Security Command Center menganalisis berbagai log untuk menemukan principal IAM yang berpotensi disusupi dan ancaman lain yang dapat berdampak luas pada berbagai resource di lingkungan cloud Anda.
Deteksi berbasis log berikut tersedia dengan Event Threat Detection:
-
Account has leaked credentials -
Defense Evasion: Modify VPC Service Control -
Defense Evasion: Organization Policy Changed -
Defense Evasion: Organization-Level Service Account Token Creator Role Added -
Defense Evasion: Project-Level Service Account Token Creator Role Added -
Defense Evasion: Remove Billing Admin -
Discovery: Information Gathering Tool Used -
Discovery: Service Account Self-Investigation -
Discovery: Unauthorized Service Account API Call -
Impact: Billing Disabled -
Impact: Billing Disabled -
Impact: Service API Disabled -
Initial Access: Dormant Service Account Action -
Initial Access: Dormant Service Account Key Created -
Initial Access: Excessive Permission Denied Actions -
Initial Access: Leaked Service Account Key Used -
Persistence: Add Sensitive Role -
Persistence: IAM Anomalous Grant -
Persistence: New API Method -
Persistence: New Geography -
Persistence: New User Agent -
Persistence: Project SSH Key Added -
Persistence: Service Account Key Created -
Persistence: Unmanaged Account Granted Sensitive Role -
Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity -
Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity -
Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access -
Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity -
Privilege Escalation: Anomalous Service Account Impersonator for Data Access -
Privilege Escalation: Dormant Service Account Granted Sensitive Role -
Privilege Escalation: External Member Added To Privileged Group -
Privilege Escalation: Impersonation Role Granted For Dormant Service Account -
Privilege Escalation: New Service Account is Owner or Editor -
Privilege Escalation: Privileged Group Opened To Public -
Privilege Escalation: Sensitive Role Granted To Hybrid Group -
Privilege Escalation: Suspicious Cross-Project Permission Use -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Resource Development: Offensive Security Distro Activity
Langkah berikutnya
- Pelajari Event Threat Detection.
- Lihat Indeks temuan ancaman.