Security Command Center performs agentless and log-based monitoring of Compute Engine resources. For recommended responses to these threats, see Respond to Compute Engine threat findings .
Agentless monitoring finding types
The following agentless monitoring detections are available with Virtual Machine Threat Detection :
Defense Evasion: Rootkit
Defense Evasion: Unexpected ftrace handler
Defense Evasion: Unexpected interrupt handler
Defense Evasion: Unexpected kernel modules
Defense Evasion: Unexpected kernel read-only data modification
Defense Evasion: Unexpected kprobe handler
Defense Evasion: Unexpected processes in runqueue
Defense Evasion: Unexpected system call handler
Execution: cryptocurrency mining combined detection
Execution: Cryptocurrency Mining Hash Match
Execution: Cryptocurrency Mining YARA Rule
Malware: Malicious file on disk
Malware: Malicious file on disk (YARA)
Log-based finding types
The following log-based detections are available with Event Threat Detection :
Brute force SSH
Impact: Managed Instance Group Autoscaling Set To Maximum
Lateral Movement: Modified Boot Disk Attached to Instance
Lateral Movement: OS Patch Execution From Service Account
Persistence: GCE Admin Added SSH Key
Persistence: GCE Admin Added Startup Script
Persistence: Global Startup Script Added
Privilege Escalation: Global Shutdown Script Added
The following log-based detections are available with Sensitive Actions Service :
Impact: GPU Instance Created
Impact: Many Instances Created
Impact: Many Instances Deleted
What's next
- Learn about Virtual Machine Threat Detection .
- Learn about Event Threat Detection .
- Learn about Sensitive Actions Service .
- Learn how to respond to Compute Engine threats .
- Refer to the Threat findings index .
