Document toolboxDocument toolbox

GCP

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: Sept 07, 2023 by Former user (Deleted)
4 min read

Google Cloud Platform (GCP) is one of the largest cloud providers out there, and as such requires organizations to protect themselves with cloud security monitoring. Devo’s Threat Research Team’s content contains many GCP detections so your organization can monitor your GCP infrastructure, look for areas of risk, or help respond to threats as they emerge.

An attacker could intend to modify, or gain, privileges on a Cloud SQL Database.

Source table → cloud.gcp

An attacker could be performing reconnaissance on a GCP project trying to enumerate permissions.

Source table → cloud.gcp

An attacker may have created a new Route to bypass restrictions on traffic routing segregating trusted and untrusted networks.

Source table → cloud.gcp

An adversary could create a Google Cloud Pub/Sub topic to collect data.

Source table → cloud.gcp

An adversary could delete a Google Cloud Pub/Sub topic to impair event aggregation and analysis mechanisms.

Source table → cloud.gcp