Security Command Center 會對 Cloud Run 資源執行執行階段和控制平面監控。如需這些威脅的建議回應方式,請參閱「回應 Cloud Run 威脅發現」。
執行階段發現項目類型
Cloud Run Threat Detection 提供下列執行階段偵測功能:
Command and Control: Steganography Tool DetectedCommand and Control: Find Google Cloud CredentialsCredential Access: GPG Key ReconnaissanceCredential Access: Search Private Keys or PasswordsDefense Evasion: Base64 ELF File Command LineDefense Evasion: Base64 Encoded Python Script ExecutedDefense Evasion: Base64 Encoded Shell Script ExecutedDefense Evasion: Launch Code Compiler Tool In ContainerExecution: Added Malicious Binary ExecutedExecution: Added Malicious Library LoadedExecution: Built in Malicious Binary ExecutedExecution: Container EscapeExecution: Fileless Execution in /memfd:Execution: Kubernetes Attack Tool ExecutionExecution: Local Reconnaissance Tool ExecutionExecution: Malicious Python executedExecution: Modified Malicious Binary ExecutedExecution: Modified Malicious Library LoadedExecution: Netcat Remote Code Execution in ContainerExecution: Possible Arbitrary Command Execution through CUPS (CVE-2024-47177)Execution: Possible Remote Command Execution DetectedExecution: Program Run with Disallowed HTTP Proxy EnvExecution: Socat Reverse Shell DetectedExecution: Suspicious OpenSSL Shared Object LoadedExfiltration: Launch Remote File Copy Tools in ContainerImpact: Detect Malicious CmdlinesImpact: Remove Bulk Data From DiskImpact: Suspicious crypto mining activity using the Stratum ProtocolMalicious Script ExecutedMalicious URL ObservedPrivilege Escalation: Abuse of Sudo For Privilege Escalation (CVE-2019-14287)Privilege Escalation: Fileless Execution in /dev/shmPrivilege Escalation: Polkit Local Privilege Escalation Vulnerability (CVE-2021-4034)Privilege Escalation: Sudo Potential Privilege Escalation (CVE-2021-3156)Reverse ShellUnexpected Child Shell控制層發現項目類型
Event Threat Detection 提供下列控制層偵測功能:
Execution: Cryptomining Docker ImageImpact: Cryptomining CommandsPrivilege Escalation: Default Compute Engine Service Account SetIAMPolicy後續步驟
- 瞭解 Cloud Run Threat Detection。
- 瞭解 Event Threat Detection。
- 瞭解如何回應 Cloud Run 威脅發現。
- 請參閱威脅發現項目索引。