This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 14th: Gemini's generative AI within Google SecOps
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

GCP audit logs search queries on secops SIEM

Posted a month ago
devashishsingh
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi there!

Since my organization's GCP log explorer events are directly ingested to Secops platform, I am trying to look for resource.type="audited_resources" events in secops. However looks like everything changed after parsing and now I am unable to find respective logs on SIEM, does anyone has any experience with this, can help?

Solved Solved
0 1 97
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
cmorris
Staff
Reply posted on --/--/---- --:-- AM

That's a broad query, something like this will get you started, but you'll want to narrow your results further based on what you are looking for.

 

metadata.log_type = "GCP_CLOUDAUDIT"
metadata.product_name = "Google Cloud Platform"

 

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
cmorris
Staff
Reply posted on --/--/---- --:-- AM

That's a broad query, something like this will get you started, but you'll want to narrow your results further based on what you are looking for.

 

metadata.log_type = "GCP_CLOUDAUDIT"
metadata.product_name = "Google Cloud Platform"

 

Jump to Solution
Top Solution Authors
View all