Skip to content

Latest commit

 

History

History
32 lines (25 loc) · 954 Bytes

MATCH-S00618.md

File metadata and controls

32 lines (25 loc) · 954 Bytes

Rules: GCP Bucket Enumerated

Description

Detects when a service account lists out GCS buckets.

Additional Details

Detail Value
Type Templated Match
Category Discovery
Apply Risk to Entities user_username, srcDevice_ip
Signal Name GCP Bucket Enumerated
Summary Expression User: {{user_username}} performed action: {{action}}
Score/Severity Static: 2
Enabled by Default True
Prototype False
Tags _mitreAttackTactic:TA0007, _mitreAttackTechnique:T1526, _mitreAttackTechnique:T1069, _mitreAttackTechnique:T1087, _mitreAttackTechnique:T1087.004, _mitreAttackTechnique:T1069.003

Vendors and Products

Fields Used

Origin Field
Normalized Schema action
Normalized Schema metadata_product
Normalized Schema metadata_vendor
Normalized Schema srcDevice_ip
Normalized Schema user_username