-
A machine learning job detected an unusual failure in a GCP Audit message. These can be byproducts of attempted or successful persistence, privilege escalation, defense evasion, discovery, lateral movement, or collection.
Read More -
A machine learning job detected a significant spike in the rate of a particular failure in the GCP Audit messages. Spikes in failed messages may accompany attempts at privilege escalation, lateral movement, or discovery.
Read More -
A machine learning job detected GCP Audit event activity that, while not inherently suspicious or abnormal, is sourcing from a geolocation (city) that is unusual for the event action. This can be the result of compromised credentials or keys being used by a threat actor in a different geography than the authorized user(s).
Read More -
A machine learning job detected GCP Audit event activity that, while not inherently suspicious or abnormal, is sourcing from a geolocation (country) that is unusual for the event action. This can be the result of compromised credentials or keys being used by a threat actor in a different geography than the authorized user(s).
Read More -
A machine learning job detected an GCP Audit event that, while not inherently suspicious or abnormal, is being made by a user context that does not normally use the event action. This can be the result of compromised credentials or keys as someone uses a valid account to persist, move laterally, or exfiltrate data.
Read More