Products: Google - Google Cloud Platform

Rules

Rule ID	Rule Name
MATCH-S00553	Allowed Inbound RDP Traffic
MATCH-S00209	CVE-2021-44228 Log4j2 Java Library 0-Day Attempt
LEGACY-S00013	Connection to High Entropy Domain
LEGACY-S00026	DNS Lookup of High Entropy Domain
THRESHOLD-S00074	Excessive Firewall Denies
MATCH-S00454	Firewall Allowed SMB Traffic
FIRST-S00030	First Seen Outbound Connection to External IP Address on Port 445 from IP Address
MATCH-S00620	GCP Audit Cloud SQL Database Modified
MATCH-S00621	GCP Audit GCE Firewall Rule Modified
MATCH-S00622	GCP Audit GCE Network Route Created or Modified
MATCH-S00623	GCP Audit GCE VPC Network Modified
MATCH-S00615	GCP Audit IAM CreateServiceAccount Observed
MATCH-S00624	GCP Audit IAM Custom Role Created or Modified
MATCH-S00631	GCP Audit IAM Custom Role Deletion
MATCH-S00630	GCP Audit IAM DeleteServiceAccount Observed
MATCH-S00629	GCP Audit IAM DisableServiceAccount Observed
MATCH-S00614	GCP Audit KMS Activity
MATCH-S00613	GCP Audit Key Deleted or Disabled
MATCH-S00611	GCP Audit ListQueues
MATCH-S00626	GCP Audit Logging Sink Modified
MATCH-S00627	GCP Audit Pub/Sub Subscriber Modified
MATCH-S00628	GCP Audit Pub/Sub Topic Deleted
THRESHOLD-S00088	GCP Audit Reconnaissance Activity
MATCH-S00612	GCP Audit Secrets Manager Activity
THRESHOLD-S00089	GCP Audit Unauthorized API Calls
MATCH-S00618	GCP Bucket Enumerated
MATCH-S00619	GCP Bucket Modified
MATCH-S00616	GCP Bucket Open
MATCH-S00617	GCP GCPloit Exploitation Framework Used
CHAIN-S00013	GCP IDS Detection Followed by API Call
MATCH-S00709	GCP Image Creation
MATCH-S00710	GCP Image Deletion
THRESHOLD-S00104	GCP Image Discovery
MATCH-S00711	GCP Image Modification
MATCH-S00712	GCP Instance Creation
MATCH-S00713	GCP Instance Deletion
THRESHOLD-S00105	GCP Instance Discovery
MATCH-S00714	GCP Instance Modification
MATCH-S00625	GCP Permission Denied
THRESHOLD-S00091	GCP Port Scan
THRESHOLD-S00090	GCP Port Sweep
LEGACY-S00027	Hexadecimal in DNS Query Domain
LEGACY-S00047	High risk file extension download without hostname and referrer
THRESHOLD-S00080	Internal Port Scan
THRESHOLD-S00081	Internal Port Sweep
MATCH-S00396	Large Outbound ICMP Packets
MATCH-S00402	Normalized Security Signal
MATCH-S00554	Outbound IRC Traffic
THRESHOLD-S00026	Possible Credential Abuse
MATCH-S00835	Possible Dynamic URL Domain
OUTLIER-S00010	Spike in URL Length from IP Address
MATCH-S00783	Spring4Shell Exploitation - URL
LEGACY-S00182	Suspicious HTTP User-Agent
LEGACY-S00111	Threat Intel - Device IP Matched Threat Intel URL
MATCH-S00555	Threat Intel - Inbound Traffic Context
LEGACY-S00109	Threat Intel - Matched Domain Name
LEGACY-S00107	Threat Intel Match - IP Address

Log Mappers

Log Mapper ID	Log Mapper Name
c088e78a-ff9d-45c5-87c2-fd48f6248b9d	GCP App Engine Logs
8ed8eed7-42ac-4bf0-80ba-382ee72be068	GCP Audit Logs
db899748-b1bd-4fb0-9e8f-1650f91ad445	GCP Firewall
d23bd23c-eb36-4358-805d-ed0fb7f45e96	GCP IDS
bd959451-f286-4d10-9b06-cf8fa483fab6	GCP Parser - Load Balancer
a37e0ee3-ebd8-4c49-8674-0a7936203415	GCP VPC Flows

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

dcc85cfc-a698-4d09-87de-f2c723f3ad07.md

dcc85cfc-a698-4d09-87de-f2c723f3ad07.md

Products: Google - Google Cloud Platform

Rules

Log Mappers

Files

dcc85cfc-a698-4d09-87de-f2c723f3ad07.md

Latest commit

History

dcc85cfc-a698-4d09-87de-f2c723f3ad07.md

File metadata and controls

Products: Google - Google Cloud Platform

Rules

Log Mappers