Compute Engine threat findings
Security Command Center performs agentless and log-based monitoring of Compute Engine resources. For recommended responses to these threats, see Respond to Compute Engine threat findings.
Agentless monitoring finding types
The following agentless monitoring detections are available with Virtual Machine Threat Detection:
Defense Evasion: Rootkit Defense Evasion: Unexpected ftrace handler Defense Evasion: Unexpected interrupt handler Defense Evasion: Unexpected kernel modules Defense Evasion: Unexpected kernel read-only data modification Defense Evasion: Unexpected kprobe handler Defense Evasion: Unexpected processes in runqueue Defense Evasion: Unexpected system call handler Execution: cryptocurrency mining combined detection Execution: Cryptocurrency Mining Hash Match Execution: Cryptocurrency Mining YARA Rule Malware: Malicious file on disk Malware: Malicious file on disk (YARA) Log-based finding types
The following log-based detections are available with Event Threat Detection:
Brute force SSH Impact: Managed Instance Group Autoscaling Set To Maximum Lateral Movement: Modified Boot Disk Attached to Instance Lateral Movement: OS Patch Execution From Service Account Persistence: GCE Admin Added SSH Key Persistence: GCE Admin Added Startup Script Persistence: Global Startup Script Added Privilege Escalation: Global Shutdown Script Added The following log-based detections are available with Sensitive Actions Service:
Impact: GPU Instance Created Impact: Many Instances Created Impact: Many Instances Deleted What's next
- Learn about Virtual Machine Threat Detection.
- Learn about Event Threat Detection.
- Learn about Sensitive Actions Service.
- Learn how to respond to Compute Engine threats.
- Refer to the Threat findings index.