Google Compute Engine network created

gcp

Classification:

attack

Tactic:

TA0005-defense-evasion

Technique:

T1578-modify-cloud-compute-infrastructure

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Goal

Detect when a Google Compute Engine network is created.

Strategy

This rule lets you monitor Google Compute Engine activity audit logs to determine when the following method is invoked to create a new Compute Engine network:

  • beta.compute.networks.insert
  • v*.compute.networks.insert

An attacker could create a compute network with the intention of enabling cryptomining and bypassing networking limitations.

Triage and response

Review the Compute Engine network.

Changelog

  • 17 August 2023 - Updated query to replace attribute @threat_intel.results.subcategory:tor with @threat_intel.results.category:tor.
  • 30 September 2024 - Updated query to replace attribute @threat_intel.results.subcategory:anonymizer.