Google Security Command Center finding muted

google.security.command.center

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1578-modify-cloud-compute-infrastructure

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect when a Google Security Command Center muteconfigs rule was created.

Strategy

Google Security Command Center helps you strengthen your security posture by evaluating your security and data attack surface; providing asset inventory and discovery; identifying misconfigurations, vulnerabilities and threats; and helping you mitigate and remediate risks.

This detection rule detects when a user creates a rule to mute future findings or mute multiple existing findings. This could indicate an attacker attempting to hide malicious activity.

Triage and response

  1. Investigate the finding to determine if the action was expected.
  2. If the finding is deemed malicious, follow the investigation and remediation guidance provided by Google and also any internal incident response processes.
PREVIEWING: aliciascott/DOCS-9725-Cloudcraft