audit-log-examples

GCP Sample Logs

Overview

This is a sample repository of GCP Audit Logs intended to help Operations and Security teams understand the structure and fields of logs for a variety of services. Each log file contains the log event, a brief description of the event, and the Cloud Logging query used to find events of that type.

Sample GCP logs for include logs for:

• Google Workspace / Identity
  • Adding Groupmember
  • User Creation
  • User Login
• Cloud Storage
  • Create Bucket (Admin Activity)
  • Set Bucket IAM Permissions
  • Create Object (Data Write)
  • Get Object (Data Read)
  • List Object (Data Read)
  • Enable/Disable Object Versioning
  • Public Bucket Usage
• Compute Engine
  • Set Instance Metadata
  • Set Instance Project Metadata (1)
  • Set Instance Project Metadata (2)
  • Compute Engine Logging Agent
• Kubernetes Engine
  • Create GKE Cluster (Admin Activity)
  • AuditD Logs
  • View GKE Config (Admin Read)
  • Intranode Visibility (Flow Log)
  • Kubernetes Log
• Network Telemetry
  • Cloud CDN
  • Cloud DNS Record Creation
  • Cloud DNS Query
  • HTTPS Load Balancer
  • Identity Aware Proxy
  • Cloud NAT
  • Firewall
  • VPC Flow
• GCP Organization
  • Org Policy Deny Service Account Creation
  • Org Policy Deny Service Account Key Creation
• Security Command Center
  • Bad Domain Finding
  • Bad IP Finding
  • Cryptocurrency Mining Finding
  • Leaked Credential Finding
  • Outgoing Intrusion Attempt Finding
  • Account Self Investigation Finding
• VPC Service Controls
  • VPC Service Control Violation

Coming Soon:

• Cloud IDS
• and more!