Security Command Center analysiert verschiedene Logs, um potenziell kompromittierte IAM-Principals und andere Bedrohungen zu finden, die sich auf verschiedene Ressourcen in Ihrer Cloud-Umgebung auswirken können.
Die folgenden logbasierten Erkennungen sind mit Event Threat Detection verfügbar:
-
Account has leaked credentials -
Defense Evasion: Modify VPC Service Control -
Defense Evasion: Organization Policy Changed -
Defense Evasion: Organization-Level Service Account Token Creator Role Added -
Defense Evasion: Project-Level Service Account Token Creator Role Added -
Defense Evasion: Remove Billing Admin -
Discovery: Information Gathering Tool Used -
Discovery: Service Account Self-Investigation -
Discovery: Unauthorized Service Account API Call -
Impact: Billing Disabled -
Impact: Billing Disabled -
Impact: Service API Disabled -
Initial Access: Dormant Service Account Action -
Initial Access: Dormant Service Account Key Created -
Initial Access: Excessive Permission Denied Actions -
Initial Access: Leaked Service Account Key Used -
Persistence: Add Sensitive Role -
Persistence: IAM Anomalous Grant -
Persistence: New API Method -
Persistence: New Geography -
Persistence: New User Agent -
Persistence: Project SSH Key Added -
Persistence: Service Account Key Created -
Persistence: Unmanaged Account Granted Sensitive Role -
Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity -
Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity -
Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access -
Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity -
Privilege Escalation: Anomalous Service Account Impersonator for Data Access -
Privilege Escalation: Dormant Service Account Granted Sensitive Role -
Privilege Escalation: External Member Added To Privileged Group -
Privilege Escalation: Impersonation Role Granted For Dormant Service Account -
Privilege Escalation: New Service Account is Owner or Editor -
Privilege Escalation: Privileged Group Opened To Public -
Privilege Escalation: Sensitive Role Granted To Hybrid Group -
Privilege Escalation: Suspicious Cross-Project Permission Use -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Resource Development: Offensive Security Distro Activity
Nächste Schritte
- Weitere Informationen zu Event Threat Detection
- Weitere Informationen finden Sie im Index der Bedrohungsergebnisse.