Security Command Center analiza varios registros para detectar principales de IAM que puedan estar en peligro y otras amenazas que puedan tener un impacto transversal en varios recursos de tu entorno de nube.
Las siguientes detecciones basadas en registros están disponibles con Event Threat Detection:
-
Account has leaked credentials -
Defense Evasion: Modify VPC Service Control -
Defense Evasion: Organization Policy Changed -
Defense Evasion: Organization-Level Service Account Token Creator Role Added -
Defense Evasion: Project-Level Service Account Token Creator Role Added -
Defense Evasion: Remove Billing Admin -
Discovery: Information Gathering Tool Used -
Discovery: Service Account Self-Investigation -
Discovery: Unauthorized Service Account API Call -
Impact: Billing Disabled -
Impact: Billing Disabled -
Impact: Service API Disabled -
Initial Access: Dormant Service Account Action -
Initial Access: Dormant Service Account Key Created -
Initial Access: Excessive Permission Denied Actions -
Initial Access: Leaked Service Account Key Used -
Persistence: Add Sensitive Role -
Persistence: IAM Anomalous Grant -
Persistence: New API Method -
Persistence: New Geography -
Persistence: New User Agent -
Persistence: Project SSH Key Added -
Persistence: Service Account Key Created -
Persistence: Unmanaged Account Granted Sensitive Role -
Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity -
Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity -
Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access -
Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity -
Privilege Escalation: Anomalous Service Account Impersonator for Data Access -
Privilege Escalation: Dormant Service Account Granted Sensitive Role -
Privilege Escalation: External Member Added To Privileged Group -
Privilege Escalation: Impersonation Role Granted For Dormant Service Account -
Privilege Escalation: New Service Account is Owner or Editor -
Privilege Escalation: Privileged Group Opened To Public -
Privilege Escalation: Sensitive Role Granted To Hybrid Group -
Privilege Escalation: Suspicious Cross-Project Permission Use -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Resource Development: Offensive Security Distro Activity
Siguientes pasos
- Consulta información sobre Event Threat Detection.
- Consulta el índice de hallazgos de amenazas.