The following rules have been removed from their associated rule packs due to high alert volume across the Google SecOps customer base
Share
Services
## Change
The following rules have been removed from their associated rule packs due to high alert volume across the Google SecOps customer base
* GCP Workspace Data Exfil Drive:
* Suspicious Workspace Actions Observed after a Successful Suspicious Login
* GCP Suspicious Infrastructure Change:
* Replacement of Existing Compute Machine Image
* Replacement of Existing Compute Disk
* GCP Cloud SQL Ransom:
* Base64 Encoded Cloud SQL Command
* CIDR SCC Persistence:
* SCC: Persistence: New API Method
* SCC: Persistence: IAM Anomalous Grant
* SCC: Persistence: GCE Admin Added SSH Key
* CIDR SCC Malware:
* SCC: Added Library Loaded
* SCC: Added Binary Executed
* CIDR SCC Cloud IDS Low:
* SCC: Cloud IDS: Low Threat Finding
* CIDR SCC Cloud Armor Medium:
* SCC: Cloud Armor: Medium - Increasing Deny Ratio
* SCC: Cloud Armor: Medium - Allowed Traffic Spike
* Azure Identity:
* Azure External User Invitation
* Azure Defender for Cloud Windows and Linux VM:
* Azure Defender for Cloud: Anonymous IP access
* AWS GuardDuty Discovery:
* AWS GuardDuty: Recon:EC2/PortProbeUnprotectedPort
What else is happening at Google Cloud Platform?
A new region is now available for Cloud Run GPUs: europe-west1
about 10 hours ago
Services
Share
The API to create and manage Log Scopes is now Generally Available (GA)
about 11 hours ago
Services
Share
URL indicators are now available for matching as part of Applied Threat Intelligence
about 11 hours ago
Services
Share
Read update
Services
Share