Compute Engine 威脅發現

Security Command Center 會對 Compute Engine 資源執行無代理程式和以記錄為基礎的監控作業。如需這些威脅的建議回應，請參閱「回應 Compute Engine 威脅發現」。

免代理程式監控發現項目類型

使用 Virtual Machine Threat Detection 時，可進行下列無代理程式監控偵測：

• Defense Evasion: Rootkit
• Defense Evasion: Unexpected ftrace handler
• Defense Evasion: Unexpected interrupt handler
• Defense Evasion: Unexpected kernel modules
• Defense Evasion: Unexpected kernel read-only data modification
• Defense Evasion: Unexpected kprobe handler
• Defense Evasion: Unexpected processes in runqueue
• Defense Evasion: Unexpected system call handler
• Execution: cryptocurrency mining combined detection
• Execution: Cryptocurrency Mining Hash Match
• Execution: Cryptocurrency Mining YARA Rule
• Malware: Malicious file on disk
• Malware: Malicious file on disk (YARA)

記錄發現項目類型

Event Threat Detection 提供下列以記錄為基礎的偵測功能：

• Brute force SSH
• Impact: Managed Instance Group Autoscaling Set To Maximum
• Lateral Movement: Modified Boot Disk Attached to Instance
• Lateral Movement: OS Patch Execution From Service Account
• Persistence: GCE Admin Added SSH Key
• Persistence: GCE Admin Added Startup Script
• Persistence: Global Startup Script Added
• Privilege Escalation: Global Shutdown Script Added

您可以使用敏感動作服務，透過記錄偵測下列事件：

• Impact: GPU Instance Created
• Impact: Many Instances Created
• Impact: Many Instances Deleted

後續步驟

• 瞭解虛擬機器威脅偵測。
• 瞭解 Event Threat Detection。
• 瞭解敏感操作服務。
• 瞭解如何回應 Compute Engine 威脅。
• 請參閱威脅發現項目索引。