Security Command Center

Questions about Security Command Center? You've come to the right place. Connect with other SCC users, discuss best practices, overcome challenges.

80 Topics
140 Replies

When you subscribe we will email you when there is a new topic in this category

80 Topics

Most replies

Most views

Newest first

vaskenhStaff

posted in Security Command Center

Detecting suspicious service account behavior with SCC Premium

In this community post, we’ll take a closer look at detecting suspicious service account behavior in Google Cloud using SCC Premium.   Service accounts are commonly leveraged by attackers to establish a foothold in cloud environments as part of an attack scenario.  Compromised service accounts can exhibit suspicious activity in a number of ways.  Our research has identified attackers who gain access to compromised service accounts will enumerate the IAM roles and permissions associated with that account to understand their ability to move laterally within an environment.  Doing so establishes potential next steps in leveraging the account for future malicious activity. In this scenario, we’ll use a VM Instance in GCP to manually trigger a finding in SCC Premium related to service account self-investigation.  We’ll cover the required configuration needed to trigger this finding, then execute a

1270

2 years ago

seeinNew Member

posted in Security Command Center

Error while download CSV after exporting Security Command Center (SCC) findings

Hi, At the beginning of this week im facing problem while downloading CSV file after export SCC findings to CSV. Export already complete then i try to download: The errors:   I already try to clear all cookies and change to another browser and another devices but still facing this issues.

263

2 years ago

vaskenhStaff

posted in Security Command Center

Security Command Center Premium now operationalizes Mandiant Threat Intelligence!

Event Threat Detection (ETD) findings in SCC Premium now leverage IOCs derived from Mandiant’s frontline incident response and threat intelligence.   SCC Premium customers automatically take advantage of this coverage without making any changes. By integrating these IOCs into SCC Premium, customers automatically get broader coverage for existing ETD rules like: Malware: Bad IP Malware: Bad Domain  Malware: Bad Cryptomining IP Malware: Bad Cryptomining Domain  Evasion: Access from Anonymizing Proxy ETD offers a broad range of rules to detect suspicious activity in your GCP environment.  By inge

130

2 years ago

pfilourencoBronze 2

asked in Security Command Center

SCC - Attack path simulation using SA SYSTEM_MANAGED Keys

Hi, Attack path simulation is using SA SYSTEM_MANAGED keys to represent as a possibility, this is something that we as user's can't do anything, since any SA without USER_MANAGED key have always a SYSTEM_MANAGED key. Is this something expected?  Any solution to avoid this keys on the simulation?   BR, Pedro Lourenço

912

2 years ago

arunkumarjcaNew Member

posted in Security Command Center

SCC alerts

Hello Team, Do we have any option to mute the SCC alerts for list  of users who are not enforced MFA in a specific organisation units.? Thanks in advance Regards, Arun

241

2 years ago