GCP GCR Container Uploaded

Description

This search show information on uploaded containers including source user, account, action, bucket name event name, http user agent, message and destination path.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Security Monitoring

Category

Cloud Security

Alert Volume

This search show information on uploaded containers including source user, account, action, bucket name event name, http user agent, message and destination path.

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Persistence

MITRE ATT&CK Techniques

Implant Container Image

Implant Container Image

Data Sources

GCP
Cloud Infrastructure Data
Audit Trail

   Help

GCP GCR Container Uploaded Help

You must install the GCP App for Splunk (version 2.0.0 or later), then configure stackdriver and set a subpub subscription to be imported to Splunk. You must also install Cloud Infrastructure data model. Please also customize the container_implant_gcp_detection_filter macro to filter out the false positives.

   Search

Open in Search