1. Home
  2. Mapping Frameworks
  3. GCP Home
  4. Container Registry

GCP container_registry Mappings

Container Registry is Google Cloud's service that provides a single location for storing and managing container images that support Docker Image Manifest V2 and OCI image formats. Container Analysis is the vulnerability scanning feature in Container Registry that detects software weaknesses from the following sources: Debian, Ubuntu, Alpine, RHEL, CentOS, National Vulnerability Database.

Mappings

Capability ID Capability Description Category Value ATT&CK ID ATT&CK Name Notes
container_registry Container Registry protect partial T1078 Valid Accounts
Comments
Using Container Analysis, Container Registry scans the repository for vulnerabilities that could potentially be used to escalate privileges, such as default accounts with root permissions in Docker containers. Due to the medium threat protection coverage and scan results being available 48 hours after completion, this control was scored as partial.
References
  1. https://cloud.google.com/container-registry/docs/container-analysis
  2. https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr
container_registry Container Registry protect partial T1068 Exploitation for Privilege Escalation
Comments
Container Registry scans the repository for known software vulnerabilities and various system artifacts that could potentially be used to execute adversary-controlled code. Due to the medium threat protection coverage and temporal factor, this control was scored as partial.
References
  1. https://cloud.google.com/container-registry/docs/container-analysis
  2. https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr
container_registry Container Registry protect partial T1525 Implant Internal Image
Comments
Using Container Analysis and Vulnerability scanning, this security solution can detect known vulnerabilities in Docker containers. This information can be used to detect images that deviate from the baseline norm, and could indicate a malicious implanted images in the environment. Due to the medium threat detection coverage and temporal factor, the control was scored as partial.
References
  1. https://cloud.google.com/container-registry/docs/container-analysis
  2. https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr
container_registry Container Registry protect partial T1610 Deploy Container
Comments
Once this control is deployed, it can scan for known vulnerabilities in containers. This information can be used to detect malicious deployed containers used to evade defenses and execute processes in a target environment. Due to the medium threat detection coverage and temporal factor, the control was scored as partial.
References
  1. https://cloud.google.com/container-registry/docs/container-analysis
  2. https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr
container_registry Container Registry detect partial T1212 Exploitation for Credential Access
Comments
Once this control is deployed, it can detect known vulnerabilities in various OS packages that could be used to escalate privileges and execute adversary-controlled code (e.g., Debian, Ubuntu, Alpine, RHEL, CentOS, National Vulnerability Database). Due to the medium threat detection coverage and temporal factor, the control was scored as partial.
References
  1. https://cloud.google.com/container-registry/docs/container-analysis
  2. https://cloud.google.com/artifact-registry/docs/transition/transition-from-gcr