This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

UDM event for Storage.Object events

Posted on 10-26-2023 05:38 AM
Kalia-66
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hey folks!!

For GCP audit logs does anyone know if there are any udm event for storage.object.get or storage.object.delete? I am unable to find any information on it. I can locate the events by querying Udm.metadata.product_event_type = “storage.buckets.delete”

 

Solved Solved
0 2 447
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
deeshu
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

get might come under event type - USER_RESOURCE_ACCESS, and delete under RESOURCE_WRITTEN. Or you can explore further under target.resource.resource_type=STORAGE_BUCKET

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
phaubertin
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi, have you to search storage.buckets.delete in the raw log. Also, pick the the log source GCP audit log, it will reduce the load. Searching in raw log will search for that keyword. Other thing would be to look in your GCP tenant . 

Jump to Solution

Posted on --/--/---- --:-- AM
deeshu
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

get might come under event type - USER_RESOURCE_ACCESS, and delete under RESOURCE_WRITTEN. Or you can explore further under target.resource.resource_type=STORAGE_BUCKET

Jump to Solution
Top Solution Authors
View all