Closed vthiery closed 10 months ago
Introduces gcp.exfiltration.share-compute-image where data is exfiltrated by sharing a Compute Image.
gcp.exfiltration.share-compute-image
Inspired by https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide mentionned in
Thanks for the PR! Looks great overall, left a few comments
will be released as part of v2.12.0 shortly
What does this PR do?
Introduces
gcp.exfiltration.share-compute-image
where data is exfiltrated by sharing a Compute Image.Motivation
Inspired by https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide mentionned in
To answer before getting out of draft