Security Command Center performs agentless and log-based monitoring of Compute Engine resources. For recommended responses to these threats, see Respond to Compute Engine threat findings .
Agentless monitoring finding types
The following agentless monitoring detections are available with Virtual Machine Threat Detection :
-
Defense Evasion: Rootkit -
Defense Evasion: Unexpected ftrace handler -
Defense Evasion: Unexpected interrupt handler -
Defense Evasion: Unexpected kernel modules -
Defense Evasion: Unexpected kernel read-only data modification -
Defense Evasion: Unexpected kprobe handler -
Defense Evasion: Unexpected processes in runqueue -
Defense Evasion: Unexpected system call handler -
Execution: cryptocurrency mining combined detection -
Execution: Cryptocurrency Mining Hash Match -
Execution: Cryptocurrency Mining YARA Rule -
Malware: Malicious file on disk -
Malware: Malicious file on disk (YARA)
Log-based finding types
The following log-based detections are available with Event Threat Detection :
-
Brute force SSH -
Impact: Managed Instance Group Autoscaling Set To Maximum -
Lateral Movement: Modified Boot Disk Attached to Instance -
Lateral Movement: OS Patch Execution From Service Account -
Persistence: GCE Admin Added SSH Key -
Persistence: GCE Admin Added Startup Script -
Persistence: Global Startup Script Added -
Privilege Escalation: Global Shutdown Script Added
The following log-based detections are available with Sensitive Actions Service :
What's next
- Learn about Virtual Machine Threat Detection .
- Learn about Event Threat Detection .
- Learn about Sensitive Actions Service .
- Learn how to respond to Compute Engine threats .
- Refer to the Threat findings index .
