GCP cloud_ids Mappings

Cloud IDS is an intrusion detection service that inspects network traffic and triggers alerts to intrusions, malware, spyware, or other cyber-attacks. Cloud IDS' default ruleset is powered by Palo Alto Network's advanced threat detection technologies and the vendor's latest set of threat signatures (e.g., antivirus, anti-spyware, or vulnerability signatures). Cloud IDS is dependent on Cloud logging feature to collect network telemetry. Further threat detection rule can be crafted to generate alerts based on network traffic (e.g., PCAP, Netflow).

Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name
cloud_ids	Cloud IDS	detect	significant	T1137	Office Application Startup
cloud_ids	Cloud IDS	detect	significant	T1546.006	LC_LOAD_DYLIB Addition
cloud_ids	Cloud IDS	detect	significant	T1204.002	Malicious File
cloud_ids	Cloud IDS	detect	significant	T1055.002	Portable Executable Injection
cloud_ids	Cloud IDS	detect	significant	T1221	Template Injection
cloud_ids	Cloud IDS	detect	significant	T1505.003	Web Shell
cloud_ids	Cloud IDS	detect	significant	T1204.003	Malicious Image
cloud_ids	Cloud IDS	detect	significant	T1048	Exfiltration Over Alternative Protocol
cloud_ids	Cloud IDS	detect	significant	T1041	Exfiltration Over C2 Channel
cloud_ids	Cloud IDS	detect	significant	T1567	Exfiltration Over Web Service
cloud_ids	Cloud IDS	detect	significant	T1567.002	Exfiltration to Cloud Storage
cloud_ids	Cloud IDS	detect	significant	T1020	Automated Exfiltration
cloud_ids	Cloud IDS	detect	significant	T1110	Brute Force
cloud_ids	Cloud IDS	detect	significant	T1499	Endpoint Denial of Service
cloud_ids	Cloud IDS	detect	significant	T1499.003	Application Exhaustion Flood
cloud_ids	Cloud IDS	detect	significant	T1190	Exploit Public-Facing Application
cloud_ids	Cloud IDS	detect	significant	T1566.002	Spearphishing Link
cloud_ids	Cloud IDS	detect	significant	T1137.006	Add-ins
cloud_ids	Cloud IDS	detect	significant	T1137.001	Office Template Macros