Rule Library
Sigma Rules
3 rules found for "Bryan Lim"
3,707Total
3,116Detection
451Emerging
137Hunting
Detectionmediumtest
GCP Access Policy Deleted
Detects when an access policy that is applied to a GCP cloud resource is deleted. An adversary would be able to remove access policies to gain access to a GCP cloud resource.
Google Cloudgcp.audit
TA0003 · PersistenceTA0004 · Privilege EscalationT1098 · Account Manipulation
Bryan LimFri Jan 12cloud
Detectionmediumtest
GCP Break-glass Container Workload Deployed
Detects the deployment of workloads that are deployed by using the break-glass flag to override Binary Authorization controls.
Google Cloudgcp.audit
TA0004 · Privilege EscalationTA0005 · Defense EvasionT1548 · Abuse Elevation Control Mechanism
Bryan LimFri Jan 12cloud
Detectionmediumtest
Google Workspace Application Access Level Modified
Detects when an access level is changed for a Google workspace application. An access level is part of BeyondCorp Enterprise which is Google Workspace's way of enforcing Zero Trust model. An adversary would be able to remove access levels to gain easier access to Google workspace resources.
Google Cloudgoogle_workspace.admin
TA0003 · PersistenceTA0004 · Privilege EscalationT1098.003 · Additional Cloud Roles
Bryan LimFri Jan 12cloud