Security Command Center memiliki detektor untuk ancaman umum terkait AI dan detektor yang dirancang untuk agen AI yang di-deploy ke Runtime Vertex AI Agent Engine.
Ancaman AI umum
Deteksi berbasis log berikut tersedia dengan Event Threat Detection:
Initial Access: Dormant Service Account Activity in AI ServicePersistence: New AI API MethodPersistence: New Geography for AI ServicePrivilege Escalation: Anomalous Impersonation of Service Account for AI Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for AI Data AccessPrivilege Escalation: Anomalous Service Account Impersonator for AI Admin ActivityPrivilege Escalation: Anomalous Service Account Impersonator for AI Data Access
Ancaman terhadap agen yang di-deploy ke Runtime Vertex AI Agent Engine
Security Command Center melakukan pemantauan runtime dan control plane terhadap agen AI yang di-deploy ke Runtime Vertex AI Agent Engine.
Jenis temuan runtime
Deteksi runtime berikut tersedia dengan Deteksi Ancaman Mesin Agen:
Execution: Added Malicious Binary ExecutedExecution: Added Malicious Library LoadedExecution: Built in Malicious Binary ExecutedExecution: Container EscapeExecution: Kubernetes Attack Tool ExecutionExecution: Local Reconnaissance Tool ExecutionExecution: Malicious Python ExecutedMalicious Script ExecutedMalicious URL ObservedExecution: Modified Malicious Binary ExecutedExecution: Modified Malicious Library LoadedReverse ShellUnexpected Child Shell
Jenis temuan bidang kontrol
Deteksi bidang kontrol berikut tersedia dengan Event Threat Detection:
Exfiltration: Agent Engine Initiated BigQuery Data ExtractionExfiltration: Agent Engine Initiated BigQuery Data ExfiltrationExfiltration: Agent Engine Initiated Cloud SQL ExfiltrationInitial Access: Agent Engine Identity Excessive Permission Denied ActionsDiscovery: Agent Engine Service Account Self-InvestigationPrivilege Escalation: Agent Engine Suspicious Token Generation (cross-project access token)Privilege Escalation: Agent Engine Suspicious Token Generation (cross-project OpenID token)Privilege Escalation: Agent Engine Suspicious Token Generation (implicit delegation)
Langkah berikutnya
- Pelajari Event Threat Detection.
- Pelajari Deteksi Ancaman Agent Engine.
- Lihat Indeks temuan ancaman.