Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
5 Days |
Required Data |
|
Detection Modules |
Cloud |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A cloud identity had modified a resource policy bindings.
Attacker's Goals
Escalate privileges.
Investigative actions
- Verify which permissions were granted to the identity.
Variations
GCP set IAM policy activity by an identity with high administrative activityGCP IAM add sensitive role
GCP storage add sensitive role
GCP compute add sensitive role
GCP secret manager add sensitive role
GCP cloud run add sensitive role
GCP function add sensitive role
GCP deployment manager add sensitive role