Analytics Story: Suspicious GCP Storage Activities

Description

Use the searches in this Analytic Story to monitor your GCP Storage buckets for evidence of anomalous activity and suspicious behaviors, such as detecting open storage buckets and buckets being accessed from a new IP. The contextual and investigative searches will give you more information, when required.

Why it matters

Similar to other cloud providers, GCP operates on a shared responsibility model. This means the end user, you, are responsible for setting appropriate access control lists and permissions on your GCP resources.\ This Analytics Story concentrates on detecting things like open storage buckets (both read and write) along with storage bucket access from unfamiliar users and IP addresses.

Detections

Name ▲▼ Technique ▲▼ Type ▲▼
Detect GCP Storage access from a new IP Data from Cloud Storage Anomaly
Detect New Open GCP Storage Buckets Data from Cloud Storage TTP

Data Sources

Name ▲▼ Platform ▲▼ Sourcetype ▲▼ Source ▲▼

References


Source: GitHub | Version: 1