Local Reconnaissance Tool Execution -
Execution: Malicious Python Executed -
Execution: Modified Malicious Binary Executed -
Execution: Modified Malicious Library Loaded -
Execution: Netcat Remote Code Execution in Container -
Execution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177) -
Execution: Possible Remote Command Execution Detected -
Execution: Program Run with Disallowed HTTP Proxy Env -
Execution: Socat Reverse Shell Detected -
Execution: Suspicious OpenSSL Shared Object Loaded -
Exfiltration: Launch Remote File Copy Tools in Container -
Impact: Detect Malicious Cmdlines -
Impact: Remove Bulk Data from Disk -
Impact: Suspicious crypto mining activity using the Stratum Protocol -
Malicious Script Executed -
Malicious URL Observed -
Privilege Escalation: Attempt to Abuse Sudo For Privilege Escalation (CVE-2019-14287) -
Privilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034) -
Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156) -
Reverse Shell -
Unexpected Child Shell
Jenis temuan bidang kontrol
Deteksi bidang kontrol berikut tersedia dengan Event Threat Detection:
-
Credential Access: AI Agent Anomalous Access to Metadata Service -
Defense Evasion: Folder Level TokenCreator Role Granted to AI Agent -
Defense Evasion: Organization Level TokenCreator Role Granted to AI Agent -
Defense Evasion: Project Level TokenCreator Role Granted to AI Agent -
Discovery: AI Agent Service Account Self-Investigation -
Discovery: AI Agent Unauthorized Service Account API Call -
Discovery: Evidence of Port Scanning from AI Agent -
Exfiltration: AI Agent Initiated BigQuery Data Exfiltration to External Table -
Exfiltration: AI Agent Initiated BigQuery Data Extraction -
Exfiltration: AI Agent Initiated BigQuery VPC Perimeter Violation -
Exfiltration: AI Agent Initiated CloudSQL Exfiltration to External Bucket -
Exfiltration: AI Agent Initiated CloudSQL Exfiltration to Public Bucket -
Initial Access: AI Agent Identity Excessive Permission Denied Actions -
Persistence: Sensitive AI Permission Added to Custom Role -
Persistence: Sensitive Role Granted by AI Agent -
Persistence: Sensitive Role Granted to External AI Agent -
Privilege Escalation: AI Agent Suspicious Cross-Project Access Token Generation -
Privilege Escalation: AI Agent Suspicious Cross-Project OpenID Token Generation -
Privilege Escalation: AI Agent Suspicious Token Generation Using Implicit Delegation -
Privilege Escalation: AI Agent Suspicious Token Generation Using signJwt
Langkah berikutnya
- Pelajari Event Threat Detection.
- Pelajari Deteksi Ancaman Platform Agen.
- Pelajari cara menanggapi temuan ancaman AI.
- Lihat Indeks temuan ancaman.