Our SIEM dashboard show lot of GKE assets with IOC type IP addresses mapped to it in the dashboard.
I am trying to find out why these are reported on the Global Threat Map with and how these assets are identified as IOC Matches. Customer is also asking for an explanation if these are threats. Can someone give an overview how to correlate this and understand whats going on?
You can click on an IOC to get details.
If you do think your customer's GKE assets may be compromised they should contact Google Platform Support.
You can click on an IOC to get details.
If you do think your customer's GKE assets may be compromised they should contact Google Platform Support.
@kentphelps Challenge is how do we investigate and confirm if assets are compromised based on IOC Match IPs. If IOC console lists our assets with IOC IPs, do they mean assets are compromised possibly? Trying to connect the dots to find the relationship.
I already contacted Google Support.
Is there any api endpoint using which I can get the list of IOCs which are populated in this dashboard?
@kentphelps
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.