O Security Command Center analisa vários registos para encontrar diretores do IAM potencialmente comprometidos e outras ameaças que podem ter um impacto transversal em vários recursos no seu ambiente de nuvem.
As seguintes deteções baseadas em registos estão disponíveis com a Deteção de ameaças de eventos:
-
Account has leaked credentials -
Defense Evasion: Modify VPC Service Control -
Defense Evasion: Organization Policy Changed -
Defense Evasion: Organization-Level Service Account Token Creator Role Added -
Defense Evasion: Project-Level Service Account Token Creator Role Added -
Defense Evasion: Remove Billing Admin -
Discovery: Information Gathering Tool Used -
Discovery: Service Account Self-Investigation -
Discovery: Unauthorized Service Account API Call -
Impact: Billing Disabled -
Impact: Billing Disabled -
Impact: Service API Disabled -
Initial Access: Dormant Service Account Action -
Initial Access: Dormant Service Account Key Created -
Initial Access: Excessive Permission Denied Actions -
Initial Access: Leaked Service Account Key Used -
Persistence: Add Sensitive Role -
Persistence: IAM Anomalous Grant -
Persistence: New API Method -
Persistence: New Geography -
Persistence: New User Agent -
Persistence: Project SSH Key Added -
Persistence: Service Account Key Created -
Persistence: Unmanaged Account Granted Sensitive Role -
Privilege Escalation: Anomalous Impersonation of Service Account for Admin Activity -
Privilege Escalation: Anomalous Multistep Service Account Delegation for Admin Activity -
Privilege Escalation: Anomalous Multistep Service Account Delegation for Data Access -
Privilege Escalation: Anomalous Service Account Impersonator for Admin Activity -
Privilege Escalation: Anomalous Service Account Impersonator for Data Access -
Privilege Escalation: Dormant Service Account Granted Sensitive Role -
Privilege Escalation: External Member Added To Privileged Group -
Privilege Escalation: Impersonation Role Granted For Dormant Service Account -
Privilege Escalation: New Service Account is Owner or Editor -
Privilege Escalation: Privileged Group Opened To Public -
Privilege Escalation: Sensitive Role Granted To Hybrid Group -
Privilege Escalation: Suspicious Cross-Project Permission Use -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Privilege Escalation: Suspicious Token Generation -
Resource Development: Offensive Security Distro Activity
O que se segue?
- Saiba mais sobre a Deteção de ameaças de eventos.
- Consulte o índice de resultados de ameaças.