Security Command Center 提供用于检测一般 AI 相关威胁的检测器,以及专门为部署到 Vertex AI Agent Engine 运行时的 AI 代理而设计的检测器。
一般 AI 威胁
Event Threat Detection 支持以下基于日志的检测:
Initial Access: Dormant Service Account Activity in AI ServicePersistence: New AI API MethodPersistence: New Geography for AI ServicePrivilege Escalation: Anomalous Impersonation of Service Account for AI Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for AI Admin ActivityPrivilege Escalation: Anomalous Multistep Service Account Delegation for AI Data AccessPrivilege Escalation: Anomalous Service Account Impersonator for AI Admin ActivityPrivilege Escalation: Anomalous Service Account Impersonator for AI Data Access
部署到 Vertex AI Agent Engine 运行时的代理面临的威胁
Security Command Center 会对部署到 Vertex AI Agent Engine 运行时的 AI 代理执行运行时和控制平面监控。
运行时发现结果类型
Agent Engine 威胁检测提供以下运行时检测:
Execution: Added Malicious Binary ExecutedExecution: Added Malicious Library LoadedExecution: Built in Malicious Binary ExecutedExecution: Container EscapeExecution: Kubernetes Attack Tool ExecutionExecution: Local Reconnaissance Tool ExecutionExecution: Malicious Python ExecutedMalicious Script ExecutedMalicious URL ObservedExecution: Modified Malicious Binary ExecutedExecution: Modified Malicious Library LoadedReverse ShellUnexpected Child Shell
控制平面发现结果类型
Event Threat Detection 提供以下控制平面检测:
Exfiltration: Agent Engine Initiated BigQuery Data ExtractionExfiltration: Agent Engine Initiated BigQuery Data ExfiltrationExfiltration: Agent Engine Initiated Cloud SQL ExfiltrationInitial Access: Agent Engine Identity Excessive Permission Denied ActionsDiscovery: Agent Engine Service Account Self-InvestigationPrivilege Escalation: Agent Engine Suspicious Token Generation (cross-project access token)Privilege Escalation: Agent Engine Suspicious Token Generation (cross-project OpenID token)Privilege Escalation: Agent Engine Suspicious Token Generation (implicit delegation)
后续步骤
- 了解 Event Threat Detection。
- 了解 Agent Engine 威胁检测。
- 请参阅威胁发现结果索引。