This document describes a threat finding type in Security Command Center. Threat findings are generated by threat detectors when they detect a potential threat in your cloud resources. For a full list of available threat findings, see Threat findings index .
Overview
A project-level SSH key was created in a project, for a project that is more than 10 days old.
Detection service
How to respond
To respond to this finding, do the following:
Review finding details
-
Open the
Persistence: Project SSH Key Addedfinding as directed in Reviewing findings . Review the details in the Summaryand JSONtabs. -
Identify other findings that occurred at a similar time for this resource. Related findings might indicate that this activity was malicious, instead of a failure to follow best practices.
-
Review the settings of the affected resource.
-
Check the logs for the affected resource.
Research attack and response methods
Review the MITRE ATT&CK framework entry for this finding type: Account Manipulation: SSH Authorized Keys .
What's next
- Learn how to work with threat findings in Security Command Center .
- Refer to the Threat findings index .
- Learn how to review a finding through the Google Cloud console.
- Learn about the services that generate threat findings .
