Temuan ancaman Compute Engine

Security Command Center melakukan pemantauan tanpa agen dan berbasis log terhadap resource Compute Engine. Untuk mengetahui respons yang direkomendasikan terhadap ancaman ini, lihat Merespons temuan ancaman Compute Engine.

Jenis temuan pemantauan tanpa agen

Deteksi pemantauan tanpa agen berikut tersedia dengan Virtual Machine Threat Detection:

• Defense Evasion: Rootkit
• Defense Evasion: Unexpected ftrace handler
• Defense Evasion: Unexpected interrupt handler
• Defense Evasion: Unexpected kernel modules
• Defense Evasion: Unexpected kernel read-only data modification
• Defense Evasion: Unexpected kprobe handler
• Defense Evasion: Unexpected processes in runqueue
• Defense Evasion: Unexpected system call handler
• Execution: cryptocurrency mining combined detection
• Execution: Cryptocurrency Mining Hash Match
• Execution: Cryptocurrency Mining YARA Rule
• Malware: Malicious file on disk
• Malware: Malicious file on disk (YARA)

Jenis temuan berbasis log

Deteksi berbasis log berikut tersedia dengan Event Threat Detection:

• Brute force SSH
• Impact: Managed Instance Group Autoscaling Set To Maximum
• Lateral Movement: Modified Boot Disk Attached to Instance
• Lateral Movement: OS Patch Execution From Service Account
• Persistence: GCE Admin Added SSH Key
• Persistence: GCE Admin Added Startup Script
• Persistence: Global Startup Script Added
• Privilege Escalation: Global Shutdown Script Added

Deteksi berbasis log berikut tersedia dengan Sensitive Actions Service:

• Impact: GPU Instance Created
• Impact: Many Instances Created
• Impact: Many Instances Deleted

Langkah berikutnya

• Pelajari Virtual Machine Threat Detection.
• Pelajari Event Threat Detection.
• Pelajari Layanan Tindakan Sensitif.
• Pelajari cara merespons ancaman Compute Engine.
• Lihat Indeks temuan ancaman.