This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

SCC detection of commands on OS level

Posted on 07-24-2024 02:41 PM
nc2
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Is SCC able to detect remote commands / commands on an OS on a kernel level.

Solved Solved
0 1 348
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
andras
Staff
Reply posted on --/--/---- --:-- AM

SCC does have a feature which can possibly cover some but possibly not the 100% of this use case. 

Virtual Machine Threat Detection, a built-in service of Security Command Center Premium and Enterprise, provides threat detection through hypervisor-level instrumentation and persistent disk analysis. VM Threat Detection detects potentially malicious applications, such as cryptocurrency mining software, kernel-mode rootkits, and malware running in compromised cloud environments.

For malware detection VM Threat Detection takes short-lived clones of your VM's persistent disk, without disrupting your workloads, and scans the disk clones. This service analyzes executable files on the VM to determine whether any files match known malware signatures. The generated finding contains information about the file and the malware signatures detected.

For memory scanning, VM Threat Detection scans each VM instance immediately after the instance is created. In addition, VM Threat Detection scans each VM instance every 30 minutes.

If you need more than this for use cases then you would need to consider some additional tools on the host OS to gather relevant logs.

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
andras
Staff
Reply posted on --/--/---- --:-- AM

SCC does have a feature which can possibly cover some but possibly not the 100% of this use case. 

Virtual Machine Threat Detection, a built-in service of Security Command Center Premium and Enterprise, provides threat detection through hypervisor-level instrumentation and persistent disk analysis. VM Threat Detection detects potentially malicious applications, such as cryptocurrency mining software, kernel-mode rootkits, and malware running in compromised cloud environments.

For malware detection VM Threat Detection takes short-lived clones of your VM's persistent disk, without disrupting your workloads, and scans the disk clones. This service analyzes executable files on the VM to determine whether any files match known malware signatures. The generated finding contains information about the file and the malware signatures detected.

For memory scanning, VM Threat Detection scans each VM instance immediately after the instance is created. In addition, VM Threat Detection scans each VM instance every 30 minutes.

If you need more than this for use cases then you would need to consider some additional tools on the host OS to gather relevant logs.

Jump to Solution
Top Solution Authors
View all