GCP - Security Post Exploitation
{{#include ../../../banners/hacktricks-training.md}}
Security
For more information check:
{{#ref}}
../gcp-services/gcp-security-enum.md
{{#endref}}
securitycenter.muteconfigs.create
Prevent generation of findings that could detect an attacker by creating a muteconfig:
Create Muteconfig
# Create Muteconfig
gcloud scc muteconfigs create my-mute-config --organization=123 --description="This is a test mute config" --filter="category=\"XSS_SCRIPTING\""
securitycenter.muteconfigs.update
Prevent generation of findings that could detect an attacker by updating a muteconfig:
Update Muteconfig
# Update Muteconfig
gcloud scc muteconfigs update my-test-mute-config --organization=123 --description="This is a test mute config" --filter="category=\"XSS_SCRIPTING\""
securitycenter.findings.bulkMuteUpdate
Mute findings based on a filer:
Bulk mute based on filter
# Mute based on a filter
gcloud scc findings bulk-mute --organization=929851756715 --filter="category=\"XSS_SCRIPTING\""
A muted finding won't appear in the SCC dashboard and reports.
securitycenter.findings.setMute
Mute findings based on source, findings...
Set finding as muted
gcloud scc findings set-mute 789 --organization=organizations/123 --source=456 --mute=MUTED
securitycenter.findings.update
Update a finding to indicate erroneous information:
Update finding state
gcloud scc findings update `myFinding` --organization=123456 --source=5678 --state=INACTIVE
{{#include ../../../banners/hacktricks-training.md}}