GCP resourcemanager Mappings

Mappings

Loading, please wait
Capability ID
Capability Description
Category
Value
ATT&CK ID
ATT&CK Name
Notes
resourcemanager ResourceManager protectsignificant T1580 Cloud Infrastructure Discovery
Comments
Resource Manager can easily modify your Cloud Identity and Access Management policies for your organization and folders, and the changes will apply across all the projects and resources. Create and manage IAM access control policies for your organization and projects. This control may prevent adversaries that try to discover resources by placing a limit on discovery of these resources with least privilege.
References
resourcemanager ResourceManager detectminimal T1580 Cloud Infrastructure Discovery
Comments
GCP allows configuration of account policies to enable logging and IAM permissions and roles that may detect compromised user attempts to discover infrastructure and resources.
References
resourcemanager ResourceManager protectpartial T1562 Impair Defenses
Comments
An adversary may disable cloud logging capabilities and integrations to limit what data is collected on their activities and avoid detection. GCP allows configuration of account policies to enable logging and IAM permissions and roles to determine your ability to access audit logs data in Google Cloud resources.
References
resourcemanager ResourceManager protectpartial T1562.007 Disable or Modify Cloud Firewall
Comments
This control adopts the security principle of least privilege, which grants necessary access to user's resources when justified and needed. This control manages access control and ensures proper user permissions are in place to prevent adversaries that try to modify and/or disable firewall.
References
resourcemanager ResourceManager detectpartial T1562.007 Disable or Modify Cloud Firewall
Comments
An adversary may disable cloud logging capabilities and integrations to limit what data is collected on their activities and avoid detection. GCP allows configuration of account policies to enable logging and IAM permissions and roles to determine your ability to access audit logs data in Google Cloud resources.
References
resourcemanager ResourceManager protectpartial T1562.008 Disable Cloud Logs
Comments
This control adopts the security principle of least privilege, which grants necessary access to user's resources when justified and needed. This control manages access control and ensures proper user permissions are in place to prevent adversaries that try to modify and/or disable cloud logging capabilities.
References
resourcemanager ResourceManager detectminimal T1087 Account Discovery
Comments
Adversaries may attempt to get a listing of cloud accounts that are created and configured by an organization or admin. IAM audit logging in GCP can be used to determine roles and permissions, along with routinely checking user permissions to ensure only the expected users have the ability to list IAM identities or otherwise discover cloud accounts.
References
resourcemanager ResourceManager protectminimal T1087.004 Cloud Account
Comments
This control may mitigate adversaries that attempt to get a listing of cloud accounts, such as use of calls to cloud APIs that perform account discovery.
References
resourcemanager ResourceManager detectminimal T1087.004 Cloud Account
Comments
Adversaries may attempt to get a listing of cloud accounts that are created and configured by an organization or admin. IAM audit logging in GCP can be used to determine roles and permissions, along with routinely checking user permissions to ensure only the expected users have the ability to list IAM identities or otherwise discover cloud accounts.
References
resourcemanager ResourceManager protectpartial T1613 Container and Resource Discovery
Comments
Google Cloud Platform provides resource containers such as organizations, folders, and projects that allow one to group and hierarchically organize other GCP resources. This control may mitigate by denying direct remote access to internal systems through the use of network proxies, gateways, and firewalls from adversaries that may attempt to discover containers and other resources that are available within a containers environment.
References
Showing 1 to 10 of 17 rows
rows per page