access_context_manager_access_level_deletedaccess_context_manager_policy_deletedactivity_dashboard_logs_by_actoractivity_dashboard_logs_by_eventactivity_dashboard_logs_by_projectactivity_dashboard_logs_by_serviceactivity_dashboard_logs_by_source_ipactivity_dashboard_logs_by_typeactivity_dashboard_total_logsapigee_security_action_disabledapp_engine_firewall_ingress_rule_createdapp_engine_firewall_ingress_rule_deletedapp_engine_firewall_ingress_rule_updatedartifact_registry_package_deletedartifact_registry_repository_deletedcloud_run_function_deletedcompute_disk_iam_policy_setcompute_firewall_rule_deletedcompute_image_iam_policy_setcompute_instance_with_public_network_interfacecompute_snapshot_iam_policy_setcompute_subnetwork_flow_logs_disabledcompute_vpn_tunnel_deleteddlp_reidentify_contentdns_managed_zone_deleteddns_managed_zone_updateddns_record_set_deleteddns_record_set_updatediam_organization_policy_updatediam_owner_role_policy_setiam_service_account_access_token_generatediam_service_account_creatediam_service_account_deletediam_service_account_disablediam_service_account_key_creatediam_service_account_key_deletediam_service_account_token_creator_role_assignedlogging_bucket_deletedlogging_sink_deletedmonitoring_alert_policy_deletedmonitoring_metric_descriptor_deletedresource_manager_iam_policy_setsecurity_command_center_notification_config_deletedsql_ssl_certificate_deletedsql_user_deletedstorage_bucket_iam_permission_granted_public_accessstorage_bucket_iam_permission_set
Queries in GCP Audit Log Detections
The GCP Audit Log Detections mod includes 47 queries:
- access_context_manager_access_level_deleted
- access_context_manager_policy_deleted
- activity_dashboard_logs_by_actor
- activity_dashboard_logs_by_event
- activity_dashboard_logs_by_project
- activity_dashboard_logs_by_service
- activity_dashboard_logs_by_source_ip
- activity_dashboard_logs_by_type
- activity_dashboard_total_logs
- apigee_security_action_disabled
- app_engine_firewall_ingress_rule_created
- app_engine_firewall_ingress_rule_deleted
- app_engine_firewall_ingress_rule_updated
- artifact_registry_package_deleted
- artifact_registry_repository_deleted
- cloud_run_function_deleted
- compute_disk_iam_policy_set
- compute_firewall_rule_deleted
- compute_image_iam_policy_set
- compute_instance_with_public_network_interface
- compute_snapshot_iam_policy_set
- compute_subnetwork_flow_logs_disabled
- compute_vpn_tunnel_deleted
- dlp_reidentify_content
- dns_managed_zone_deleted
- dns_managed_zone_updated
- dns_record_set_deleted
- dns_record_set_updated
- iam_organization_policy_updated
- iam_owner_role_policy_set
- iam_service_account_access_token_generated
- iam_service_account_created
- iam_service_account_deleted
- iam_service_account_disabled
- iam_service_account_key_created
- iam_service_account_key_deleted
- iam_service_account_token_creator_role_assigned
- logging_bucket_deleted
- logging_sink_deleted
- monitoring_alert_policy_deleted
- monitoring_metric_descriptor_deleted
- resource_manager_iam_policy_set
- security_command_center_notification_config_deleted
- sql_ssl_certificate_deleted
- sql_user_deleted
- storage_bucket_iam_permission_granted_public_access
- storage_bucket_iam_permission_set