Dashboard: Audit Log Activity Dashboard

This dashboard contains 1 card.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/tailpipe-mod-gcp-audit-log-detections

Start the Powerpipe server:

powerpipe server

Open http://localhost:9033 in your browser and select Audit Log Activity Dashboard dashboard.

You could also snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe dashboard run gcp_audit_log_detections.dashboard.activity_dashboard --share

Queries

This dashboard uses the the following queries:

select
  authentication_info.principal_email as "Actor",
  count(*) as "Logs"
from
  gcp_audit_log
where
  authentication_info.principal_email is not null
group by
  authentication_info.principal_email
order by
  count(*) desc
limit 10;

Dashboard: Audit Log Activity Dashboard

Usage

Queries

Tags